326: Oracle Discovers the Dark Side (And Finally Has Cookies)

Welcome to episode 326 of The Cloud Pod, where the forecast is always cloudy! Justin and Ryan are your guides to all things cloud and AI this week! We’ve got news from SonicWall (and it’s not great), a host of goodbyes to say over at AWS, Oracle (finally) joins the dark side, and even Slurm – and you don’t even need to ride on a creepy river to experience it. Let’s get started! 

Titles we almost went with this week

• SonicWall’s Cloud Backup Service: From 5% to Oh No, That’s Everyone
• AWS Spring Cleaning: 19 Services Get the Boot
• The Great AWS Service Purge of 2025
• Maintenance Mode: Where Good Services Go to Die
• GitHub Gets Assimilated: Resistance to Azure Migration is Futile
• Salesforce to Ransomware Gang: You Can’t Always Get What You Want
• Kansas City Gets the Need for Speed with 100G Direct Connect. Peter, what are you up too
• Gemini Takes the Wheel: Google’s AI Learns to Click and Type 
• Oracle Discovers the Dark Side (Finally Has Cookies)
• Azure Goes Full Blackwell: 4,600 Reasons to Upgrade Your GPU Game
• DataStax to the Future: AWS Hires Database CEO for Security Role
• The Clone Wars: EBS Strikes Back with Instant Volume Copies
• Slurm Dunk: AWS Brings HPC Scheduling to Kubernetes
• The Great Cluster Convergence: When Slurm Met EKS
• Codex sent me a DM that I’ll ignore too on Slack

General News 

01:24 SonicWall: Firewall configs stolen for all cloud backup customers

• SonicWall confirmed that all customers using their cloud backup service had firewall configuration files exposed in a breach, expanding from their initial estimate of 5% to 100% of cloud backup users. That’s a big difference…
• The exposed backup files contain AES-256-encrypted credentials and configuration data, which could include MFA seeds for TOTP authentication, potentially explaining recent Akira ransomware attacks that bypassed MFA.
• SonicWall requires affected customers to reset all credentials, including local user passwords, TOTP codes, VPN shared secrets, API keys, and authentication tokens across their entire infrastructure.
• This incident highlights a fundamental security risk of cloud-based configuration backups where sensitive credentials are stored centrally, making them attractive targets for attackers.
• The breach demonstrates why WebAuthn/passkeys offer superior security architecture since they don’t rely on shared secrets that can be stolen from backups or servers.
• Interested in checking out their detailed remediation guidance? Find that here. 

02:36 Justin – “You know, providing your own encryption keys is also good; not allowing your SaaS vendor to have the encryption key is a positive thing to do. There’s all kinds of ways to protect your data in the cloud when you’re leveraging a SaaS service.”

04:43 Take this rob and shove it! Salesforce issues stern retort to ransomware extort