On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• SEC Twitter account hack moves bitcoin price


• Kaspersky admires Triangulation hackers’ fine work


• Telcos hacked all over


• Israel hacks Iranian gasoline pumps again


• Iran up in Albania, Sudan, Egypt and Tanzania


• and much, much more…

This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!”

Show notes

• U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X



• Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica



• 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica



• Spyware attack chain used previously unknown iPhone hardware feature, report says



• "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl



• Russian hackers infiltrated Ukrainian telecom giant months before cyberattack



• Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war



• Pro-Ukraine hackers claim breach of Russian internet provider



• Ukraine says Russia hacked web cameras to spy on targets in Kyiv



• Optus outage: Banks, telcos to be quizzed at Senate hearing



• A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica



• Albanian parliament, telecom company hit by cyberattacks



• Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider



• Iran confirms nationwide cyberattack on gas stations



• Hackers disrupt Beirut airport with anti-Hezbollah message



• Telecom organizations in Africa targeted by Iran-linked hackers



• Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta



• AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica



• BreachForums administrator detained after violating parole



• Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay



• Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation



• Toronto Zoo says it remains open after ransomware attack



• Central Bank of Lesotho facing outages after cyberattack



• Kansas City-area hospital transfers patients, reschedules appointments after cyberattack



• Cyberattack on Massachusetts hospital disrupted records system, emergency services



• LockBit claims November attack on New Jersey hospital that disrupted patient care



• First American becomes latest real estate industry giant hit with cyberattack



• Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica



• US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters



• SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica



• LastPass enforces 12-character master password lengths | Cybersecurity Dive



• FTC soliciting contest submissions to help tackle voice cloning technology



• Biden signs short-term FISA extension before year-end deadline



• Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange



• Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica