20 episodes

Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure.

Crying Out Cloud Wiz

    • Technology
    • 4.7 • 14 Ratings

Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure.

    CROC Talks: Helping Secure Hugging Face Hub - Special Guest: Shir Tamari

    CROC Talks: Helping Secure Hugging Face Hub - Special Guest: Shir Tamari

    🚨 BREAKING: Wiz Research identifies critical risks in #AI-as-a-service 🚨

    Dive into Crying Out Cloud's latest episode, featuring a very special guest, Shir Tamari, head of the research team at Wiz. This episode sheds light on the security challenges that come with the rapid integration of AI technologies. Highlights include:

    🚀 Exploring the rapid integration of AI and its associated security risks, identified by Wiz Research in collaboration with Hugging Face.

    🛡️ Exposing two significant security flaws within Hugging Face's systems: shared inference and CI/CD systems, which could potentially offer unauthorized access to sensitive data.

    📢 Highlighting the critical need for robust security frameworks in AI services.

    ✅ Demonstrating Hugging Face's dedication to security through the adoption of Wiz CSPM, continuous vulnerability assessments, and annual penetration tests, thereby establishing a high standard in AI safety.

    • 11 min
    CROC News - XZ Utils backdoor explained

    CROC News - XZ Utils backdoor explained

    The backdoor in XZ Utils is shaking the industry 🔔
    How could we not talk about it?


    Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack!


    In this episode:
    🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1
    🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems
    🛡️ Security Team Action Plans


    Tune in now!

    • 12 min
    CROC News: Malicious Repos, Bandwidth Theft, & NVD or NoVD?

    CROC News: Malicious Repos, Bandwidth Theft, & NVD or NoVD?

    🎙️ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode!

    Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥:

    👾 Open-source repos flooded by malicious code.

    💻 What is to become of the National Vulnerability Database?

    ⛓️ Proof of bandwidth cryptojacking

    🛠️ Critical vulnerabilities discovered in popular CI/CD tool



    Links:  


    https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ 


    https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ 


    https://research.openanalysis.net/github/lua/2024/03/03/lua-malware.html 


    https://resilientcyber.substack.com/p/death-knell-of-the-nvd 


    https://sysdig.com/blog/cloud-threats-deploying-crypto-cdn/ 

    • 31 min
    CROC Talks: Bug Bounty Hunting & Pen Testing with Sam Curry

    CROC Talks: Bug Bounty Hunting & Pen Testing with Sam Curry

    The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out!


    Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry:


    🔑 Learn about Sam's journey into security research


    🛠️ Favorite tools and underrated platforms


    🤖 The trustworthiness implications of AI-driven technologies in transportation.


    🔒 Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and selecting the best research targets.





    Important links:
    https://samcurry.net/web-hackers-vs-the-auto-industry/
    https://samcurry.net/hacking-apple/
    https://samcurry.net/points-com/

    • 41 min
    CROC News: Automotive Code Leak & Midnight Blizzard's Heist

    CROC News: Automotive Code Leak & Midnight Blizzard's Heist

    Loading from the Cloud...

    Season 2 of "CRYING OUT CLOUD" is here!

    Join our hosts, Eden and Amitai, as they dive into the latest cloud stories that we can't wait to share with you

    Here's a sneak peek into the season's opening:



    🚗 Mercedes-Benz Source Code Exposure:
    A public GitHub Repo was exposed - allowing unauthorized access to the company's internal servers, including AWS and Azure subscriptions. The credentials remained publicly accessible for 3-4 months. 😱



    🌨️ Midnight Blizzard Hits Microsoft:
    Russian actors (Midnight Blizzard) got into Microsoft's network and stole employee emails, finding a misconfigured account with a weak password. Among other things, they tried to find out what Microsoft knew about their activity.



    🔐 Ivanti Vulnerabilities:
    Ivanti's VPN products exposed vulnerabilities, allowing remote code execution and authentication bypass, exploited by a Chinese Threat Actor.

    • 28 min
    #15 - Yinon Costica on AI risks, the importance of positivity and his new year's resolutions

    #15 - Yinon Costica on AI risks, the importance of positivity and his new year's resolutions

    🛡️ Join Eden Naftali & Amitai Cohen's exclusive interview with Yinon Costica, as he brings unparalleled expertise to the table. From his beginnings in Israel's 8200 intelligence unit, through Adallom, which was acquired by Microsoft, to co-founding Wiz

    • 33 min

Customer Reviews

4.7 out of 5
14 Ratings

14 Ratings

🫠😵‍💫🫥 ,

Seems awesomely nerdy

I looked up “crying” in podcast all and found this. I have never listened to it, but decided to rate it 5 stars anyways. (P.S. I looked up “crying” because as a 13 year old girl, I was crying over boys, school, boys, hormones, Harry Styles, and boys. Your welcome.) I’m about to listen to it. I’m hoping for it to be super nerdy.

rbmcnutt ,

Cloud experts at your fingertips

A great podcast with smart hosts that explore how cloud threats work and how to solve for them. Awesome.

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Dwarkesh Podcast
Dwarkesh Patel
Acquired
Ben Gilbert and David Rosenthal
TED Radio Hour
NPR
Deep Questions with Cal Newport
Cal Newport

You Might Also Like

Risky Business News
risky.biz
Risky Business
Patrick Gray
Defense in Depth
David Spark
Click Here
Recorded Future News
Malicious Life
Malicious Life
Darknet Diaries
Jack Rhysider