October 14, 2025

326: Oracle Discovers the Dark Side (And Finally Has Cookies)

50 minutes

Welcome to episode 326 of The Cloud Pod, where the forecast is always cloudy! Justin and Ryan are your guides to all things cloud and AI this week! We’ve got news from SonicWall (and it’s not great), a host of goodbyes to say over at AWS, Oracle (finally) joins the dark side, and even Slurm – and you don’t even need to ride on a creepy river to experience it. Let’s get started!

Titles we almost went with this week

SonicWall’s Cloud Backup Service: From 5% to Oh No, That’s Everyone

AWS Spring Cleaning: 19 Services Get the Boot

The Great AWS Service Purge of 2025

Maintenance Mode: Where Good Services Go to Die

GitHub Gets Assimilated: Resistance to Azure Migration is Futile

Salesforce to Ransomware Gang: You Can’t Always Get What You Want

Kansas City Gets the Need for Speed with 100G Direct Connect. Peter, what are you up too

Gemini Takes the Wheel: Google’s AI Learns to Click and Type

Oracle Discovers the Dark Side (Finally Has Cookies)

Azure Goes Full Blackwell: 4,600 Reasons to Upgrade Your GPU Game

DataStax to the Future: AWS Hires Database CEO for Security Role

The Clone Wars: EBS Strikes Back with Instant Volume Copies

Slurm Dunk: AWS Brings HPC Scheduling to Kubernetes

The Great Cluster Convergence: When Slurm Met EKS

Codex sent me a DM that I’ll ignore too on Slack

General News

01:24 SonicWall: Firewall configs stolen for all cloud backup customers

SonicWall confirmed that all customers using their cloud backup service had firewall configuration files exposed in a breach, expanding from their initial estimate of 5% to 100% of cloud backup users. That’s a big difference…

The exposed backup files contain AES-256-encrypted credentials and configuration data, which could include MFA seeds for TOTP authentication, potentially explaining recent Akira ransomware attacks that bypassed MFA.

SonicWall requires affected customers to reset all credentials, including local user passwords, TOTP codes, VPN shared secrets, API keys, and authentication tokens across their entire infrastructure.

This incident highlights a fundamental security risk of cloud-based configuration backups where sensitive credentials are stored centrally, making them attractive targets for attackers.

The breach demonstrates why WebAuthn/passkeys offer superior security architecture since they don’t rely on shared secrets that can be stolen from backups or servers.

Interested in checking out their detailed remediation guidance? Find that here.

02:36 Justin – “You know, providing your own encryption keys is also good; not allowing your SaaS vendor to have the encryption key is a positive thing to do. There’s all kinds of ways to protect your data in the cloud when you’re leveraging a SaaS service.”

04:43 Take this rob and shove it! Salesforce issues stern retort to ransomware extort

...more

View all episodes

By Justin Brodley, Jonathan Baker, Ryan Lucas and Matthew Kohn

4.9

3434 ratings