🎙️ Tune in to the latest #CryingOutCloud episode featuring Tanya Janca, where we dive into all things cloud! Join Eden and Amitai as they welcome Tanya Janca, founder of 'We Hack Purple', and the author of 'Alice and Bob Learn Application Security'. She's seen it all—from launching AppSec programs to teaching secure coding and leading on education at Semgrep. In this episode: 🌐 Building security programs from scratch 🔍 The value of static analysis tools for developers 🇨🇦 The Canadian...

🎙️ Ready for the latest on Hybrid Cloud Attacks, Linux Malware, and LLMJacking? Join our hosts Eden Koby Naftali and Amitai Cohen in our NEW #CryingOutCloud episode. In this episode: 📌 The perfctl malware campaign—stealthily mining crypto on thousands of Linux machines undetected for years 📌 Storm-0501 hybrid cloud attacks, targeting everything from hospitals to law enforcement, with ransomware and stolen admin credentials 📌 LLMJacking—the latest evolution in malicious cloud access,...

🎙️ Catch the latest episode of #CryingOutCloud, where Amitai Cohen and Eden Koby Naftali tackle key cloud security challenges from AI Toolkit Risks to CUPS Vulnerabilities! Tune in to hear about: 📌 Wiz Research discovered a vulnerability affecting the Nvidia container toolkit 📌 Google's novel Info Stealers Mitigations 📌 All the talk around the CUPS vulnerabilities 📌 How to leverage Atomic Cloud IOCs [And so much more...]

📢 Tune in for the special episode of Crying Out Cloud with  @Gitlab 's Julie Davila! 🚀 Join our Co-host Eden Koby Naftali and the cybersecurity leader Julie Davila, VP of Product Security at GitLab as they dive into: 📌 Balancing transparency in open-source tooling with security risks. 📌 Democratizing security: How GitLab empowers engineers to take ownership of security without disrupting their workflow. 📌 Plus, insights into empowering women in cloud security and why diverse...

📢 From DDoS attacks to discovering a new cryptojacking campaign, tune in to our NEW episode of #CryingOutCloud to learn about all the latest cloud security news. Join our hosts Eden and Amitai as they dive into the latest cloud security stories: * SeleniumGreed: Wiz Research discovered a new cryptojacking campaign targeting SeleniumGrid * Why your Starbucks app went down? * Internet chaos and lessons learned from DigiCert revoked certificates. * ESXi ransomware: The danger of trusting by name.

📢 Tune in for an exclusive session with Ryan Kazanciyan on securing a security vendor, hyper-growth, and AI impact in the latest podcast episode of #CryingOutCloud! Join our hosts, Amitai Cohen and Eden Koby Naftali, as they dive into cloud security with Ryan Kazanciyan, our seasoned expert leading security at @Wiz. 🔍 Episode Highlights: 📌 Managing security during hyper growth: challenges and lessons learned. 📌 Ryan's experiences at Mandiant and the impact of the APT1 investigation on his...

📢 Tune in to our special episode with Hillai Ben-Sasson with all you need to know about #SAPwned. TL;DR - The Wiz Research Team uncovered serious vulnerabilities in SAP AI Core, revealing potential risks in #AI infrastructure.

📢 Tune in to Snowflake's Haider Dost for an exclusive session on Securing Databases, Cloud Threat Intelligence, and Detection strategies. The latest podcast episode of #CryingOutCloud is LIVE! Join our special hosts, @Alon Schindel and @Eden, as they dive deep into the world of cloud security with Haider Dost, Head of Global Threat Detection and Threat Intelligence at Snowflake. 🔍 Episode Highlights: 📌 Recent campaign targeting Snowflake customers. 📌 Discussion on the new mandatory MFA...

📢 From data privacy norms in the age of AI — tune in to the latest episode of #CryingOutCloud with all you need to know from the cloud security news 🚨 Join Eden Naftali and Amitai Cohen as they dive into: 🔍 How a new AI processing cloud service is challenging data privacy norms. 🛡️ The implications of a potential firewall misconfiguration and how to secure your environment. 🔐 The latest ransomware attacks on GitHub repositories and how to safeguard your data. ⚠️ A new discovery by...

💥 EXCLUSIVE: Wiz Research uncovers CVE-2024-37032, aka #Probllama — a vulnerability in Ollama that that left thousands of #AI models exposed 😲  

What is it like to be IBM's 'Chief Llama Officer'? 🦙 🎙️ Tune in as Jerry Bell shares his journey from crashing his first computer at 10 to leading IBM's Public Cloud Security What's on today's agenda? 😲 Managing a popular 'Mastodon' server post-Twitter acquisition 🛡️ Challenges and surprises as IBM's CISO 🔐 Insights on the security implications of M&A

🎙️ All that's 🔥 in the cloud: From logging and cloud attacks to NVD backlog updates. what's on today's agenda? 1️⃣ Discover how logging bypass made password-spray attacks undetectable. 2️⃣ Learn about the latest way attackers are monetizing cloud access - by selling access to other people's AI models. 3️⃣ NVD's ongoing backlog - Hear about how the industry is dealing with it.

