Featured
Critical and high severity Exim vulnerabilities: everything you need to know
Detect and mitigate CVE-2023-42115, and 5 more vulnerabilities in Exim. Organizations using affected configurations should mitigate and patch the vulnerabilities urgently.
Critical vulnerabilities in media libraries exploited in the wild: everything you need to know
Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.
Unveiling eBPF: Revolutionizing Security and Observability
An Introduction to Extended BPF and Its Transformative Impact.
Wiz launches support for Amazon SageMaker, helping organizations innovate faster and more securely with AI
Wiz helps accelerate the machine learning journey for practitioners by protecting their generative AI applications
Inside the vault: how financial institutions protect their cloud environments
As part of our monthly CISO webinar series, Wiz’s VP of Product Strategy, Raaz Herzberg, spoke with three security experts to learn how each of them prioritize cloud security, and how they extend the reach of good security practices across their organizations.
GAO Study Reveals: Government Faces Challenges with Continuous Monitoring
Learn how government agencies can meet the GAO’s recommended cloud security best practices by establishing continuous risk and compliance monitoring in the cloud
38TB of data accidentally exposed by Microsoft AI researchers
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
Fortify your cloud security with Wiz as it integrates with Microsoft Sentinel
Lock down your cloud infrastructure with the new Wiz integration with Microsoft Sentinel. Gain full context, support thorough investigations, and automate your response for ultimate security.
Wiz enhances real-time threat detection and response capabilities to stop threats from becoming incidents
The Wiz Runtime Sensor for Kubernetes graduates to general availability with proven ability to detect cloud attacks, greater customization for detections, and new cloud-native response capabilities
Wiz and Fortinet announce partnership to deliver cloud-native security protection
Joint customers can now detect and prioritize public exposures with Wiz and automatically remediate unwanted exposures with FortiGate NGFW.
A security community success story of mitigating a misconfiguration
Learn about the process of preventing security issues by changing things outside of your environment by looking at how a misconfiguration was occurring when Github Actions were integrated with AWS IAM roles and the improvements made that have now made this misconfiguration much less likely.
Storm-0558 Update: Takeaways from Microsoft's recent report
The Wiz research team examines Microsoft's latest Storm-0558 findings and summarizes the key learnings cloud customers should take away from the incident.
I know what you mined last summer: summarizing Summer '23 cryptomining activity
During the summer of 2023, using the Wiz Sensor, Wiz Research detected several different cryptomining campaigns targeting cloud workloads. Learn about these campaigns and their associated IoCs, and how to detect and prevent similar threats.
Recap: Wiz innovations at Google Cloud NEXT ‘23
The integration of Wiz’s CNAPP and Google Cloud helps both cloud defenders and builders improve security and innovate faster.
Docker and Kubernetes, we have got you covered: Wiz simplifies compliance and security posture management for Docker and Kubernetes environments.
Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights.
Wiz is the #1 Cloud Security Company on the 2023 Forbes Cloud 100
Wiz is the #1 cloud security company on the list and one of the biggest movers from last year, alongside OpenAI. What an honor!
5 Cloud Security Predictions for 2023
COVID's impact still resonates. Remote work, AI, and a turbulent economy have made the future unpredictable, including the future of cloud security. But we still have best practices for you! Let's examine 5 cloud security predictions to be aware of in 2023
Wiz helps organizations innovate with AI securely and responsibly, launching support for Google Cloud Vertex AI
Wiz protects AI infrastructure against cloud attacks, allowing data scientists and engineers to focus on deploying more AI applications.
The Magic of Branding: Creating an Optimistic Identity for a Security Product
In the world of security, the dominant approach to branding is often based on fear and intimidation. But at Wiz, we're taking a different approach. We believe in the power of optimism and positivity, and we're building a brand that reflects those values.
Wiz's agentless approach to cloud-native vulnerability management
Prioritize critical vulnerabilities based on business impact with Wiz’s agentless Vulnerability Management solution.
GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads
Wiz Research discovered CVE-2023-2640 and CVE-2023-32629, two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu affecting 40% of Ubuntu cloud workloads.
Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.
Top 16 cloud security experts you should follow in 2023
Handpicked by our research team: The annual list of 16 thought leaders you need on your feed.
Streamline Software Bill of Materials (SBOM) Generation with Wiz's Agentless SBOM
Enhance software security and supply chain risk management with Wiz's agentless scanning technology for effortless SBOM creation
Compromised Microsoft Key: More Impactful Than We Thought
Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.
Kubernetes API limitations in finding non-standard pods and containers
Gain a deeper understanding of why it's essential to monitor non-standard pods and containers, including static pods, mirror pods, init containers, pause containers, and ephemeral containers within your Kubernetes environment.
How to get rid of AWS access keys – Part 3: Replacing the authentication
In the earlier posts in this series, we showed not only how to get rid of unused access keys, but also how to minimize risk by applying a least-privilege strategy. In this final post, we’ll at last get into the discussion of alternative solutions to using access keys.
PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer
PyLoose is a newly discovered Python-based fileless malware targeting cloud workloads. Get a breakdown of how the attack unfolds and the steps to mitigate it.
Linux rootkits explained – Part 1: Dynamic linker hijacking
Dynamic linker hijacking via LD_PRELOAD is a Linux rootkit technique utilized by different threat actors in the wild. In part one of this series on Linux rootkits, we discuss this threat and explain how to detect it.
How to get rid of AWS access keys – Part 2: Reducing Privileges
In the previous post in this series, we discussed how to do some basic cleaning of AWS access keys. In this post, we’ll show how to reduce the privileges in order to mitigate their risk.
How to leverage generative AI in cloud apps without putting user data at risk
Learn security best practices to deploy generative AI models as part of your multi-tenant cloud applications and avoid putting your customers’ data at risk.
Wiz becomes the first CNAPP to provide end-to-end cloud forensics experience
Wiz helps simplify incident response in the cloud for faster investigation of security incidents.
Wiz at Re:Inforce 2023
See what is new with Wiz at Re:Inforce and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments.
Winning together with Wiz: Introducing the Wiz Integration (WIN) platform for greater agility and flexibility to build best-of-breed cloud security programs
New integrations with industry-leading partners make Wiz the most composable and extensible cloud security platform in the market.
Kubernetes Grey Zone: Risks in Managed Cluster Middleware
Are your managed Kubernetes clusters safe from the risks posed by middleware components? Learn how to secure your clusters and mitigate middleware risks.
Crying Out Cloud: a magical podcast for cloud security enthusiasts
Join us for game-changing news, unique Wiz insights, and battle-tested advice from industry experts. Stay ahead of the cloud curve with our latest episodes and navigate the complex world of cloud security.
Three tips for building your CISO career in today’s evolving security industry
CISOs share how to build effective, collaborative teams and land your next role.
Wiz for CSPM: A modern approach to cloud security
Reduce noise of traditional CSPM tools with context-based deep risk assessment, enabling you to prioritize the misconfigurations that put your environment at critical risk.
The Big IAM Challenge: Test Your Cloud Security Skills
Put yourself to the test with our unique CTF challenge and boost your AWS IAM knowledge. Do you have what it takes to win The Big IAM Challenge?
Ta-da! Wiz launches Runtime Sensor to provide real-time detection and response
Agentless visibility and risk assessment paired with Wiz Runtime Sensor real-time detection for the best of both worlds
CTO Point of View: Why Wiz is launching a Runtime Sensor
Today we are excited to announce the Wiz Runtime Sensor. The sensor collects signals in real-time from the workload runtime to simplify threat detection and response in the cloud as part of our Cloud Detection and Response (CDR) capabilities.
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.
How to get rid of AWS access keys- Part 1: The easy wins
Learn how to identify unused and unnecessary long-lived IAM User access keys.
Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments
This blog post will discuss lateral movement risks from on-prem to the cloud. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
Exploitable and unpatched KeePass vulnerability: everything you need to know
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
Wiz Receives 2023 Global Cloud Security Entrepreneurial Company of the Year Award
Frost & Sullivan applauds Wiz for its innovation and impact in the cloud security industry.
Top Security Talks from KubeCon Europe 2023
KubeCon Europe is the largest open-source community conference in Europe with hundreds of talks. We picked our favorite Kubernetes security sessions available online.
How to monitor, detect, and respond to cloud data risks faster with built-in security controls for cloud events
Wiz for DSPM: Additional enhancements to help you correlate suspicious events related to unprotected data in near real-time.
Here's what security teams need to know about the new Biden-Harris National Cybersecurity Strategy
The release of the National Cybersecurity Strategy by the Biden-Harris Administration is a significant development that will have an impact on security teams across the United States. What does it say?