Show Notes
A podcast about cloud adoption and cybersecurity.
Website: https://www.globaltech.tv/
Social networks: https://linktr.ee/globaltechtv
View Full Transcript
Episode Transcript
[00:00:02] Speaker A: Hi everyone and welcome to another episode of Global Tech TV Podcast. This episode was recorded at the end of October 2024 and in this chapter we're in this episode we're beginning for the first time a new joiner we have with us. Angie, would you introduce yourself to the audience?
[00:00:22] Speaker B: Absolutely. Thank you so much for the invitation, AI Lenras. I'm really happy to be here with you guys today and hopefully follow all your journey with the podcast and work on it and keep on growing. So basically I like the fact that now I can join a more serious and technical conversation. Of course, as a professional in security myself, a little bit about my experience.
Not only I hold a lot of years of experience in cybersecurity, especially in penetration testing, I have also tried to be a women's advocate for all the girls trying to shift their career towards cybersecurity or even enter it as beginners. And in my spare time I would also like to spend a little bit more time giving back to the community. And one of my many titles or projects that I'm dealing in the past few years is also AWS Community Builders. I have been chosen to represent one of the my most like domains, which is security. And I think that I will bring many nice news for the month of October 2024.
[00:01:39] Speaker A: Okay, so usually we're splitting the conversation between cybersecurity and cloud and since as you mentioned, you're in between both domains, let's begin. What are your news for October 2024?
[00:01:54] Speaker B: Absolutely. AWS Security is bringing many news in many different domains. I would like to stop a little bit on one of the main events coming up for this year from AWS, which is the RE 2024 security sessions. So AWS is preparing for its RE conference that's coming up in December and many of the topics that we're going to be highlighted into this event is going to be the protection of sensitive data. There is to be a lot of sessions such as SE C303 which will discuss how to protect data in generative AI architectures. Here I'd like to notice that this is going to be done using anonymization and standardization and also privacy preserving techniques. One of the other sessions that's going to be talked about, we are waiting for this one especially me, is going to be AI and network security.
AWS is going to be presenting best practices for for securing networks used in generative AI applications, of course, emphasizing resilient and defense in depth architectures that's going to prevent data leaks and intrusions and Another one of the domains is going to be prompt injection protection. So that's all for me for now. I'd like to give the word back to you and come back with some more news.
[00:03:23] Speaker A: Thank you.
[00:03:24] Speaker C: Thank you so much.
[00:03:26] Speaker A: Russ. Cybersecurity news from your side.
[00:03:30] Speaker C: Wow, it's so tough to do it after. Angie, thank you so much for joining us today.
And I'm so happy to have another angle, another direction of how we can consume news.
So lovely to have you here. Thank you for coming.
Okay, let's jump to one of my favorite topics, authentication. So our favorite vendor, Okta, guess what? Another vulnerability, identity and access management is one of the top priorities. So on September 27, 2024, this vulnerability was disclosed by Okta and it's actually presented by some of the companies or researchers that did it already in July, meaning only two months after Okta disclosed the vulnerability. Although the fact that some researchers already found it in July and guess what, only in the beginning of October they decided to patch it. But till then, what they told the customers hey, you need to monitor your logs. Maybe you're going to be and watching some suspicious activities, which is nonsense.
Hey, you need to make sure that our identities are securing our companies and we need to be sure that we trust our vendors. One of the let's go a bit tactical inside what the researchers actually reveal. One of them is that which is a bit like funny is that only if the account user have over 52 characters then you can actually attack it or do a privilege access.
However, this is not only the first, the only case for that according to other nodes is that you as an attacker will also be able to cache previous successful login from the organization. Take understand words and what was the conditions, what was the password, the username and then you can reuse it. The way that Okta presented to the customers how to be more preventive is surprise surprise, use multifactor authentication. Anyway, anyway, it was patch first of the month like a month ago, almost a month ago. In the beginning of the month make sure you have the patch. Make sure using multifactor authentication. Which actually give me a segue to a very nice discussion we had in the uk the National Cybersecurity center. They say after a huge research that we did, multifactor authentication is not longer enough to mitigate threats. So hey, I want to take my head and slam it into the wall. Because first Okta say hey, you need to use MFA in order to be more secure and then cybersecurity center as a vendor. Yeah, and this is the reason for us as a practitioners as one that actually need to protect the business like it makes such a confusion, especially if you live in the uk. I'm just joking.
