Risky Business #731 -- SEC Twitter hack moves Bitcoin price

PLUS: Kaspersky admires Triangulation hackers' fine work
10 Jan 2024 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • SEC Twitter account hack moves bitcoin price
  • Kaspersky admires Triangulation hackers’ fine work
  • Telcos hacked all over
  • Israel hacks Iranian gasoline pumps again
  • Iran up in Albania, Sudan, Egypt and Tanzania
  • and much, much more…

This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!”

Show notes

U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X
Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica
4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica
Spyware attack chain used previously unknown iPhone hardware feature, report says
"Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl
Russian hackers infiltrated Ukrainian telecom giant months before cyberattack
Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war
Pro-Ukraine hackers claim breach of Russian internet provider
Ukraine says Russia hacked web cameras to spy on targets in Kyiv
Optus outage: Banks, telcos to be quizzed at Senate hearing
A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica
Albanian parliament, telecom company hit by cyberattacks
Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider
Iran confirms nationwide cyberattack on gas stations
Hackers disrupt Beirut airport with anti-Hezbollah message
Telecom organizations in Africa targeted by Iran-linked hackers
Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta
AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica
BreachForums administrator detained after violating parole
Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay
Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation
Toronto Zoo says it remains open after ransomware attack
Central Bank of Lesotho facing outages after cyberattack
Kansas City-area hospital transfers patients, reschedules appointments after cyberattack
Cyberattack on Massachusetts hospital disrupted records system, emergency services
LockBit claims November attack on New Jersey hospital that disrupted patient care
First American becomes latest real estate industry giant hit with cyberattack
Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica
US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters
SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica
LastPass enforces 12-character master password lengths | Cybersecurity Dive
FTC soliciting contest submissions to help tackle voice cloning technology
Biden signs short-term FISA extension before year-end deadline
Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange
Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica