Navigating Cybersecurity Incident Disclosure and SEC Compliance

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Weather forecast in Redmond is still for blizzards at midnight
• Maybe Change Healthcare wasn’t just crying nation-state wolf
• Hackers abuse e-prescription systems to sell drugs
• CISA goes above and beyond to relate to its constituency by getting its Ivantis owned
• VMware drinks from the Tianfu Cup
• Much, much more

This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director.

John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing.

Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t.

Show notes

• Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head
• Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security
• BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security
• Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive
• LockBit takes credit for February shutdown of South African pension fund
• Ransomware gang claims to have made $3.4 million after attacking children’s hospital
• Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X
• Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X
• How Hackers Dox Doctors to Order Mountains of Oxy and Adderall
• CISA forced to take two systems offline last month after Ivanti compromise
• VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica
• A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security
• Brief of Amici Curiae Former Government Officials
• Securities and Exchange Commission v Solarwinds Corp