Crying Out Cloud
Subscribed: 31Played: 651
Subscribe
© Wiz
Description
Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure.
53 Episodes
Reverse
More info here:
https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
Detection engineering just got real!Eden Naftali and Amitai sit down with detection engineering powerhouse Alex Hurtado - and it's a must-listen for anyone in cloud security. 👇🔍 What's inside:The evolution of detection engineering in the cloud — and why traditional rules no longer applyWhy DIY detections > vendor defaultsHow AI is reshaping detection and threat hunting (and why the human in the loop still wins)
🔍 From discovering VS Code supply chain risks → to uncovering Redis Shell vulnerabilities.Eden Naftali and Amitai sat down to unpack: 👇How VS Code extensions became a critical supply chain risk (w/ Rami McCarthy)What RediShell reveals about attacker innovationWhere AI is being weaponized in modern malware🎙️ Listen now to our NEW Crying Out Cloud episode
🚨 The kernel-level security revolution you can't ignore — a must-listen with Liz RiceEden Naftali and Amitai sit down with Liz Rice, Chief Open Source Officer at Isovalent (Cisco), and a global expert in eBPF, containers, and Kubernetes security.🎙️ In this episode:How eBPF is reshaping cloud security from the ground upPractical strategies to tackle open source supply chain attacks (a hot topic given today’s events)A must-listen for anyone building or securing cloud infrastructure in an era of AI coding and supply chain attacks.
🔐 Erik Bloch on his path from military hacker to Illumio security leader.Eden Naftali and Amitai sat down with Erik Bloch & here's what they covered 👇How starting in the military shaped Erik's approach to securityBuilding and scaling cloud detection & response teamsConverting security metrics into actionable business KPIs
🚨 How do you build a 4,000+ strong student-tech community from scratch?Eden Naftali and Amitai sat down with Day Johnson, Security Engineer at @amazon , ex-Datadog, founder of CyberWox Academy.What they covered 👇- Detection engineering that works at scale- What breaks IR processes (and how to fix them)- Real talk on breaking into security without shortcutsAlso: why being the "tech kid" in your neighborhood might just launch your whole career.
- 💡 From cloud chaos to career confessions: live with security minds from RiotGames & Microsoft.Eden Naftali went live, and got personal, with 3 leaders shaping the future of cloud and cybersecurity:- Nicole Dove, Head of Security Engineering at @Riot Games- Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft- Alon Schindel, VP of AI & Threat Research at WizWhat they unpacked? 👇The heart of threat intel, building trust over tools, and how hobbies reflect how they lead.This Crying Out Cloud episode from RSA just hits different.⏱ Chapters00:05:02 – What it means to be a threat intelligence leader00:10:08 – How threat intelligence should really look00:15:48 – Skirting the tough questions in cybersecurity00:21:07 – Working with third-party vendors in the cloud00:26:17 – What the security industry is getting wrong00:31:20 – The special skill of deep research00:36:20 – A real-world story about leading with trust#CyberSecurity #CloudSecurity #ThreatIntelligence #Infosec #CloudComputing
🎙️ Scattered Spider's new target? Airlines.Eden Koby Naftali & Amitai Cohen break down the latest in the cloud:1️⃣ A connectivity tool vuln & Open WebUI misconfig putting orgs at risk2️⃣ Why attackers are still tricking help desks (and how!)3️⃣ The "lethal trifecta" of AI agent danger, explained 🧠🤖0:25 – Scattered Spider targets the aviation industry1:38 – Help desk hacks: impersonation & real-world stories4:52 – Teleport vulnerability explained9:48 – AI’s “lethal trifecta” and why it matters#CloudSecurity #ScatteredSpider #AIThreats #HelpDeskAttacks #CryingOutCloud #CybersecurityPodcast
🎙️ New ep: David Bianco from Splunk with 🔥 insights from a lifetime of threat hunting.Eden Koby Naftali & Amitai Cohen sat down with David Bianco, creator of some of the most influential models in cyber detection.What they got into ⬇️1) How a threat intel milestone led to the Pyramid of Pain2) Why detection isn't just about indicators3) What good threat hunting teams actually do#CryingOutCloud #CyberSecurity #ThreatHunting #PyramidOfPain #DavidBianco #Splunk #Infosec #CloudSecurity #DetectionEngineering #BlueTeam #SecurityPodcast #SOC #ThreatIntel #IncidentResponse
🎙️ Just dropped: Dr. Anton Chuvakin from Google Cloud, with legendary insights (and cloud security jokes).Eden Koby Naftali & Amitai Cohen sat down with Dr. Anton Chuvakin, Google Cloud's Office of the CISO, and the guy who made SIEM cool!What they got into ⬇️1) Why SOCs are broken (and full of toil)2) How to actually apply AI in security3) Why cloud appliances are still a problem4) What shared responsibility really means
