#8 - GameOverlay – privilege escalation vulnerabilities in Ubuntu

🍿🤏 Everything you need to know about this month's cloud security drama in the latest "Crying Out Cloud" episode! In this edition, we explore THREE captivating stories 📚🔍 1️⃣ "GameOverlay" unveiled: Ubuntu's privilege escalation vulnerabilities 😱 — Wiz Research uncovered a pair of vulnerabilities that's affecting 40% of Ubuntu cloud machines! We've got the scoop on what you must know. 2️⃣ Unmasking "P2PInfect": The botnet targeting Redis! 🤖 — Ever wondered how a botnet hijacks your exposed Redis instances? Let's get into the nitty-gritty of this attack and find out how to defend your environment. 3️⃣ Jumpcloud's dance with North Korea: A supply chain saga 🕊️ -—Join us as we uncover the tale of Jumpcloud's breach and its uncanny link to North Korea. Dive deep into the investigation with us.

Important links: 1. https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability 2. https://ubuntu.com/security/CVE-2023-2640 3. https://ubuntu.com/security/CVE-2023-32629 4. https://www.cadosecurity.com/redis-p2pinfect/ 5. https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/ 6. https://www.mandiant.com/resources/blog/north-korea-supply-chain 7. https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/ 8. https://jumpcloud.com/blog/security-update-incident-details 9. https://jumpcloud.com/support/july-2023-iocs 10. https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/ 11. https://blog.phylum.io/sophisticated-ongoing-attack-discovered-on-npm/