On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The SEC fines tech firms for downplaying the Solarwinds hacks
• Anonymous Sudan still looks and quacks like a Russian duck
• Apple proposes max 10 day TLS certificate life
• Oopsie! Microsoft loses a bunch of cloud logs
• Veeam and Fortinet are bad and should feel bad
• North Koreans are good (at hacking)
• And much, much more.

This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish.

Show notes:

Four cyber companies fined for SolarWinds disclosure failures https://therecord.media/sec-fines-companies-solarwinds-disclosures

Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals | WIRED https://www.wired.com/story/anonymous-sudan-ddos-indictment-takedown/

The Feds secretly disrupted Anonymous Sudan back in March https://news.risky.biz/risky-biz-news-the-feds-secretly-disrupted-anonymous-sudan-back-in-march/

Microsoft confirms partial loss of security log data on multiple platforms | Cybersecurity Dive https://www.cybersecuritydive.com/news/microsoft-loss-security-log-data/730285/

Apple wants to reduce lifespan of TLS certificates to only 10 days https://news.risky.biz/p/50d1d4f5-162e-4283-bd2d-b69927d0297a/

Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police https://www.404media.co/encrypted-chat-app-session-leaves-australia-after-visit-from-police-2/

Crypto platform Radiant Capital says $50 million in digital coins stolen following account compromises https://therecord.media/crypto-platform-radiant-capital-50-million-stolen

North Korean hackers use newly discovered Linux malware to raid ATMs - Ars Technica https://arstechnica.com/security/2024/10/north-korean-hackers-use-newly-discovered-linux-malware-to-raid-atms/

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Krebs on Security https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/

Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked - Ars Technica https://arstechnica.com/security/2024/10/how-alleged-sim-swap-and-hacked-x-account-drove-up-price-of-bitcoin-by-1k/

Critical Veeam CVE actively exploited in ransomware attacks | Cybersecurity Dive https://www.cybersecuritydive.com/news/veeam-critical-cve-exploits-ransomware/730570/

FortiGate admins report active exploitation 0-day. Vendor isn’t talking. - Ars Technica https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/

Hackers reportedly impersonate cyber firm ESET to target organizations in Israel https://therecord.media/hackers-impersonate-eset-wiper-malware

The latest in North Korea’s fake IT worker scheme: Extorting the employers https://therecord.media/north-korean-fake-it-workers-extorting-employers