Episodes
๐จ BREAKING: Wiz Research identifies critical risks in #AI-as-a-service ๐จ
Dive into Crying Out Cloud's latest episode, featuring a very special guest, Shir Tamari, head of the research team at Wiz. This episode sheds light on the security challenges that come with the rapid integration of AI technologies. Highlights include:
๐ Exploring the rapid integration of AI and its associated security risks, identified by Wiz Research in collaboration with Hugging Face.
๐ก๏ธ Exposing two significant...
Published 04/04/24
The backdoor in XZ Utils is shaking the industry ๐
How could we not talk about it?
Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack!
In this episode:
๐ The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1
๐ The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected...
Published 03/31/24
๐๏ธ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode!
Join Eden Naftali and Amitai Cohen as they explore what is new and ๐ฅ:
๐พ Open-source repos flooded by malicious code.
๐ป What is to become of the National Vulnerability Database?
โ๏ธ Proof of bandwidth cryptojacking
๐ ๏ธ Critical vulnerabilities discovered in popular CI/CD tool
Links:ย ย
https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ย
...
Published 03/26/24
The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out!
Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry:
๐ Learn about Sam's journey into security research
๐ ๏ธ Favorite tools and underrated platforms
๐ค The trustworthiness implications of AI-driven technologies in transportation.
๐ Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and...
Published 03/20/24
Loading from the Cloud...
Season 2 of "CRYING OUT CLOUD" is here!
Join our hosts, Eden and Amitai, as they dive into the latest cloud stories that we can't wait to share with you
Here's a sneak peek into the season's opening:
๐ Mercedes-Benz Source Code Exposure:
A public GitHub Repo was exposed - allowing unauthorized access to the company's internal servers, including AWS and Azure subscriptions. The credentials remained publicly accessible for 3-4 months. ๐ฑ
๐จ๏ธ Midnight Blizzard...
Published 02/22/24
๐ก๏ธ Join Eden Naftali & Amitai Cohen's exclusive interview with Yinon Costica, as he brings unparalleled expertise to the table. From his beginnings in Israel's 8200 intelligence unit, through Adallom, which was acquired by Microsoft, to co-founding Wiz
Published 12/21/23
๐๏ธ NEW SPECIAL PODCAST EPISODE WITH @CHRIS HUGHES! ๐๏ธ
Here's a sneak peek into our chat:
๐ก๏ธ Join Chris, Amitai, and Eden as they unveil intriguing security nuances between public and private sectors. Gain exclusive insights into FedRAMP, straight from Chris's expertise, and his take on the implications of President Biden's AI order for the cybersecurity landscape.
๐ How exactly does SBOM adoption act as a shield against supply chain breaches? What other strategies can fortify against such...
Published 12/10/23
๐๏ธ NEW PODCAST EPISODE ALERT!
Eden and Amitai are back with another wild ride through the cloudy skies on "Crying Out Cloud"!
Here's the scoop for today's adventure:
01:36 - Okta Support System Compromise: ๐ต๏ธโโ๏ธ
We unravel the mystery surrounding an unknown threat actor's access to Okta's customer support system. What's an HAR file, and why should you care?
06:30 - Azure CLI Credential Leak (CVE-2023-36052): ๐ป
Get the lowdown on Microsoft's Azure CLI vulnerability and how this leak...
Published 11/30/23
In our new Crying Out Cloud podcast episode, we're joined by the LEGENDARY Valentina Palmiotti, the one and only Chompie ๐
โจ In this episode, you'll find:
1. The surprising story behind her hacker alias - "Chompie," ๐ต๏ธโโ๏ธ
2. Valentina's insights from her Blackhat presentation, where she challenges security boundaries with kernel post-exploitation techniques ๐คฏ
3. A peek into her day-to-day at IBM X-Force, from research to code auditing and vulnerability analysis ๐ผ
And more!
Published 10/19/23
More info here:
https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
Published 09/21/23
fwd:cloudsec event highlights podcast special - Featuring our special wizard guest Scott Piper, who is also the co-founder of fwd:cloudsec! A non-profit conference on cloud security that discusses all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and more!
fwd:cloudsec 2023 videos:
https://www.youtube.com/playlist?list=PLCPCP1pNWD7MR1SwekwbZls9TGzqo_LHx
Published 09/19/23
๐ Here's a sneak peek at todayโs episode:ย
๐ Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.ย ย
๐ค Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful...
