Crying Out Cloud

fwd:cloudsec event highlights podcast special - Featuring our special wizard guest Scott Piper, who is also the co-founder of fwd:cloudsec! A non-profit conference on cloud security that discusses all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and more! fwd:cloudsec 2023 videos: https://www.youtube.com/playlist?list=PLCPCP1pNWD7MR1SwekwbZls9TGzqo_LHx

👀 Here's a sneak peek at today’s episode:  🔒 Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.   🤖 Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful mitigations against this threat. 💻 The WinRAR Vulnerability (CVE-2023-38831)! This flaw was exploited against crypto-traders to infect their devices with malware, but should be considered a low concern for cloud customers unless using virtual desktops.   Important links: https://gizmodo.com/hackers-lapsus-uber-nvidia-rockstar-games-microsoft-1850766324  https://www.bbc.com/news/technology-66549159  https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-executive-summary  https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf  https://duo.com/decipher/lapsususd-analysis-finds-need-for-better-iam-mfa-deployments  https://www.youtube.com/watch?v=h9jf1ikcGyk  https://arxiv.org/pdf/2302.10149.pdf  https://www.blackhat.com/us-23/briefings/schedule/#poisoning-web-scale-training-datasets-is-practical-32112  https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/ 

🍿🤏 Everything you need to know about this month's cloud security drama in the latest "Crying Out Cloud" episode! In this edition, we explore THREE captivating stories 📚🔍 1️⃣ "GameOverlay" unveiled: Ubuntu's privilege escalation vulnerabilities 😱 — Wiz Research uncovered a pair of vulnerabilities that's affecting 40% of Ubuntu cloud machines! We've got the scoop on what you must know. 2️⃣ Unmasking "P2PInfect": The botnet targeting Redis! 🤖 — Ever wondered how a botnet hijacks your exposed Redis instances? Let's get into the nitty-gritty of this attack and find out how to defend your environment. 3️⃣ Jumpcloud's dance with North Korea: A supply chain saga 🕊️ -—Join us as we uncover the tale of Jumpcloud's breach and its uncanny link to North Korea. Dive deep into the investigation with us. Important links: 1. https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability 2. https://ubuntu.com/security/CVE-2023-2640 3. https://ubuntu.com/security/CVE-2023-32629 4. https://www.cadosecurity.com/redis-p2pinfect/ 5. https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/ 6. https://www.mandiant.com/resources/blog/north-korea-supply-chain 7. https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/ 8. https://jumpcloud.com/blog/security-update-incident-details 9. https://jumpcloud.com/support/july-2023-iocs 10. https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/ 11. https://blog.phylum.io/sophisticated-ongoing-attack-discovered-on-npm/

🔥 SPECIAL EPISODE ALERT 🔥 @Corey Quinn Joins the Party — in this week's incredible episode of "Crying Out Cloud" 🥳 Meet our remarkable hosts: ✨ @Eden, the tech-savvy wizard from the CTO Team at Wiz ✨ @Amitai, our expert from the Threat Research Team at Wiz And for this special occasion, we're rolling out the red carpet for: 🎊 COREY QUINN! 🎊 Chief Cloud Economist at The Duckbill Group, the mastermind behind Last Week in AWS, and the charismatic host of the Screaming in the Cloud podcast. Corey is not just a cloud icon – he's a cloud ROCKSTAR 🎸 On the producer's desk: 🕹️ @Alon Schindel, our powerhouse Director of Data and Threat Research at Wiz — In this unforgettable episode, we explore: 💥 The Microsoft MSA incident – a turning point or a fading memory? 💡 The cloud's revolutionary journey over the past decade 🌍 Cloud usage in today's economic climate 💎 Often overlooked but golden cloud services 🛡 Why cloud misconfigurations are still a major issue AND... We put Corey in the hot seat with a speed round that's packed with laughs and surprises!

Popcorn ready? 🍿 Ep. 6 of "Crying Out Cloud" is now LIVE — and it's a thriller! 🤯 1:42 📬 Chinese Hackers Steal US Gov Emails 12:53 🧨 Silent Bob & the Team TNT Comeback 18:41 🇷🇺 Russian Hackers Exploit Office Zero Day 26:10 🐍 Footloose's 2023 Object-Oriented Sequel: PyLoose Important links: https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/ https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/ https://www.wired.com/story/microsoft-cloud-attack-china-hackers/ https://arstechnica.com/security/2023/07/microsoft-takes-pains-to-obscure-role-in-0-days-that-caused-email-breach/ https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign https://permiso.io/blog/s/agile-approach-to-mass-cloud-cred-harvesting-and-cryptomining/ https://www.sentinelone.com/labs/cloudy-with-a-chance-of-credentials-aws-targeting-cred-stealer-expands-to-azure-gcp/ https://twitter.com/AbbyMCH/status/1679509312132005888 https://sysdig.com/blog/scarleteel-2-0/ https://twitter.com/maddiestone/status/1678843059294076928 https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 https://twitter.com/cyb3rops/status/1680962212804939776 https://twitter.com/serghei/status/1679246339698315265 https://www.wiz.io/blog/pyloose-first-python-based-fileless-attack-on-cloud-workloads

