Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

Episode 28 November 11, 2020 00:29:02
Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC
SilverLining IL
Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Ofer Maor

Guest title: Co-Founder & CTO 

Company: Mitiga

Abstract

The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples.

Timing:

0:00 Introducing our guest and Mitiga

3:32 Preparing for cloud incident response 

7:15 Cloud attack vector - malicious AMI

11:00 More attack vectors on marketplaces

13:18 Github attack vectors

18:15 attack vector - Business email compromise on 365

25:44 how to mitigate cloud incidents

27:58 Summary and last words

Other Episodes

Episode 8

September 24, 2019 00:27:26
Episode Cover

Episode 8: Securing The World of IoT

Attendees Guest: Beau Woods Guest title:  Member Company:  We-Are-The-Cavalry, Atlantic Council Abstract IOT devices such as Medical embedded devices, autonomous vehicle and smart homes are currently the Achilles heel of information security. The technology is advancing fast, but the security frameworks are not advancing at the same pace. In this episode we talk with Beau woods, founder for I-am-the-cavalry, about the steps governments, regulators and vendors should take in order to produce safer IOT devices. Timing   0:00 Intro and introducing our Beau activities and I-AM-The-Cavalry community   5:20 What are the unique challenges of IOT security?  9.05  It is not a question of connectivity 11:35   How do better engineer IOT devices - fail fast, detect failure and maintain an ability to fix failures 17.15 Engineering is not enough - how the IOT consumers should be trained for and aware of 22.20 Summary and conclusions   ...

Listen

Episode 39

June 23, 2021 00:29:08
Episode Cover

SilverLining Episode 39: Securing API Services

Attendees Guest: Oz Avenstein Guest Title: Founder & CEO @ Avensec - Cloud & Application Security Topic: Securing API Services   Abstract The applicative infrastructure is becoming more and more complex due to different requirements, design patterns, and technologies. In many of these cases, one of those requirements is to connect other parties to systems, and in other cases, to connect systems to other parties. Nowadays, the most common connection method is to use Application Programming Interfaces (APIs). In this episode we spoke with Oz Avenstein, co-author of the CSA Security Guidelines for Providing and Consuming APIs about the guidelines creation process and how organizations should secure access to API resources. ...

Listen

Episode 33

January 18, 2021 00:31:24
Episode Cover

Episode 33: Researching Cloud Vulnerabilities

Attendees Guest: Asaf Hecht  Guest Title: Security research team leader Company: CyberArk  Abstract With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors.  ...

Listen