Published 09/14/23
๐ฟ๐ค Everything you need to know about this month's cloud security drama in the latest "Crying Out Cloud" episode!
In this edition, we explore THREE captivating stories ๐๐
1๏ธโฃ "GameOverlay" unveiled: Ubuntu's privilege escalation vulnerabilities ๐ฑ โ Wiz Research uncovered a pair of vulnerabilities that's affecting 40% of Ubuntu cloud machines! We've got the scoop on what you must know.
2๏ธโฃ Unmasking "P2PInfect": The botnet targeting Redis! ๐ค โ Ever wondered how a botnet hijacks your exposed...
Published 08/30/23
๐ฅ SPECIAL EPISODE ALERT ๐ฅ
@Corey Quinn Joins the Party โ in this week's incredible episode of "Crying Out Cloud" ๐ฅณ
Meet our remarkable hosts:
โจ @Eden, the tech-savvy wizard from the CTO Team at Wiz
โจ @Amitai, our expert from the Threat Research Team at Wiz
And for this special occasion, we're rolling out the red carpet for:
๐ COREY QUINN! ๐
Chief Cloud Economist at The Duckbill Group, the mastermind behind Last Week in AWS, and the charismatic host of the Screaming in the Cloud podcast....
Published 08/16/23
Popcorn ready? ๐ฟ
Ep. 6 of "Crying Out Cloud" is now LIVE โ and it's a thriller! ๐คฏ
1:42 ๐ฌ Chinese Hackers Steal US Gov Emails
12:53 ๐งจ Silent Bob & the Team TNT Comeback
18:41 ๐ท๐บ Russian Hackers Exploit Office Zero Day
26:10 ๐ Footloose's 2023 Object-Oriented Sequel: PyLoose
Important links:
https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a...
Published 07/31/23
Join your favorite hosts, @Eden and @Amitai, on the latest "Crying Out Cloud" rollercoaster ๐ข Spoiler Alert: We've got @Scott Piper, the cloud security guru, joining the conversation too! His insights are amazing, so we've reserved a special upcoming episode just for him ๐
On today's journey, we are:
1๏ธโฃ Peeling back the layers of MOVEit Transfer 0day vulnerabilitiesย ๐ต๏ธ
2๏ธโฃ Breaking down CVSSv4๐ฅ
3๏ธโฃ Sharing insider takeaways from fwd:cloudsec 2023 (FOMO, anyone?).๐ฎ
4๏ธโฃ Getting real about the...
Published 06/26/23
Join our lively hosts, Eden and Amitai, as they explore the most fascinating cloud security news of the month.
On this episode:
๐ง๐ More juice on 3CX supply chain attack
โ๏ธ๐ PaperCut vulnerabilities
๐ฆ๐ Capita exposed a bucket with sensitive data for 7 years
๐โ๏ธ Toyota cloud misconfiguration leaked customer data for 10 years
๐ข๐ Trend of hijacking containers for traffic routing
ย
Important links:
1.ย ย ...
Published 05/18/23
For crying out #cloud! Episode 3 of our cloud security podcast is live and you haven't tuned in yet?
ย
Hot off the cloud servers! โ๏ธ๐ฐ๐๏ธ
๐ The #BingBang misconfiguration on Microsoft Bing search engine
๐ต๏ธ North Korean supply-chain attack targets crypto companies
๐ฉ๏ธ Iranian cloud destruction operation is making headlines
๐ป QueueJumper: The Windows vulnerability disclosed last Patch Tuesday
Eden and Amitai on the mic๐ค With special guest Ami Luttwak, Wiz Co-Founder and CTO!...
Published 04/24/23
๐๐๏ธ Hold on to your headphones!
The newest episode of the "Crying Out Cloud" podcast is here, and it's an absolute rollercoaster ๐ข
Join our charismatic hosts, Eden and Amitai, as they uncover the most captivating cloud security news of the month.
In this action-packed episode:
๐ต๏ธโโ๏ธ Mysterious redirections to adult websites in East Asia
๐ฃ Crafty hackers using fake Google ads for credential theft
๐ฆช Don't panic, stay clam: The ClamAV vulnerability
๐น๏ธ Gaming industry under fire: Minecraft...
Published 03/16/23
Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure.
Published 03/02/23