Attendees
Guest: Ofer Maor
Guest title: Co-Founder & CTO
Company: Mitiga
Abstract
The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples.
Timing:
0:00 Introducing our guest and Mitiga
3:32 Preparing for cloud incident response
7:15 Cloud attack vector - malicious AMI
11:00 More attack vectors on marketplaces
13:18 Github attack vectors
18:15 attack vector - Business email compromise on 365
25:44 how to mitigate cloud incidents
27:58 Summary and last words
Attendees Guest: Beau Woods Guest title: Member Company: We-Are-The-Cavalry, Atlantic Council Abstract IOT devices such as Medical embedded devices, autonomous vehicle and smart homes are currently the Achilles heel of information security. The technology is advancing fast, but the security frameworks are not advancing at the same pace. In this episode we talk with Beau woods, founder for I-am-the-cavalry, about the steps governments, regulators and vendors should take in order to produce safer IOT devices. Timing 0:00 Intro and introducing our Beau activities and I-AM-The-Cavalry community 5:20 What are the unique challenges of IOT security? 9.05 It is not a question of connectivity 11:35 How do better engineer IOT devices - fail fast, detect failure and maintain an ability to fix failures 17.15 Engineering is not enough - how the IOT consumers should be trained for and aware of 22.20 Summary and conclusions ...
Attendees Guest: Oz Avenstein Guest Title: Founder & CEO @ Avensec - Cloud & Application Security Topic: Securing API Services Abstract The applicative infrastructure is becoming more and more complex due to different requirements, design patterns, and technologies. In many of these cases, one of those requirements is to connect other parties to systems, and in other cases, to connect systems to other parties. Nowadays, the most common connection method is to use Application Programming Interfaces (APIs). In this episode we spoke with Oz Avenstein, co-author of the CSA Security Guidelines for Providing and Consuming APIs about the guidelines creation process and how organizations should secure access to API resources. ...
Attendees Guest: Asaf Hecht Guest Title: Security research team leader Company: CyberArk Abstract With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors. ...