Bug Bounty Secrets, Hacker Communities, and a Hit of Volleyball with Justin Gardner
🎙️ Listen to the biggest insights of bug bounty hunting with Justin Gardner 🚨In this episode, Amitai Cohen and Eden Naftali are joined by none other than Justin, renowned bug bounty hunter and host of the Creative Thinking podcast (ctbbpodcast).Justin unpacks some of today's 🔥 topics:- Bug bounty disclosure challenges & trends- Security stories from tech giants: lessons we can all learn- Messaging platform exploits & SSRF risks- Breaking into popular monitoring tools — HTTP pitfalls & key takeaways
--------
40:24
Quadruple Supply Chain Attack, IngressNightmare Exploited, and Rumors Abound
🎙️ All you need to know on the latest discoveries and updates ft. Rami McCarthy 🚨In this episode of Crying Out Cloud, @Amitai Cohen & @Eden Koby Naftali are joined by Rami — a Principal Security Researcher here at Wiz.Rami adds some energy and expertise to the table as we dive into a variety of topics:• GitHub Action supply chain attack • IngressNightmare updates. A follow-up to our last episode on this critical vulnerability.• Alleged Oracle breaches: Breaking down the latest rumors and insights.
--------
28:47
Ingress Nightmare: How a Single Request Could Take Over Your K8s Cluster
🎙️ All you need to know on our latest discovery #IngressNightmare 🚨In this episode of Crying Out Cloud, Amitai Cohen & Eden Koby Naftali are joined by Nir Ohfeld — Head of Vulnerability Research at Wiz. Nir and his team have uncovered some of the most impactful vulnerabilities affecting cloud and SaaS applications. In this episode, he's diving into the latest discovery, a critical vulnerability in Ingress-NGINX:• How the team uncovered a critical unauthenticated RCE in NGINX Ingress Controller• Why Kubernetes admission controllers might be the next big attack surface• The wild journey of hunting vulnerabilities in the cloud
--------
22:26
From Hotmail Hacks to AI hype, CTFs & Cloud Guardian: with Ashish Rajan
🎙 Ready for the latest on AI, cloud security, and Fortune 500 challenges?This week on our podcast Crying Out Cloud, we're joined by none other than Ashish Rajan— a seasoned cybersecurity leader and host of the AI Cybersecurity Podcast & Cloud Security Podcast.Amitai Cohen & Eden Koby Naftali dive into:- The evolution of AI & cloud security- Lessons from securing Fortune 500 & FTSE 100 companies- The biggest challenges (and laughs) in the industry
--------
21:56
HACKERS ARE HIJACKING CLOUD KEYS: The Rise of Cloud-Native Ransomware
From Supply Chain Attacks to S3 Ransomware: Critical Cloud Security Stories You Need to Know.🎙️ In this episode of Crying Out Cloud, Eden and Amitai break down the latest cloud security chaos, from sneaky supply chain attacks to AI-powered malware:1) How attackers exploited a GitHub misconfiguration to enable a supply chain attack.2) The latest twist on cloud-native extortion (spoiler: it all comes back to stolen cloud keys).3) NullifAI – Malicious AI models hiding in plain sight.4) whoAMI attack – The clever AWS AMI name confusion flaw that might catch you off guard.
Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure.