Dan Goodin
Dominic WhiteβLearning creates more competence but first, it amplifies our feelings of incompetence.β
| Website | https://cloudcurio.us |
| Blog | https://amitaico.substack.com |
| GitHub | https://github.com/korniko98 |
| https://twitter.com/AmitaiCo |
Amitai Cohen
- 145 Followers
- 211 Following
- 94 Posts
β¦ researching threats @wiz π maintaining vulns @cloudvulndb ποΈ casting pods @ http://cryingoutcloud.io/
The plot in this tj-actions supply-chain attack thickens. Another widely used Github Actions, reviewdog/action-setup, was also tampered with, using similar but not identical methodology. From @wiz
Wiz 
π§ Listen to #IBM's 'Chief Llama Officer' π¦, @jerry about his journey from crashing computers at 10 to leading cloud security, and hear his journey & insights on #AI, acquisitions, and more.
Tune in to our new episode:
π§ Spotify: https://open.spotify.com/episode/2DwPFc7pfb5cOWpnffmDu7?si=n-kVjFtkQdGlx2I3osKGdQ
π Apple Podcasts: https://podcasts.apple.com/il/podcast/crying-out-cloud/id1675289400?i=1000658039999
πΊ YouTube: https://www.youtube.com/watch?v=Zvi71YLSnfc
CROC Talks: Chief Llama Officer and IBM CISO - Jerry Bell
danielleaminovI've been looking into how the xz backdoor works and drew this sketch to make it easier to understand.
I'll update it as new information comes to light β¨
I'll update it as new information comes to light β¨
@dave_aitel i really like this idea - also wanted to point out another existing example from SaaS land - when a company uses a "connector" to integrate their product with a customer's cloud environment, the connector is limited to specific permissions, and vendors are expected to declare them (though it would be better if it was a built-in system calculating the permission set).
@jerry Finished watching it and immediately started reading the books
Sharon GoldbergFinal projects for my infosec course at BU are in - students are asked to create a podcast about a security incident that was in the news in the past year. These are too good not to share, so posting a few here! π§΅
PS - If you're looking for new grads for your infosec roles, DM me. I have tens of qualified candidates :)
@ancients @GossiTheDog rockets usually don't know how to use door handles
@iagox86 @campuscodi "the bad guys" isn't a monolith - prior to a POC being released there might be a small number of threat actors putting in the work to weaponize via patchdiffing, but once a POC is released the bar to entry is lowered and "the bad guys" could now include every single threat actor regardless of skill level or resources.