"AWS Identity Misconfigurations: We will show how attackers abuse simple setup errors in AWS identities to gain initial access without stealing a single password. Hiding in AI Models: You will see how adversaries mask malicious files in production by mimicking the naming structures of your legitimate AI models. Risky Kubernetes Permissions: We will examine "overprivileged entities"-containers that have too much power-and how attackers exploit them to take over infrastructure."
"The core issue with these threats is the visibility gap. Often, the Cloud team builds the environment, and the SOC (Security Operations Center) monitors it, but neither side sees the full picture. In this webinar, we will demonstrate how Code-to-Cloud detection fixes this. We will show you how to use runtime intelligence and audit logs to spot these threats early."
Attackers increasingly exploit configuration, identity, and code weaknesses to access cloud resources without obvious signs. Key vectors include AWS identity misconfigurations that allow initial access without stolen passwords, adversaries hiding malicious files by mimicking AI model naming, and overprivileged Kubernetes containers that enable infrastructure takeover. A major problem is the visibility gap between cloud engineering and SOC monitoring, creating blind spots. Correlating runtime intelligence with audit logs via Code-to-Cloud detection can close those gaps. Defenses include auditing cloud logs, enforcing least-privilege permissions, monitoring model inventories, and instrumenting runtime telemetry.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]