On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
* SEC Twitter account hack moves bitcoin price
* Kaspersky admires Triangulation hackers’ fine work
* Telcos hacked all over
* Israel hacks Iranian gasoline pumps again
* Iran up in Albania, Sudan, Egypt and Tanzania
* and much, much more…

This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!”






Show notes




U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X

Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica

4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica

Spyware attack chain used previously unknown iPhone hardware feature, report says

"Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl

Russian hackers infiltrated Ukrainian telecom giant months before cyberattack

Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war

Pro-Ukraine hackers claim breach of Russian internet provider

Ukraine says Russia hacked web cameras to spy on targets in Kyiv

Optus outage: Banks, telcos to be quizzed at Senate hearing

A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica

Albanian parliament, telecom company hit by cyberattacks

Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider

Iran confirms nationwide cyberattack on gas stations

Hackers disrupt Beirut airport with anti-Hezbollah message

Telecom organizations in Africa targeted by Iran-linked hackers

Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica

BreachForums administrator detained after violating parole

Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay

Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation

Toronto Zoo says it remains open after ransomware attack

Central Bank of Lesotho facing outages after cyberattack

Kansas City-area hospital transfers patients, reschedules appointments after cyberattack

Cyberattack on Massachusetts hospital disrupted records system, emergency services

LockBit claims November attack on New Jersey hospital that disrupted patient care

First American becomes latest real estate industry giant hit with cyberattack

Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica

US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters

SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica

LastPass enforces 12-character master password lengths | Cybersecurity Dive

FTC soliciting contest submissions to help tackle voice cloning technology

Biden signs short-term FISA extension before year-end deadline

Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange

Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica