Risky Business
Risky Business #821 -- Wiz Researchers Could Have Owned Every AWS Customer
Risky Business
•January 21, 2026•1h 4m
0
Risky Business•Jan 21, 2026
Why It Matters
These stories illustrate how geopolitical tensions, cloud misconfigurations, and legacy vulnerabilities can converge to create widespread security risks, underscoring the need for vigilant patch management and robust cloud governance. Understanding these developments helps listeners grasp the real‑world impact of cyber threats on both national security and everyday technology.
Key Takeaways
- •Wiz found regex flaw granting admin access to AWS accounts
- •CISA mandated patch for Windows ALPC leak, breaking shutdown
- •Jen Easterly’s RSAC leadership sparks federal attendance ban controversy
- •Venezuelan coup speculation highlights cyber’s role in modern operations
- •Cyber intelligence prioritized over direct effects in high‑risk raids
Pulse Analysis
The episode’s headline story centers on Wiz’s discovery of a subtle yet critical flaw in AWS CodeBuild’s continuous‑integration pipeline. By exploiting an unanchored regular‑expression check, researchers could register a GitHub account whose identifier contained an allowed substring, triggering builds and ultimately gaining admin rights to every AWS console repository. This vulnerability illustrates how a single CI misconfiguration can expose the entire cloud ecosystem, underscoring the need for rigorous code‑review, hardened access controls, and proactive monitoring of supply‑chain components in modern DevOps environments.
Another focal point is the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) directive to patch a Windows Desktop Window Manager bug that leaked memory across ALPC channels. While the CVSS 5.5 vulnerability was actively exploited in the wild, the mandatory update introduced an unexpected side effect: systems could no longer shut down cleanly. The incident highlights the delicate balance between rapid vulnerability remediation and operational stability, especially for federal agencies that must comply with centralized patch mandates. It also serves as a reminder that even mid‑severity flaws can have outsized impact when they affect core OS functions.
The conversation then shifts to the political fallout surrounding Jen Easterly’s appointment as RSAC conference CEO, prompting a blanket ban on federal attendance. This move reflects broader tensions between government officials and the cybersecurity industry, while the discussion of the Venezuelan presidential raid demonstrates how cyber intelligence, rather than direct cyber attacks, often underpins high‑stakes operations. Listeners are left with a clear message: robust CI security, disciplined patch management, and an appreciation for cyber‑intelligence’s strategic value are essential for protecting both cloud infrastructure and national security interests.
Episode Description
In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.
This week news includes:
Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?
US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad
MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down
Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console
Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time
GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back
Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.
This episode is also available on Youtube.
Show notes
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica
Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute
Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED
Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW
Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News
Windows 11 shutdown bug forces Microsoft into damage control • The Register
CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog
Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive
Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED
Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive
CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM
A single click mounted a covert, multistage attack against Copilot - Ars Technica
Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News
Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News
Supreme Court hacker posted stolen government data on Instagram | TechCrunch
oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
How crypto criminals stole $700 million from people - often using age-old tricks
Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet
Show Notes
0
Comments
Want to join the conversation?
Loading comments...