🚨 BREAKING: Wiz Research identifies critical risks in #AI-as-a-service 🚨 Dive into Crying Out Cloud's latest episode, featuring a very special guest, Shir Tamari, head of the research team at Wiz. This episode sheds light on the security challenges that come with the rapid integration of AI technologies. Highlights include: 🚀 Exploring the rapid integration of AI and its associated security risks, identified by Wiz Research in collaboration with Hugging Face. 🛡️ Exposing two significant...

The backdoor in XZ Utils is shaking the industry 🔔 How could we not talk about it? Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack! In this episode: 🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected...

🎙️ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode! Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥: 👾 Open-source repos flooded by malicious code. 💻 What is to become of the National Vulnerability Database? ⛓️ Proof of bandwidth cryptojacking 🛠️ Critical vulnerabilities discovered in popular CI/CD tool Links:   https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/  ...

The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out! Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry: 🔑 Learn about Sam's journey into security research 🛠️ Favorite tools and underrated platforms 🤖 The trustworthiness implications of AI-driven technologies in transportation. 🔒 Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and...

Loading from the Cloud... Season 2 of "CRYING OUT CLOUD" is here! Join our hosts, Eden and Amitai, as they dive into the latest cloud stories that we can't wait to share with you Here's a sneak peek into the season's opening: 🚗 Mercedes-Benz Source Code Exposure: A public GitHub Repo was exposed - allowing unauthorized access to the company's internal servers, including AWS and Azure subscriptions. The credentials remained publicly accessible for 3-4 months. 😱 🌨️ Midnight Blizzard...

🛡️ Join Eden Naftali & Amitai Cohen's exclusive interview with Yinon Costica, as he brings unparalleled expertise to the table. From his beginnings in Israel's 8200 intelligence unit, through Adallom, which was acquired by Microsoft, to co-founding Wiz

🎙️ NEW SPECIAL PODCAST EPISODE WITH @CHRIS HUGHES! 🎙️ Here's a sneak peek into our chat: 🛡️ Join Chris, Amitai, and Eden as they unveil intriguing security nuances between public and private sectors. Gain exclusive insights into FedRAMP, straight from Chris's expertise, and his take on the implications of President Biden's AI order for the cybersecurity landscape. 🌐 How exactly does SBOM adoption act as a shield against supply chain breaches? What other strategies can fortify against such...

🎙️ NEW PODCAST EPISODE ALERT! Eden and Amitai are back with another wild ride through the cloudy skies on "Crying Out Cloud"! Here's the scoop for today's adventure: 01:36 - Okta Support System Compromise: 🕵️‍♂️ We unravel the mystery surrounding an unknown threat actor's access to Okta's customer support system. What's an HAR file, and why should you care? 06:30 - Azure CLI Credential Leak (CVE-2023-36052): 💻 Get the lowdown on Microsoft's Azure CLI vulnerability and how this leak...

In our new Crying Out Cloud podcast episode, we're joined by the LEGENDARY Valentina Palmiotti, the one and only Chompie 🚀 ✨ In this episode, you'll find: 1. The surprising story behind her hacker alias - "Chompie," 🕵️‍♀️ 2. Valentina's insights from her Blackhat presentation, where she challenges security boundaries with kernel post-exploitation techniques 🤯 3. A peek into her day-to-day at IBM X-Force, from research to code auditing and vulnerability analysis 💼 And more!

More info here: https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers

fwd:cloudsec event highlights podcast special - Featuring our special wizard guest Scott Piper, who is also the co-founder of fwd:cloudsec! A non-profit conference on cloud security that discusses all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and more! fwd:cloudsec 2023 videos: https://www.youtube.com/playlist?list=PLCPCP1pNWD7MR1SwekwbZls9TGzqo_LHx

👀 Here's a sneak peek at today’s episode:  🔒 Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.   🤖 Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful...

🍿🤏 Everything you need to know about this month's cloud security drama in the latest "Crying Out Cloud" episode! In this edition, we explore THREE captivating stories 📚🔍 1️⃣ "GameOverlay" unveiled: Ubuntu's privilege escalation vulnerabilities 😱 — Wiz Research uncovered a pair of vulnerabilities that's affecting 40% of Ubuntu cloud machines! We've got the scoop on what you must know. 2️⃣ Unmasking "P2PInfect": The botnet targeting Redis! 🤖 — Ever wondered how a botnet hijacks your exposed...

🔥 SPECIAL EPISODE ALERT 🔥 @Corey Quinn Joins the Party — in this week's incredible episode of "Crying Out Cloud" 🥳 Meet our remarkable hosts: ✨ @Eden, the tech-savvy wizard from the CTO Team at Wiz ✨ @Amitai, our expert from the Threat Research Team at Wiz And for this special occasion, we're rolling out the red carpet for: 🎊 COREY QUINN! 🎊 Chief Cloud Economist at The Duckbill Group, the mastermind behind Last Week in AWS, and the charismatic host of the Screaming in the Cloud podcast....

Popcorn ready? 🍿 Ep. 6 of "Crying Out Cloud" is now LIVE — and it's a thriller! 🤯 1:42 📬 Chinese Hackers Steal US Gov Emails 12:53 🧨 Silent Bob & the Team TNT Comeback 18:41 🇷🇺 Russian Hackers Exploit Office Zero Day 26:10 🐍 Footloose's 2023 Object-Oriented Sequel: PyLoose Important links: https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a...

Join your favorite hosts, @Eden and @Amitai, on the latest "Crying Out Cloud" rollercoaster 🎢 Spoiler Alert: We've got @Scott Piper, the cloud security guru, joining the conversation too! His insights are amazing, so we've reserved a special upcoming episode just for him 😎 On today's journey, we are: 1️⃣ Peeling back the layers of MOVEit Transfer 0day vulnerabilities 🕵️ 2️⃣ Breaking down CVSSv4💥 3️⃣ Sharing insider takeaways from fwd:cloudsec 2023 (FOMO, anyone?).🔮 4️⃣ Getting real about the...

Join our lively hosts, Eden and Amitai, as they explore the most fascinating cloud security news of the month. On this episode: 🧃🔗 More juice on 3CX supply chain attack ✂️💔 PaperCut vulnerabilities 📦🔓 Capita exposed a bucket with sensitive data for 7 years 🚗☁️ Toyota cloud misconfiguration leaked customer data for 10 years 🚢🔄 Trend of hijacking containers for traffic routing   Important links: 1.  ...

For crying out #cloud! Episode 3 of our cloud security podcast is live and you haven't tuned in yet?   Hot off the cloud servers! ☁️📰🎙️ 🔎 The #BingBang misconfiguration on Microsoft Bing search engine 🕵️ North Korean supply-chain attack targets crypto companies 🌩️ Iranian cloud destruction operation is making headlines 💻 QueueJumper: The Windows vulnerability disclosed last Patch Tuesday Eden and Amitai on the mic🎤 With special guest Ami Luttwak, Wiz Co-Founder and CTO!...

🎉🎙️ Hold on to your headphones! The newest episode of the "Crying Out Cloud" podcast is here, and it's an absolute rollercoaster 🎢 Join our charismatic hosts, Eden and Amitai, as they uncover the most captivating cloud security news of the month. In this action-packed episode: 🕵️‍♂️ Mysterious redirections to adult websites in East Asia 🎣 Crafty hackers using fake Google ads for credential theft 🦪 Don't panic, stay clam: The ClamAV vulnerability 🕹️ Gaming industry under fire: Minecraft...

Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure.