Tracking cloud-fluent threat actors - Part one: Atomic cloud IOCs
Strategies for tracking and defending against malicious activity and threats in the cloud using atomic indicators of compromise (IOCs).
Amitai Cohen leads the Attack Vector Intel team at Wiz, managing research of emerging threats to public cloud infrastructure while supporting development of threat detection and risk mitigation capabilities. Amitai's background is in military intelligence and cyber threat intelligence analysis, working in various analysis, training, and leadership roles within IDF intelligence over a period of 15 years prior to joining Wiz. Amitai's interests include research methodology, knowledge management systems, writing, and sketching diagrams of technical concepts. Amitai is also a co-maintainer of cloudvulndb.org, an open-source project with the goal of cataloging all known cloud infrastructure vulnerabilities, and a co-host on Crying out Cloud, a cybersecurity podcast with a focus on cloud security.
Strategies for tracking and defending against malicious activity and threats in the cloud using atomic indicators of compromise (IOCs).
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.
Detect malicious hosted AI models with Wiz AI-SPM and gain confidence in the models your data scientists use
Wiz assists Incident Response (IR) and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised resources.
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.
Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently.
Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances.
Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime.
The Cloud Threat Landscape is a threat intelligence database that summarizes cloud incidents and offers insights into targeting patterns and initial access methods.
Get a sneak peek at the Wiz research team’s new report examining key observations about AI use in the cloud.
Each member of the Crying out Cloud team at Wiz shares their top stories from the past year
Wiz becomes the first CNAPP to provide AI security for OpenAI, allowing data scientists and developers to detect and mitigate risk in their OpenAI organization with a new OpenAI SaaS connector.
What is it about certain vulnerabilities that makes them especially hard to deal with, and how can vendors make things easier for security teams?
Get the tl;dr on Wiz's methodology for cloud vulnerability triage in our new report, "The good, the bad, and the vulnerable."
Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.
The Wiz research team examines Microsoft's latest Storm-0558 findings and summarizes the key learnings cloud customers should take away from the incident.
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.
Learn security best practices to deploy generative AI models as part of your multi-tenant cloud applications and avoid putting your customers’ data at risk.
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.
Some application misconfigurations are equivalent to remote code execution or information disclosure vulnerabilities, but often go unnoticed. Wiz’s agentless capabilities detect these and correlate them to attack surface and business impact risks, highlighting the most critical misconfigurations.
Since early September 2022, tens of thousands of websites aimed at East Asian audiences have been hacked, redirecting hundreds of thousands of their users to adult-themed content.
Wiz's State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. In addition, the report highlights notable cloud risks based on insights from 30% of Fortune 100 enterprise cloud environments
Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface
Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently.
On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts.
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.
Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments.
Learn how to harden your cloud environment against LAPSUS$-like threat actors