CROC Talks - Securing DBs, Cloud Threat Intel, and Detection- Special Guest: Snowflakesâ Haider Dost
Hosts Alon and Eden interview Haider Dost from Snowflake on securing databases, cloud threat intelligence, and more
Omer Mosheiov
ããããã£ã¹ã
#9 - The collapse of LAPSUS$ and the risks of AI data poisoning
ð Here's a sneak peek at todayâs episode:
ð Stay ahead of the game! LAPSUS$ Hackers may be making waves. Two members of this notorious group faced consequences in the UK, but shockingly, they continued their hacking activities even while under house arrest.
ð€ Data Poisoning in AI Training is a growing concern. Hackers can manipulate the data used to train AI models, introducing risks and vulnerabilities. Validating data integrity and randomizing data ingestion times are useful mitigations against this threat.
ð» The WinRAR Vulnerability (CVE-2023-38831)! This flaw was exploited against crypto-traders to infect their devices with malware, but should be considered a low concern for cloud customers unless using virtual desktops.
ãªãœãŒã¹
https://gizmodo.com/hackers-lapsus-uber-nvidia-rockstar-games-microsoft-1850766324 https://www.bbc.com/news/technology-66549159 https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-executive-summary https://www.cisa.gov/sites/default/files/2023-08/CSRBLapsus%24508c.pdf https://duo.com/decipher/lapsususd-analysis-finds-need-for-better-iam-mfa-deployments https://www.youtube.com/watch?v=h9jf1ikcGyk https://arxiv.org/pdf/2302.10149.pdf https://www.blackhat.com/us-23/briefings/schedule/#poisoning-web-scale-training-datasets-is-practical-32112 https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/
ãã®ä»ã®ãšããœãŒã
CROC News: Firewall Fumbles, Gitloker Etiquette, and Private Cloud Compute
Tune in to the latest episode of #CryingOutCloud for insights on AI, data privacy, and the latest cloud security news!
Omer Mosheiov
CROC Talks: RCE Vulnerability in Ollama explained
RCE Vulnerability in Ollama explained
Omer Mosheiov
"Crying Out Cloud" ã¯ãã¥ãŒã¹ã¬ã¿ãŒã§ããããŸãïŒ
å®å šãšæ å ±åéïŒ ææ°ã®ã¯ã©ãŠãã»ãã¥ãªã㣠ãã¥ãŒã¹ãå®éã®æ»æã®ã€ã³ãµã€ããç°å¢ãä¿è·ããããã®å°é家ã®ã¬ã€ãã³ã¹ããå±ãããŸãã
ã²ãŒã ãã§ã³ãžã®ãã¥ãŒã¹
æ¥çãæºããã泚æãå¿ èŠãšããææ°ã®ã¯ã©ãŠãã»ãã¥ãªãã£ã®è匱æ§ãšã€ãããŒã·ã§ã³ããŸãšããŸããã
ãŠããŒã¯ãª Wiz ã€ã³ãµã€ã
å®éã®ã¯ã©ãŠãç°å¢ã§æ€åºãããå®éã®æ»æçµè·¯ããã®çµ±èšã«åºã¥ããŠã調æ»ããŒã¿ã®å éšã®æ§åã§ãã
æŠéãã¹ãã®ã¢ããã€ã¹
åŒç€Ÿã®è åšèª¿æ»ããŒã ããã®ãã³ãã¯ã埡瀟ã®ããŒã¿æŒæŽ©ãé²ãæ¹æ³ãšãã¯ã©ãŠãã»ãã¥ãªãã£æŠç¥å šäœãæ¹åããæ¹æ³ã§ãã
ã¯ã©ãŠãã»ãã¥ãªãã£ã®ææ°æ å ±ãåä¿¡ãã¬ã€ã«çŽæ¥åä¿¡ããã«ã¯ããµã€ã³ã¢ããããŠãã ãã