Wiz

Podcast

#9 - The collapse of LAPSUS$ and the risks of AI data poisoning

Omer Mosheiov
SpotifyListen onSpotifyApple PodcastsListen onApple Podcasts

👀 Here's a sneak peek at today’s episode:

🔒 Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.

🤖 Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful mitigations against this threat.

💻 The WinRAR Vulnerability (CVE-2023-38831)! This flaw was exploited against crypto-traders to infect their devices with malware, but should be considered a low concern for cloud customers unless using virtual desktops.

Resources

https://gizmodo.com/hackers-lapsus-uber-nvidia-rockstar-games-microsoft-1850766324 https://www.bbc.com/news/technology-66549159 https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-executive-summary https://www.cisa.gov/sites/default/files/2023-08/CSRBLapsus%24508c.pdf https://duo.com/decipher/lapsususd-analysis-finds-need-for-better-iam-mfa-deployments https://www.youtube.com/watch?v=h9jf1ikcGyk https://arxiv.org/pdf/2302.10149.pdf https://www.blackhat.com/us-23/briefings/schedule/#poisoning-web-scale-training-datasets-is-practical-32112 https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/

More episodes

CROC Talks - Securing DBs, Cloud Threat Intel, and Detection- Special Guest: Snowflakes’ Haider Dost

Hosts Alon and Eden interview Haider Dost from Snowflake on securing databases, cloud threat intelligence, and more

Omer Mosheiov
Listen now

CROC News: Firewall Fumbles, Gitloker Etiquette, and Private Cloud Compute

Tune in to the latest episode of #CryingOutCloud for insights on AI, data privacy, and the latest cloud security news!

Omer Mosheiov
Listen now

CROC Talks: RCE Vulnerability in Ollama explained

RCE Vulnerability in Ollama explained

Omer Mosheiov
Listen now
View all episodes

Crying Out Cloud is also a newsletter!

Stay Safe & Informed: Receive the Latest Cloud Security News, Real Attack Insights, and Expert Guidance to Protect Your Environment.

  • Game-changing news

    Our round up of the latest cloud security vulnerabilities and innovations that are shaking up the industry and need your attention.

  • Unique Wiz insights

    An inside look at our research data - based on statistics from real attack paths we detected in real cloud environments.

  • Battle-tested advice

    Tips from our Threat Research team on how to prevent data breaches in your company and how to improve your overall cloud security strategy.

Sign up to receive the latest updates in cloud security directly to your inbox

For information about how Wiz handles your personal data, please see our Privacy Policy.