Wiz

ํŒŸ์บ์ŠคํŠธ

#8 - GameOverlay โ€“ privilege escalation vulnerabilities in Ubuntu

Omer Mosheiov

๐Ÿฟ๐Ÿค Everything you need to know about this month's cloud security drama in the latest "Crying Out Cloud" episode!

In this edition, we explore THREE captivating stories ๐Ÿ“š๐Ÿ”

1๏ธโƒฃ "GameOverlay" unveiled: Ubuntu's privilege escalation vulnerabilities ๐Ÿ˜ฑ โ€” Wiz Research uncovered a pair of vulnerabilities that's affecting 40% of Ubuntu cloud machines! We've got the scoop on what you must know.

2๏ธโƒฃ Unmasking "P2PInfect": The botnet targeting Redis! ๐Ÿค– โ€” Ever wondered how a botnet hijacks your exposed Redis instances? Let's get into the nitty-gritty of this attack and find out how to defend your environment.

3๏ธโƒฃ Jumpcloud's dance with North Korea: A supply chain saga ๐Ÿ•Š๏ธ -โ€”Join us as we uncover the tale of Jumpcloud's breach and its uncanny link to North Korea. Dive deep into the investigation with us.

๋ฆฌ์†Œ์Šค

  1. https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
  2. https://ubuntu.com/security/CVE-2023-2640
  3. https://ubuntu.com/security/CVE-2023-32629
  4. https://www.cadosecurity.com/redis-p2pinfect/
  5. https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
  6. https://www.mandiant.com/resources/blog/north-korea-supply-chain
  7. https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/
  8. https://jumpcloud.com/blog/security-update-incident-details
  9. https://jumpcloud.com/support/july-2023-iocs
  10. https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/
  11. https://blog.phylum.io/sophisticated-ongoing-attack-discovered-on-npm/

๋” ๋งŽ์€ ์—ํ”ผ์†Œ๋“œ

#7 - The Future Of The Cloud (Special Guest - Corey Quinn)

Corey Quinn joins "Crying Out Cloud" to discuss cloud evolution, Microsoft MSA, usage & misconfigurations

Omer Mosheiov
์ง€๊ธˆ ๋“ฃ๊ธฐ

#6 - Chinese Spies Acquire Keys To The Azure Kingdom

On this episode: Chinese hackers breach US emails. Silent Bob & Team TNT return. Russian hackers exploit Office Zero Day

Omer Mosheiov
์ง€๊ธˆ ๋“ฃ๊ธฐ

#5 - Peeling back the layers of MOVEit Transfer 0day vulnerabilities

Spoiler Alert: We've got Scott Piper, the cloud security guru, joining the conversation too!

Omer Mosheiov
์ง€๊ธˆ ๋“ฃ๊ธฐ
๋ชจ๋“  ์—ํ”ผ์†Œ๋“œ ๋ณด๊ธฐ

Crying Out Cloud๋Š” ๋‰ด์Šค๋ ˆํ„ฐ์ด๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค!

์•ˆ์ „ ๋ฐ ์ •๋ณด ์œ ์ง€: ์ตœ์‹  ํด๋ผ์šฐ๋“œ ๋ณด์•ˆ ๋‰ด์Šค, ์‹ค์ œ ๊ณต๊ฒฉ ์ธ์‚ฌ์ดํŠธ ๋ฐ ์ „๋ฌธ๊ฐ€ ์ง€์นจ์„ ๋ฐ›์•„ ํ™˜๊ฒฝ์„ ๋ณดํ˜ธํ•˜์‹ญ์‹œ์˜ค.

  • ๊ฒŒ์ž„์˜ ํŒ๋„๋ฅผ ๋ฐ”๊พธ๋Š” ๋‰ด์Šค

    ์—…๊ณ„๋ฅผ ๋’คํ”๋“ค๊ณ  ์žˆ๊ณ  ์—ฌ๋Ÿฌ๋ถ„์˜ ๊ด€์‹ฌ์ด ํ•„์š”ํ•œ ์ตœ์‹  ํด๋ผ์šฐ๋“œ ๋ณด์•ˆ ์ทจ์•ฝ์„ฑ๊ณผ ํ˜์‹ ์— ๋Œ€ํ•œ ์š”์•ฝ์ž…๋‹ˆ๋‹ค.

  • ๊ณ ์œ ํ•œ Wiz ์ธ์‚ฌ์ดํŠธ

    ์—ฐ๊ตฌ ๋ฐ์ดํ„ฐ ๋‚ด๋ถ€ ์‚ดํŽด๋ณด๊ธฐ - ์‹ค์ œ ํด๋ผ์šฐ๋“œ ํ™˜๊ฒฝ์—์„œ ํƒ์ง€ํ•œ ์‹ค์ œ ๊ณต๊ฒฉ ๊ฒฝ๋กœ์˜ ํ†ต๊ณ„๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ํ•ฉ๋‹ˆ๋‹ค.

  • ์‹ค์ „ ํ…Œ์ŠคํŠธ๋ฅผ ๊ฑฐ์นœ ์กฐ์–ธ

    ํšŒ์‚ฌ์—์„œ ๋ฐ์ดํ„ฐ ์นจํ•ด๋ฅผ ๋ฐฉ์ง€ํ•˜๋Š” ๋ฐฉ๋ฒ•๊ณผ ์ „๋ฐ˜์ ์ธ ํด๋ผ์šฐ๋“œ ๋ณด์•ˆ ์ „๋žต์„ ๊ฐœ์„ ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ์œ„ํ˜‘ ์—ฐ๊ตฌ ํŒ€์˜ ํŒ์ž…๋‹ˆ๋‹ค.

ํด๋ผ์šฐ๋“œ ๋ณด์•ˆ์˜ ์ตœ์‹  ์—…๋ฐ์ดํŠธ๋ฅผ ๋ฐ›์€ ํŽธ์ง€ํ•จ์œผ๋กœ ์ง์ ‘ ๋ฐ›์œผ๋ ค๋ฉด ๋“ฑ๋กํ•˜์‹ญ์‹œ์˜ค.

Wiz๊ฐ€ ๊ท€ํ•˜์˜ ๊ฐœ์ธ ๋ฐ์ดํ„ฐ๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•œ ์ž์„ธํ•œ ๋‚ด์šฉ์€ ๋‹ค์Œ์„ ์ฐธ์กฐํ•˜์‹ญ์‹œ์˜ค. ๊ฐœ์ธ์ •๋ณด์ฒ˜๋ฆฌ๋ฐฉ์นจ.