Crying Out Cloud

For crying out #cloud! Episode 3 of our cloud security podcast is live and you haven't tuned in yet?   Hot off the cloud servers! ☁️📰🎙️ 🔎 The #BingBang misconfiguration on Microsoft Bing search engine 🕵️ North Korean supply-chain attack targets crypto companies 🌩️ Iranian cloud destruction operation is making headlines 💻 QueueJumper: The Windows vulnerability disclosed last Patch Tuesday Eden and Amitai on the mic🎤 With special guest Ami Luttwak, Wiz Co-Founder and CTO!   Important Links:   https://www.wiz.io/blog/bingbang   https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration https://www.wired.com/story/3cx-supply-chain-attack-north-korea-cryptocurrency-targets/ https://www.3cx.com/blog/news/security-incident-updates/ https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/ https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/ https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/

🎉🎙️ Hold on to your headphones! The newest episode of the "Crying Out Cloud" podcast is here, and it's an absolute rollercoaster 🎢Join our charismatic hosts, Eden and Amitai, as they uncover the most captivating cloud security news of the month.In this action-packed episode:🕵️‍♂️ Mysterious redirections to adult websites in East Asia🎣 Crafty hackers using fake Google ads for credential theft🦪 Don't panic, stay clam: The ClamAV vulnerability🕹️ Gaming industry under fire: Minecraft and Dota 2 incidents 🇺🇸 US Department of Defense data exposure drama 🔗 And the GoDaddy supply chain attack that everyone's talking about!Important Links:1. https://www.wiz.io/blog/redirection-roulette2. https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx3. https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/4. https://permiso.io/blog/s/watering-hole-attack-targets-aws-users/5. https://blog.gradle.org/wrapper-attack-report6. https://lunarlogs.com/2023/01/29/double-jeopardy-mcos-backdooring-players-get-shut-down/7. https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/8. https://thehackernews.com/2023/02/critical-rce-vulnerability-discovered.html9. https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/

Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure. Important links: https://circleci.com/blog/jan-4-2023-incident-report/https://www.wiz.io/blog/cve-2022-44877-critical-rce-in-centos-control-web-panel-exploited-in-the-wildhttps://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/https://therecord.media/hackers-exploiting-vulnerability-affecting-zoho-manageengine-products-rapid7https://www.theverge.com/2023/1/24/23569109/goto-hack-lastpass-breach-encrypted-backups-key