Risky Business

Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

Dec 18, 2024

Robby Winchester from SpecterOps, a leading cybersecurity firm renowned for its penetration testing expertise, joins the discussion. He shares insights on the evolution of penetration testing, highlighting the growing importance of identity-centric approaches. The conversation also dives into the recent resurgence of the Cl0p ransomware crew and their alarming hacks. The hosts critique the SEC's uninspiring cyber incident reporting rule and examine the implications of vulnerabilities within Java enterprise software, emphasizing the pressing challenges in today's cybersecurity landscape.

01:01:06

Creator website

Episode guests

Robby Winchester

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The SEC's cyber incident reporting rule has disappointed expectations, resulting in only 71 filings over 11 months with minimal impact reported.

Penetration testing has evolved towards an identity-centric approach, focusing more on understanding risk in complex cloud environments than merely proving access.

CLOP ransomware's resurgence illustrates persistent threats in cybersecurity, with the group exploiting vulnerabilities to conduct extensive data theft and adapt quickly.

Deep dives

Launch of the New Website

The podcast discusses the launch of a new website for Risky Business, which consolidates various forms of content including written articles, podcasts, and videos. This marks a significant upgrade from an outdated and inefficient content management system that had been in use for many years. The new site, designed by Dave Snellgrove, enhances user experience by providing access to all content in one place. The transition reflects the team’s commitment to improving the platform for their audience.

Intro

2min

Cybersecurity Challenges and Accountability

14min

Ransomware, Vulnerabilities, and Cybersecurity Challenges

11min

Cybersecurity Crisis in Japan

17min

Reflections on a Year of Change in Cybersecurity Practices

2min

Navigating Cloud Identity and Access Risks

12min

Navigating Cloud Security Challenges and Upcoming Conferences

3min

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

The SEC’s cyber incident reporting isn’t very exciting after all
China Telecom on the way to being thrown out of the US
The NSA/Cybercom might get two separate hats
The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks
(Yet another) File upload bug in Struts makes Java admins weep
And much, much more.

This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they’re not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps’ Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing.

This episode is also available Youtube.

Show notes

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Risky Business

Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Launch of the New Website

SEC Cyber Incident Reporting Rule Update

Pen Testing Industry Evolution

Australia's Increasing Cybersecurity Challenges

CLOP Ransomware Activities

Show notes

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Risky Business

Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Launch of the New Website

SEC Cyber Incident Reporting Rule Update

Pen Testing Industry Evolution

Australia's Increasing Cybersecurity Challenges

CLOP Ransomware Activities

Show notes

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights