CROC News: Malicious Repos, Bandwidth Theft, & NVD or NoVD?
03/26/24 • 31 min
🎙️ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode! Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥: 👾 Open-source repos flooded by malicious code. 💻 What is to become of the National Vulnerability Database? ⛓️ Proof of bandwidth cryptojacking 🛠️ Critical vulnerabilities discovered in popular CI/CD tool
Links:
- https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
- https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
- https://research.openanalysis.net/github/lua/2024/03/03/lua-malware.html
- https://resilientcyber.substack.com/p/death-knell-of-the-nvd
- https://sysdig.com/blog/cloud-threats-deploying-crypto-cdn/
🎙️ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode! Join Eden Naftali and Amitai Cohen as they explore what is new and 🔥: 👾 Open-source repos flooded by malicious code. 💻 What is to become of the National Vulnerability Database? ⛓️ Proof of bandwidth cryptojacking 🛠️ Critical vulnerabilities discovered in popular CI/CD tool
Links:
- https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
- https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
- https://research.openanalysis.net/github/lua/2024/03/03/lua-malware.html
- https://resilientcyber.substack.com/p/death-knell-of-the-nvd
- https://sysdig.com/blog/cloud-threats-deploying-crypto-cdn/
Previous Episode
CROC Talks: Bug Bounty Hunting & Pen Testing with Sam Curry
The NEW exclusive interview with hacker extraordinaire Sam Curry on Crying Out Cloud is out!
Join Eden Naftali and Amitai Cohen as they explore the role of a Bug-Bounty Hunter with Sam Curry:
🔑 Learn about Sam's journey into security research
🛠️ Favorite tools and underrated platforms
🤖 The trustworthiness implications of AI-driven technologies in transportation.
🔒 Vulnerabilities within a major tech company's infrastructure. The tradeoff between scanning gigantic IP ranges and selecting the best research targets.
Important links: https://samcurry.net/web-hackers-vs-the-auto-industry/ https://samcurry.net/hacking-apple/ https://samcurry.net/points-com/
Next Episode
CROC News - XZ Utils backdoor explained
The backdoor in XZ Utils is shaking the industry 🔔 How could we not talk about it?
Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack!
In this episode: 🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems 🛡️ Security Team Action Plans
Tune in now!
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/crying-out-cloud-387088/croc-news-malicious-repos-bandwidth-theft-and-nvd-or-novd-55009278"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to croc news: malicious repos, bandwidth theft, & nvd or novd? on goodpods" style="width: 225px" /> </a>
Copy