But the thing is that they say MFA is very diverse. It's not in general saying MFA and just implement. You need to make sure you're following the guidelines. Meaning that for your network, for your end user, for your mobile devices, there are different types of mechanism. There are different types of authentication. For instance, if you're using as a multifactor authentication SMS passwords. We all know there is lots of different attacks for hijacking sms. For SIM swap, by the way, use EIM command, switch to ESIM enough with this same, you know, physical thing, it's better secure, it's much more unique.
So let's make it like very short the mfa. What the National Security National Cyber Security center, which is NCSC warns in short, they say MFA is effective only if user understand how to authenticate correctly and use it on the right way to verify legitimate access.
The NCSA is actually updating a guideline. So if you want to go we have like in the. In the episode notes we have the links you can go to the guidelines, follow up them and make sure you actually using the MFA right Next.
I always like to have like a funny headlines. Maybe because I'm in Singapore and I like Asia and I just came back from Vietnam. If you're following my my running videos which was like amazing trip by the way opened my mind for such a mental health. But now I want to jump sometime you do a mental break just to do to. To play with your Nintendo for instance. So for sure you know Pokemon. So guess what? Pokemon is not alone. He already got hacked. So Pokemon game developer breach the game freak, which is the developer of Pokemon was hacked earlier this year. The breach affected 2600 current former employees exposing personal information such as names and emails. Meaning the attack was directly to the company employees. The company is the gaming company.
Meaning that if you are playing with Pokemon, you are not exposed to this attack. Just to clarify, this was against the company. I guess that the attackers was also from the east side of the world. I'm not going to mention names, but I guess they like to make much more competitive games.
And the last one before I'm going to go back to you Eyal for the cloud security the giant the big company dev vendor Cisco they confirm data exposure of hackers claim Bridge and that investigated public devop public meaning Cisco and other big companies they are not are they are not always protecting their assets. They are not have the full capability to to defend themselves and the attackers know it and they want their information. Why supply chain attack if they have an access to Cisco if they have access to their data and the source of data it's going to be easier and maybe give them the capability to do a better discovery in the supply chain attack because lots of customers around the world using Cisco so Cisco is a nice target to have. So what actually happened? The attacker claims on October 14 which is almost like two, two weeks ago ish the attacker name was Intel Broker which is like come on, give me such a more creative name Intel Broker, you know claim to have Bridge Esco system the hacker align access to sensitive data including source code, credentials and confidential documents meaning that he wants to improve as I mentioned before his supply chain attack capabilities.
Cisco respond Cisco confirmed the incident but clarify their internal system was not compromised Conflict the attacker said yes, Cisco said no source of the data exposed that the data came from Cisco public facing DevOp environment meant as a customer resource center and what are the actions we're taking? So Cisco disclosed a public access to affected Dev Hub site and launch an investigation Meaning they want to say there is no evidence found to expose evolving sensitive personnel financial information.
I think there are lots of information that was not disclosed but this is only my opinion and my observation.
Thank you. And back to you Ayan.
[00:12:21] Speaker A: Do you think they managed to hack their development environment for as I said for supply chain attack meaning putting some malicious code inside one of their application that eventually we will be deployed at customer side could be.
[00:12:37] Speaker C: This is what I understand because the Dev Hub is kind of, you know, kind of developers could be different type of attack vectors. So it's either via there or either via going and find vulnerability on one of other services that Cisco providing to other customers. We don't know.
We're going to know the moment we're going to read for the new Bridge using Cisco vulnerability.
[00:13:07] Speaker B: I also would like to add that you guys are bringing us very wonderful news from the world of cybersecurity but it looks a bit negative and I would like to add that our world is also full with great positive news and many of them are coming from aws. They're adding a lot of layers of protection. I would like to highlight two of our recent news on this topic. For example Route 53 DNS over HTTPs now has and also they are adding TLS inscription to DNS queries. This is a great news for everyone who is using the services and is profiting from them. And I would also like to say that this enhancement especially is designed to protect DNS traffic from eavesdropping and interception, and it's offering many customers improved privacy for both inbound and also outbound DNS resolution. And in addition to that, I would also like to bring another very positive news on this side. AWS has also recently expanded its compliance offerings yet great news because it's covering about around 170 AWS services and I can include here perhaps app Fabric or Clean rooms. And also the services now hold a Trust certification.
[00:14:40] Speaker C: Thank you, thank you.
