Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥:

👾 Open-source repos flooded by malicious code

💻 What is to become of the National Vulnerability Database?

⛓️ Proof of bandwidth cryptojacking

🛠️ Critical vulnerabilities discovered in popular CI/CD tool

CROC News - Malicious Repos, Bandwidth Theft, & NVD or NoVD?

The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out!

Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry: 

🔑 Learn about Sam's journey into security research

🛠️ Favorite tools and underrated platforms

🤖 The trustworthiness implications of AI-driven technologies in transportation.

🔒 Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and selecting the best research targets.

CROC Talks: Bug Bounty Hunting & Pen Testing with Sam Curry

Loading from the Cloud... 

Season 2 of "CRYING OUT CLOUD" is here!

Join our hosts, @Eden and @Amitai, as they dive into the latest cloud stories that we can't wait to share with you

Here's a sneak peek into the season's opening:
 
🚗 Mercedes-Benz Source Code Exposure:
A public GitHub Repo was exposed - allowing unauthorized access to the company's internal servers, including AWS and Azure subscriptions. The credentials remained publicly accessible for 3-4 months. 😱

🌨️ Midnight Blizzard Hits Microsoft:
Russian actors (Midnight Blizzard) got into Microsoft's network and stole employee emails, finding a misconfigured account with a weak password. Among other things, they tried to find out what Microsoft knew about their activity.

🔐 Ivanti Vulnerabilities:
Ivanti's VPN products exposed vulnerabilities, allowing remote code execution and authentication bypass, exploited by a Chinese Threat Actor. 

CROC News: Automotive Code Leak & Midnight Blizzard's Heist

The backdoor in XZ Utils is shaking the industry 🔔
How could we not talk about it?

Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack!

In this episode:
🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1
🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems
🛡️ Security Team Action Plans

Tune in now!

CROC Talks - XZ Utils backdoor explained

その他のエピソード

CROC News - Malicious Repos, Bandwidth Theft, & NVD or NoVD?

CROC Talks: Bug Bounty Hunting & Pen Testing with Sam Curry

CROC News: Automotive Code Leak & Midnight Blizzard's Heist

Crying Out Cloud ニュースレター