Our latest episode of Crying out cloud features none other than Kat Traxler, a seasoned security professional renowned for her expertise in cloud research.🚀 Here's a sneak peek at what we'll cover: 🔍 Threat modeling: Kat's practical insights 🔧 "DeRF": Kat's revolutionary tool and how it can help cloud security practitioners 💡 Dispelling myths about cloud security and how it challenges the OSI model 🔬 Future research directions in cloud security & Kat's latest projects in the field

🚨 BREAKING: Wiz Research identifies critical risks in #AI-as-a-service 🚨 Dive into Crying Out Cloud's latest episode, featuring a very special guest, Shir Tamari, head of the research team at Wiz. This episode sheds light on the security challenges that come with the rapid integration of AI technologies. Highlights include: 🚀 Exploring the rapid integration of AI and its associated security risks, identified by Wiz Research in collaboration with Hugging Face. 🛡️ Exposing two significant...

The backdoor in XZ Utils is shaking the industry 🔔 How could we not talk about it? Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack! In this episode: 🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected...

🎙️ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode! Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥: 👾 Open-source repos flooded by malicious code. 💻 What is to become of the National Vulnerability Database? ⛓️ Proof of bandwidth cryptojacking 🛠️ Critical vulnerabilities discovered in popular CI/CD tool Links:   https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/  ...

The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out! Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry: 🔑 Learn about Sam's journey into security research 🛠️ Favorite tools and underrated platforms 🤖 The trustworthiness implications of AI-driven technologies in transportation. 🔒 Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and...

Loading from the Cloud... Season 2 of "CRYING OUT CLOUD" is here! Join our hosts, Eden and Amitai, as they dive into the latest cloud stories that we can't wait to share with you Here's a sneak peek into the season's opening: 🚗 Mercedes-Benz Source Code Exposure: A public GitHub Repo was exposed - allowing unauthorized access to the company's internal servers, including AWS and Azure subscriptions. The credentials remained publicly accessible for 3-4 months. 😱 🌨️ Midnight Blizzard...

🛡️ Join Eden Naftali & Amitai Cohen's exclusive interview with Yinon Costica, as he brings unparalleled expertise to the table. From his beginnings in Israel's 8200 intelligence unit, through Adallom, which was acquired by Microsoft, to co-founding Wiz

🎙️ NEW SPECIAL PODCAST EPISODE WITH @CHRIS HUGHES! 🎙️ Here's a sneak peek into our chat: 🛡️ Join Chris, Amitai, and Eden as they unveil intriguing security nuances between public and private sectors. Gain exclusive insights into FedRAMP, straight from Chris's expertise, and his take on the implications of President Biden's AI order for the cybersecurity landscape. 🌐 How exactly does SBOM adoption act as a shield against supply chain breaches? What other strategies can fortify against such...

🎙️ NEW PODCAST EPISODE ALERT! Eden and Amitai are back with another wild ride through the cloudy skies on "Crying Out Cloud"! Here's the scoop for today's adventure: 01:36 - Okta Support System Compromise: 🕵️‍♂️ We unravel the mystery surrounding an unknown threat actor's access to Okta's customer support system. What's an HAR file, and why should you care? 06:30 - Azure CLI Credential Leak (CVE-2023-36052): 💻 Get the lowdown on Microsoft's Azure CLI vulnerability and how this leak...

In our new Crying Out Cloud podcast episode, we're joined by the LEGENDARY Valentina Palmiotti, the one and only Chompie 🚀 ✨ In this episode, you'll find: 1. The surprising story behind her hacker alias - "Chompie," 🕵️‍♀️ 2. Valentina's insights from her Blackhat presentation, where she challenges security boundaries with kernel post-exploitation techniques 🤯 3. A peek into her day-to-day at IBM X-Force, from research to code auditing and vulnerability analysis 💼 And more!

More info here: https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers

fwd:cloudsec event highlights podcast special - Featuring our special wizard guest Scott Piper, who is also the co-founder of fwd:cloudsec! A non-profit conference on cloud security that discusses all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and more! fwd:cloudsec 2023 videos: https://www.youtube.com/playlist?list=PLCPCP1pNWD7MR1SwekwbZls9TGzqo_LHx