Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why Twitter had to kill SMS 2FA
• A look at Meta’s new verification service
• How a ransomware attack disrupted the semiconductor supply chain
• Why Anonymous Sudan is probably a Russian info op
• Microsoft mixes up public and private keys in Azure B2C (for real)
• Much, much more

This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• How to Protect Yourself From Twitter’s 2FA Crackdown | WIRED
• Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS | Commsrisk
• Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’ | WIRED
• Elon Musk on Twitter: "@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages" / Twitter
• rat king ???? on Twitter: "as twitter goes through diff versions of what it’s subscription service looks like, meta rolls out its own verified program… https://t.co/BPNILEFGZ0" / Twitter
• WA wedding photographer’s fury as Instagram account deactivated | news.com.au — Australia’s leading news site
• Semiconductor industry giant says ransomware attack on supplier will cost it $250 million - The Record from Recorded Future News
• State of emergency as City of Oakland grapples with ransomware attack - The Record from Recorded Future News
• Irish TV broadcaster says attempted hack will affect programming - The Record from Recorded Future News
• Revealed: the US adviser who tried to swing Nigeria’s 2015 election | Cambridge Analytica | The Guardian
• Political aides hacked by ‘Team Jorge’ in run-up to Kenyan election | World news | The Guardian
• Fox News stars and staffers privately blasted election fraud claims as bogus, court filing shows
• google_fog_of_war_research_report.pdf
• Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine | CyberScoop
• Scandinavian Airlines hit by cyberattack, 'Anonymous Sudan' claims responsibility - The Record from Recorded Future News
• Azure B2C Crypto Misuse and Account Compromise - Praetorian
• GoDaddy: Hackers stole source code, installed malware in multi-year breach
• WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks - SentinelOne
• Hyundai, Kia to provide anti-theft software updates following viral TikTok challenge - The Record from Recorded Future News
• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica
• Latest attack on PyPI users shows crooks are only getting better | Ars Technica
• Belgium launches nationwide safe harbor for ethical hackers | The Daily Swig
• Tor Project Moves Away from Infrastructure Ran by Internet Monitoring Firm
• Bank accounts overdrawn, missing and suspended without warning, bank won't talk to me : LegalAdviceUK