Join your favorite hosts, @Eden and @Amitai, on the latest "Crying Out Cloud" rollercoaster 🎢 Spoiler Alert: We've got @Scott Piper, the cloud security guru, joining the conversation too! His insights are amazing, so we've reserved a special upcoming episode just for him 😎 On today's journey, we are: 1️⃣ Peeling back the layers of MOVEit Transfer 0day vulnerabilities 🕵️ 2️⃣ Breaking down CVSSv4💥 3️⃣ Sharing insider takeaways from fwd:cloudsec 2023 (FOMO, anyone?).🔮 4️⃣ Getting real about the Barracuda ESG 0day vulnerability (we're not fishing around! 🐠). Important Links: https://www.first.org/cvss/v4-0/https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.htmlhttps://www.mandiant.com/resources/blog/barracuda-esg-exploited-globallyhttps://fwdcloudsec.org/schedule.html

Join our lively hosts, Eden and Amitai, as they explore the most fascinating cloud security news of the month. On this episode: 🧃🔗 More juice on 3CX supply chain attack ✂️💔 PaperCut vulnerabilities 📦🔓 Capita exposed a bucket with sensitive data for 7 years 🚗☁️ Toyota cloud misconfiguration leaked customer data for 10 years 🚢🔄 Trend of hijacking containers for traffic routing   Important links: 1.     https://techcrunch.com/2023/05/12/toyota-japan-exposed-millions-locations-videos/ 2.    https://zetter.substack.com/p/updates-and-timeline-for-3cx-and 3.    https://doublepulsar.com/capitas-standard-industry-practice-633gb-open-cloud-storage-5d87e7e96a70 4.    https://therecord.media/iranian-state-sponsored-hackers-exploiting-printer-vulnerability 5.    https://www.trendmicro.com/en_us/research/23/d/attackers-use-containers-for-profit-via-trafficstealer.html

For crying out #cloud! Episode 3 of our cloud security podcast is live and you haven't tuned in yet?   Hot off the cloud servers! ☁️📰🎙️ 🔎 The #BingBang misconfiguration on Microsoft Bing search engine 🕵️ North Korean supply-chain attack targets crypto companies 🌩️ Iranian cloud destruction operation is making headlines 💻 QueueJumper: The Windows vulnerability disclosed last Patch Tuesday Eden and Amitai on the mic🎤 With special guest Ami Luttwak, Wiz Co-Founder and CTO!   Important Links:   https://www.wiz.io/blog/bingbang   https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration https://www.wired.com/story/3cx-supply-chain-attack-north-korea-cryptocurrency-targets/ https://www.3cx.com/blog/news/security-incident-updates/ https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/ https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/ https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/

🎉🎙️ Hold on to your headphones! The newest episode of the "Crying Out Cloud" podcast is here, and it's an absolute rollercoaster 🎢Join our charismatic hosts, Eden and Amitai, as they uncover the most captivating cloud security news of the month.In this action-packed episode:🕵️‍♂️ Mysterious redirections to adult websites in East Asia🎣 Crafty hackers using fake Google ads for credential theft🦪 Don't panic, stay clam: The ClamAV vulnerability🕹️ Gaming industry under fire: Minecraft and Dota 2 incidents 🇺🇸 US Department of Defense data exposure drama 🔗 And the GoDaddy supply chain attack that everyone's talking about!Important Links:1. https://www.wiz.io/blog/redirection-roulette2. https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx3. https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/4. https://permiso.io/blog/s/watering-hole-attack-targets-aws-users/5. https://blog.gradle.org/wrapper-attack-report6. https://lunarlogs.com/2023/01/29/double-jeopardy-mcos-backdooring-players-get-shut-down/7. https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/8. https://thehackernews.com/2023/02/critical-rce-vulnerability-discovered.html9. https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/

Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure. Important links: https://circleci.com/blog/jan-4-2023-incident-report/https://www.wiz.io/blog/cve-2022-44877-critical-rce-in-centos-control-web-panel-exploited-in-the-wildhttps://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/https://therecord.media/hackers-exploiting-vulnerability-affecting-zoho-manageengine-products-rapid7https://www.theverge.com/2023/1/24/23569109/goto-hack-lastpass-breach-encrypted-backups-key