🎙️ All you need to know from Ransomware to CVE Programs!☁️ Join Amitai Cohen and Eden Naftali as they break down the top stories in the cloud:- UK Retail Sector Hit by Ransomware (DragonForce & Scattered Spider)- SAP NetWeaver Vulnerability Exploited in the Wild- CVE Program Faces Major Backlog and Trust Issues
🎙️ Listen to the biggest insights of bug bounty hunting with Justin Gardner 🚨In this episode, Amitai Cohen and Eden Naftali are joined by none other than Justin, renowned bug bounty hunter and host of the Creative Thinking podcast (ctbbpodcast).Justin unpacks some of today's 🔥 topics:- Bug bounty disclosure challenges & trends- Security stories from tech giants: lessons we can all learn- Messaging platform exploits & SSRF risks- Breaking into popular monitoring tools — HTTP pitfalls & key takeaways
🎙️ All you need to know on our latest discovery #IngressNightmare 🚨In this episode of Crying Out Cloud, Amitai Cohen & Eden Koby Naftali are joined by Nir Ohfeld — Head of Vulnerability Research at Wiz. Nir and his team have uncovered some of the most impactful vulnerabilities affecting cloud and SaaS applications. In this episode, he's diving into the latest discovery, a critical vulnerability in Ingress-NGINX:• How the team uncovered a critical unauthenticated RCE in NGINX Ingress Controller• Why Kubernetes admission controllers might be the next big attack surface• The wild journey of hunting vulnerabilities in the cloud
🎙 Ready for the latest on AI, cloud security, and Fortune 500 challenges?This week on our podcast Crying Out Cloud, we're joined by none other than Ashish Rajan— a seasoned cybersecurity leader and host of the AI Cybersecurity Podcast & Cloud Security Podcast.Amitai Cohen & Eden Koby Naftali dive into:- The evolution of AI & cloud security- Lessons from securing Fortune 500 & FTSE 100 companies- The biggest challenges (and laughs) in the industry
From Supply Chain Attacks to S3 Ransomware: Critical Cloud Security Stories You Need to Know.🎙️ In this episode of Crying Out Cloud, Eden and Amitai break down the latest cloud security chaos, from sneaky supply chain attacks to AI-powered malware:1) How attackers exploited a GitHub misconfiguration to enable a supply chain attack.2) The latest twist on cloud-native extortion (spoiler: it all comes back to stolen cloud keys).3) NullifAI – Malicious AI models hiding in plain sight.4) whoAMI attack – The clever AWS AMI name confusion flaw that might catch you off guard.
🎙️ SEASON PREMIERE ALERT: Tune in to our latest episode featuring Karim El-Melhaoui, where we dive into the latest cloud security challenges ☁️🔥 Amitai Cohen & Eden Koby Naftali are kicking off the season with:- Cyber risk vs. operational risk – Why cyber risk is harder to quantify and how Norges Bank used NIST's Cybersecurity Framework to strengthen resilience.- Open-source tools fuel innovation, but many are abandoned without long-term support.- How cloud security alliance Norway is setting stronger security standards.🎧 Ready for season 3 of #CryingOutCloud?
Why is everyone suddenly talking about DeepSeek? 👀
🎙️ If you've been seeing DeepSeek everywhere but are wondering what the actual buzz is about - this is for you: Our new podcast features Gal Nagli from the Wiz Research team, breaking it down with Eden Koby Naftali and Amitai Cohen.
Plus: Get the full story behind our recent DeepSeek database discovery that made headlines ⚡
🎙️ Every great story starts with a beer in the Alps...
From building #Adallom to becoming a sommelier — hear Roy Reznik's journey as Co-Founder and VP R&D at @wiz in our podcast season finale!
In this episode Eden Koby Naftali & Amitai Cohen dive into:
☁️ Roy's journey from Tel Aviv to London—culture.
🛠️ How companies can scale fast while staying secure.
💡 How R&D should foster a culture where developers proactively embrace security as a core value.
🤖 Thoughts on AI in development — Co-Pilots: where do they excel?
🎙️ Unpack AWS re:Invent's top announcements, trends, and what's next for cloud practitioners with @Scott Piper!
Join Eden Naftali and Amitai Cohen in our latest #CryingOutCloud episode featuring Scott Piper, Wiz's Principal Cloud Security Researcher and "cloud security historian".
In this episode:
🌟 AWS re:Invent highlights: Aurora DSQL, Nova genAI, EKS Auto Mode
🔒 Security updates on RCPs, VPC Block Public Access, Declarative Policies for EC2
🎬 Scott's favorite cloud-themed movies from Wiz Video World (Pulp Encryption, anyone?)
Dive into the latest #CryingOutCloud episode featuring Johann Rehberger!
Join Eden and Amitai as they sit down with Johann Rehberger, Red Team Director at @electronicarts and a cybersecurity expert. Johann also publishes innovative security research on his blog, Embrace the Red.
What you'll learn:
📌 Red teaming strategies to strengthen security programs
📌 Insights from Johann’s cutting-edge AI security research and experience
📌 The funny story behind Johann’s alias, Wunderwuzzi
Tune in now! 🎧
Comments
Download from Google Play
Download from App Store
United States