146: The Google CyberCAT is Out of the Bag

tcp.fm
tcp.fm
146: The Google CyberCAT is Out of the Bag
146 The Google Cybercat Is Out Of The Bag
/
68 / 100

On The Cloud Pod this week, Oracle finally has some news to share. Plus Log4j is ruining everyone’s lives, AWS suffers a massive outage post re:Invent, and Google CAT releases its first threat report. 

A big thanks to this week’s sponsors:

  • Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure.
  • JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. 

This week’s highlights

  • 🚨 A critical vulnerability in Apache Log4j wrought havoc over the weekend. Cloud platforms and developers alike are racing to fix the bug, which gives hackers an opportunity to take control of systems remotely. 
  • 🚨 On the heels of re:Invent, AWS suffered a major outage last Tuesday in its US-EAST-1 region, which had staggering repercussions across the cloud. 
  • 🚨 Google Cybersecurity Action Team (CAT) releases its first Threat Horizons report, revealing its top three concerns threatening cloud users today.  

Top Quotes  

  • 💡 “It’s amazing how much of our infrastructure and applications live on these open source contributions of one or two people, and how critical they are to the entire ecosystem. And when they break or they’re vulnerable, it becomes a huge issue for us very quickly.”
  • 💡 “Think about what Microsoft did: They started signing device drivers and signing applications that run in Windows, and everyone thought Oh, they’re just exerting control, what a terrible idea. They’re just trying to corner the market. And now, of course, 15 years later, binding authorization is probably the most critical next step in securing the cloud.”

General News: The Log4j Vulnerability is COVID for Tech

  • 🔥 In light of the critical Apache Log4j 2.0 vulnerability that gives attackers the ability to to execute arbitrary code on other systems, AWS has released a hotpatch for the logging platform. The aim is to help developers mitigate risk as they work to update their systems to 2.15 or newer. 
  • VentureBeat reminds us that while the Log4j debacle is bad, at least organizations now have tools and processes in place to respond quickly to zero-day bugs. 
  • GCP has released a set of recommendations for those who are investigating and responding to the Log4j 2.0 vulnerability. 
  • 🔎 To help customers detect whether their systems have been compromised by the Log4j bug, Google has updated its IDS signature to automatically scan for any Log4j exploit attempts. 
  • 🛡️ Google creates a new Web Application Firewall (WAF) rule to detect and block Log4j exploit attempts by attackers. 

AWS: What Better Way to Follow Up re:Invent Than With a Giant Outage?

GCP: Google CAT Identifies What You Should Really be Worried About

Azure: Azure in Space: For All of Your Interplanetary Computing Needs

  • 🚀 Azure is entering the space race with Azure Orbital (now in preview). This new feature includes capabilities like satellite communication, enhanced imagery with SpaceEye, and new geospatial and data analytics. 
  • 🎅 With the Red Hat Ansible Automation Platform on Azure, users can more easily automate Red Hat Enterprise Linux (RHEL) deployments without needing to install and configure their core Ansible infrastructure. 
  • 📈 Now in preview, Azure Load Testing is a fully managed service to help developers optimize and scale app performance, by generating high-scale load with custom Apache JMeter scripts. 
  • Azure has added new features to Azure Virtual WAN, including two new partners — Fortinet and Versa — to expand SD-WAN capabilities, branch connectivity, custom traffic selectors, and more. 

Oracle: Breaking News: Oracle has Finally Fixed its RSS Feed

  • 🤝 Someone working at Oracle must listen to The Cloud Pod, because Justin is now receiving Oracle news! Oracle announces that more startups are choosing Oracle Cloud Infrastructure (OCI) over other cloud platforms, citing customers that no one has ever heard of like Aleph Alpha and Aindra Systems. 
  • 🗣️ While on an Oracle earnings call after the AWS outage, Oracle Chairman Larry Ellison took the opportunity to quote a (definitely real) anonymous customer who told him “Oracle never ever goes down” — never mind the five incidents that have happened since December 8th. 
  • 💻 Oracle releases OCI DevOps Service, an end-to-end CI/CD platform where developers can commit their own source code to a repository, build and test software artifacts, and run deployments to OCI platforms.

TCP Lightning Round

⚡ Even though Justin wrote all the lightning round one-liners, Jonathan manages to win the point, making the scores Justin (17), Ryan (12), Jonathan (14), Peter (2).

Other Headlines Mentioned:

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.