[00:14:42] Speaker A: So we've been talking a lot about aws, so I'll try to make sure Just one announcement from the past month so AWS Amplify Hosting now integrates with Amazon S3 to seamlessly host static website content stored on S3 with just few clicks. This new integration simplifies the process of hosting static websites on AWS, combining the storage capability of S3 with the hosting and management feature of Amplify Hosting. This integration offers several key features and benefits such as seamless hosting meaning user can now host static website content in S3 buckets with just a few clicks using Amazon Amplify hosting simplify deployment can select the location of their objects within S3 bucket, deploy content to a managed CDN and generate a public HTTPs URL for worldwide accessibility and easy updates. The service remembers the connection between the S3 bucket and deploy tight, allowing simple one click updates when changes are made to the website content in the S3 bucket like automated CI CD process for deployment of new websites.
Moving on TO Azure Azure Coblet 100 based virtual machines are now generally available. Microsoft has announced the general availability of Azure Cobalt one hand based virtual machines. Some of the key features are custom designed CPUs. These VMs run on Microsoft first 62 bit ARM based Azure Cobalt 100 CPU. This is their first ARM based CPUs. It offers performance improvements. The new VMs offer 50% better price performance than previous generation home based VMs.
Another announcement from Microsoft is they're announcing the general availability of Microsoft ExpressRoute Metro. ExpressRoute Metro is high resiliency configuration designed to provide multi site redundancy. Some of the key features of the ExpressRoute Metro includes dual home connections, the two distinct ExpressRoute peering location within the same city and seamless connectivity from the on prem environment to Azure resources through an ExpressRoute circuit with the assistance of a connectivity provider or with Express Direct.
So interesting announcement like expansion of the ExpressRoute in AWS they call it Direct Connect in Google. It's Google interconnect, same concept. ExpressRoute has been with us for nearly 10 years. Maybe a little bit more less than this, but this is more expansion for the highly resiliency design.
Moving on to Google Cloud so Google announced the Google Privilege Access Manager or PAM which is now generally available.
Google Cloud PAM is a service designed to control and manage temporary privilege elevation for selected users.
Some of the key features and capabilities Entitlement creation meaning administrators can create entitlements that specify who can request elevated access, what roles are granted and for how long.
Just in time access like the Azure has the Azure just in time access. Now Google has it as well. Time allows for temporary elevation of privileges granting access only when needed and for a limited time duration and approval workflows. So the optional approval processes can be set up designated approvers or let's say managers to review and authorize access requests. So this is like specific service designed for security in another domain. But still on Google Cloud we have Google introduced the Cost Attribution solution. The Cost Attribution solution is a comprehensive suite of tools and best practices designed to help organization better manage and understand the cloud cost.
Some of the key features and benefits of this specific service Label based cost tracking the solution leverage Google Cloud's labeling feature or in avatar providing usually correct tagging allowing users to attach key value pairs to resources for granular cost breakdowns Customizable reports Organization can generate tailored reports to analyze cost by department, project phase or other custom criteria. Usually I would say dev test and pro usually and expert support. So this is a unique capability Google Cloud consulting phenops experts can assess needs and help integrate the solution across an organization.
So these are all the cloud related news.
Anything else before we wrap up this session today?
[00:20:30] Speaker C: Sounds exciting. I love the Privilege access management. I'm going to check it see what's the JIT is over there. Just in time. Very curious but thank you for sharing that.
[00:20:42] Speaker A: It was in preview release for I don't know, few months if I can recall. Now it's been generally available raising the bar in terms of security. So good work Google.
Angie, something for your side.
[00:20:58] Speaker B: Absolutely has been very insightive. The whole month of October 2024 we have had many different events also touching the many girls that are entering cybersecurity. I've had many conferences that have honored a hundred women leaders in cybersecurity in and Security Forum Power 100 list and also yes girls are taking over hopefully also we have many women in leadership in AI driven security solutions in leadership positions such as great companies as IBM, Palo Alto Networks, of course, and sentineland one. And to wrap it up, I would also like to thank you guys for inviting me one more time and make sure that everyone follows us in our socials, Follows us on LinkedIn for more updated and daily content. And thank you.
[00:21:56] Speaker A: Yeah. So everyone, thank you everyone for joining October's Monthly News. As everybody said, we're available on many of the social medias from LinkedIn, Facebook, Blue Sky, Medium so in many naturally, and Twitter X.
So feel free to follow us, provide us details, feedback about this lecture or whatever topic you want to hear in the future.
See you in the next lecture in the next episode. Bye.
[00:22:34] Speaker C: Be safe. Bye.
