You're listening to the Cyber manage environments that you controlled.

Then came new technologies and new ways to work. Now employees, apps, and networks are everywhere.

This means poor visibility, security gaps, and added risk.

That's why Cloudflare created the first ever connectivity cloud.

Visit Cloud.com to protect your business everywhere you do business. Hello everyone and welcome to the CyberWire's research Saturday.

I'm Dave Bitner and this is our weekly conversation with researchers and analysts

tracking down the threats and vulnerabilities,

solving some of the hard problems and protecting ourselves

in a rapidly evolving cyberspace.

Thanks for joining us. So we're dealing with a lot of cloud security teams and also Dev-Ops themes with

with security teams and also Dev-O-S themes with securing the cloud and working with their

terraform and cloud formation and polemian environments. By doing that, we're

identifying many vulnerabilities and many maybe potential malicious providers and

add-ons to those systems that the security thing have no idea that they're there.

That's Senir Ben Schimall, CEO at Zest Security. The research

we're discussing today is titled How We Hacked a Cloud Production Environment by

exploiting Terraform providers.

So there is very kind of lack of visibility to those type of areas in kind of

of depth security realm and while walking with those customers we we kind of decided that

this is this is a good opportunity to share our knowledge with the community and kind of

make sure that they're all looking into those places.

Well, for people who might not be familiar with Terraform, can you give us a little description of what it's used for and the scope of its capabilities?

...