Crying Out Cloud

📢 Tune in to Snowflake's Haider Dost for an exclusive session on Securing Databases, Cloud Threat Intelligence, and Detection strategies. The latest podcast episode of #CryingOutCloud is LIVE! Join our special hosts, @Alon Schindel and @Eden, as they dive deep into the world of cloud security with Haider Dost, Head of Global Threat Detection and Threat Intelligence at Snowflake. 🔍 Episode Highlights: 📌 Recent campaign targeting Snowflake customers. 📌 Discussion on the new mandatory MFA for Snowflake admins and its impact. 📌 Architecture of detection in the cloud & logging. What does it mean to work in a highly regulated environment compared to a fast-growing company like Snowflake. 📌 Defining "good security" in traditional vs. cloud-native settings.

📢 From data privacy norms in the age of AI — tune in to the latest episode of #CryingOutCloud with all you need to know from the cloud security news 🚨 Join Eden Naftali and Amitai Cohen as they dive into: 🔍 How a new AI processing cloud service is challenging data privacy norms. 🛡️ The implications of a potential firewall misconfiguration and how to secure your environment. 🔐 The latest ransomware attacks on GitHub repositories and how to safeguard your data. ⚠️ A new discovery by Wiz research: crypto-jacking campaign targeting Kubernetes clusters. 🐘 Critical remote code execution vulnerability in PHP and how to mitigate the risk.

💥 EXCLUSIVE: Wiz Research uncovers CVE-2024-37032, aka #Probllama — a vulnerability in Ollama that that left thousands of #AI models exposed 😲  

What is it like to be IBM's 'Chief Llama Officer'? 🦙 🎙️ Tune in as Jerry Bell shares his journey from crashing his first computer at 10 to leading IBM's Public Cloud Security What's on today's agenda? 😲 Managing a popular 'Mastodon' server post-Twitter acquisition 🛡️ Challenges and surprises as IBM's CISO 🔐 Insights on the security implications of M&A

🎙️ All that's 🔥 in the cloud: From logging and cloud attacks to NVD backlog updates. what's on today's agenda? 1️⃣ Discover how logging bypass made password-spray attacks undetectable. 2️⃣ Learn about the latest way attackers are monetizing cloud access - by selling access to other people's AI models. 3️⃣ NVD's ongoing backlog - Hear about how the industry is dealing with it.

Our latest episode of Crying out cloud features none other than Kat Traxler, a seasoned security professional renowned for her expertise in cloud research.🚀 Here's a sneak peek at what we'll cover: 🔍 Threat modeling: Kat's practical insights 🔧 "DeRF": Kat's revolutionary tool and how it can help cloud security practitioners 💡 Dispelling myths about cloud security and how it challenges the OSI model 🔬 Future research directions in cloud security & Kat's latest projects in the field

🚨 BREAKING: Wiz Research identifies critical risks in #AI-as-a-service 🚨 Dive into Crying Out Cloud's latest episode, featuring a very special guest, Shir Tamari, head of the research team at Wiz. This episode sheds light on the security challenges that come with the rapid integration of AI technologies. Highlights include: 🚀 Exploring the rapid integration of AI and its associated security risks, identified by Wiz Research in collaboration with Hugging Face. 🛡️ Exposing two significant security flaws within Hugging Face's systems: shared inference and CI/CD systems, which could potentially offer unauthorized access to sensitive data. 📢 Highlighting the critical need for robust security frameworks in AI services. ✅ Demonstrating Hugging Face's dedication to security through the adoption of Wiz CSPM, continuous vulnerability assessments, and annual penetration tests, thereby establishing a high standard in AI safety.

The backdoor in XZ Utils is shaking the industry 🔔 How could we not talk about it? Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack! In this episode: 🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems 🛡️ Security Team Action Plans Tune in now!

🎙️ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode! Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥: 👾 Open-source repos flooded by malicious code. 💻 What is to become of the National Vulnerability Database? ⛓️ Proof of bandwidth cryptojacking 🛠️ Critical vulnerabilities discovered in popular CI/CD tool Links:   https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/  https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/  https://research.openanalysis.net/github/lua/2024/03/03/lua-malware.html  https://resilientcyber.substack.com/p/death-knell-of-the-nvd  https://sysdig.com/blog/cloud-threats-deploying-crypto-cdn/ 

The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out! Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry: 🔑 Learn about Sam's journey into security research 🛠️ Favorite tools and underrated platforms 🤖 The trustworthiness implications of AI-driven technologies in transportation. 🔒 Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and selecting the best research targets. Important links: https://samcurry.net/web-hackers-vs-the-auto-industry/ https://samcurry.net/hacking-apple/ https://samcurry.net/points-com/