Featured
Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments
This blog post will discuss lateral movement risks from on-prem to the cloud. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
Exploitable and unpatched KeePass vulnerability: everything you need to know
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
Wiz Receives 2023 Global Cloud Security Entrepreneurial Company of the Year Award
Frost & Sullivan applauds Wiz for its innovation and impact in the cloud security industry.
Top Security Talks from KubeCon Europe 2023
KubeCon Europe is the largest open-source community conference in Europe with hundreds of talks. We picked our favorite Kubernetes security sessions available online.
How to monitor, detect, and respond to cloud data risks faster with built-in security controls for cloud events
Wiz for DSPM: Additional enhancements to help you correlate suspicious events related to unprotected data in near real-time.
Here's what security teams need to know about the new Biden-Harris National Cybersecurity Strategy
The release of the National Cybersecurity Strategy by the Biden-Harris Administration is a significant development that will have an impact on security teams across the United States. What does it say?
How to supercharge collaboration between your security, development, and DevOps teams
Industry-leading CISOs share advice and best practices to break down internal barriers and reinforce cloud security
How secure is your public cloud? Quick wins & best practices
What is cross-tenant risk? How do you spot vulnerabilities? And how can the famous PEACH framework help?
How to put your organization’s cloud security strategy into action
CISOs of Paramount, Aon and Wiz reveal their secrets for creating a future-proof approach to cloud security.
Deloitte and Wiz Announce a Strategic Alliance to Help their Mutual Clients Accelerate Digital Transformation with a Modern Cloud Security Strategy
New alliance to enable organizations to proactively identify, prioritize, remediate, and prevent risks in their cloud.
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack
Wiz: First agentless cloud security vendor to attain CIS SecureSuite Vendor Certification for cloud-managed Kubernetes
Confidently ensure your Kubernetes environments are compliant with CIS Benchmarks for cloud-managed Kubernetes. Quickly generate compliance reports and remediate any issues without hassle.
Wiz is on the FedRAMP Marketplace
What our “in process” milestone means, and why it’s great news for the public sector.
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.
Five ways to bolster security as cloud environments and budgets come under attack
Security experts share their insights for securing cloud environments as the pace and scale of threats accelerates.
Why data security capabilities should be integrated with CNAPP
To get ahead of data exposure in the cloud, CNAPPs need to understand data risks at scale.
How CNAPPs identify and prioritize excessive risk in a single platform, according to Gartner®
Insights from the March 2023 Gartner Market Guide for CNAPP
Intro to forensics in the cloud: A container was compromised. What’s next?
Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example.
BingBang: How a simple developer mistake could have led to Bing.com takeover
How a misconfiguration in a Microsoft Bing.com application allowed Wiz Research to modify Bing’s search results – and potentially compromise the private data of millions of Bing users
BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover
How Wiz Research found a common misconfiguration in Azure Active Directory that compromised multiple Microsoft applications, including a Bing management portal
Partnering and prioritization: Lessons learned when building security operations at hyperspeed
CISOs share their experiences ensuring security in fast-growth environments.
Everything you ❤ about Wiz, now deployed in a new Canadian data center
Wiz launches a new Canadian data center and adds support for CSE Information Technology Security Guidance (ITSG) 33 framework helping organizations simplify cloud security and compliance.
Detect critical application misconfiguration risks
Some application misconfigurations are equivalent to remote code execution or information disclosure vulnerabilities, but often go unnoticed. Wiz’s agentless capabilities detect these and correlate them to attack surface and business impact risks, highlighting the most critical misconfigurations.
Using Service Control Policies to protect security baselines
Service Control Policies (SCPs) can be a great way to prevent actions from happening in AWS accounts. In this post, we will illustrate a specific use case of SCPs that protects the security baseline, or landing zone, configuration you’ve created for accounts
Shift left with Wiz Guardrails: New Wiz Admission Controller capabilities enable security policy checks at deployment time
Wiz CLI and Wiz Admission Controller enable developers to leverage a single security policy throughout the software pipeline for cloud-native environments.
Compliance made easy with Wiz
Stay compliant with Wiz’s 100+ compliance frameworks, generate quick compliance reports, and remediate issues faster with remediation guidance and auto-remediation.
CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know
CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately.
From Pod Security Policies to Pod Security Standards – a Migration Guide
Pod Security Policies were removed in Kubernetes v1.25 — learn how to migrate from Pod Security Policies to Pod Security Standards
Wiz enhances its industry leading data security solution with broader cloud data coverage and customizable platform capabilities
Wiz for DSPM, now generally available, helps customers reduce the time it takes to discover and fix cloud data exposure before it becomes a costly breach
Wiz and SentinelOne announce exclusive partnership to deliver end to end cloud security
Leading cybersecurity companies partner to increase customer value and disrupt the enterprise security industry
The benefits of a customer-centric cloud security mindset
Why a customer focus unlocks new levels of innovation and enables security team success
Securing a successful merger: Insights from MGM Studios
Hear from John Visneski, CISO of MGM Studios about how the organization fosters collaboration and transparency across business units using Wiz.
What are the biggest cyberthreats heading our way in 2023?
Wiz and Procter & Gamble experts share their security insights and tips
Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites
Since early September 2022, tens of thousands of websites aimed at East Asian audiences have been hacked, redirecting hundreds of thousands of their users to adult-themed content.
Enhanced policy management with GitOps and Terraform
Wiz announces new GitOps workflows and Terraform provider, enabling customers to manage policies as code.
Wiz becomes the world’s largest cybersecurity unicorn
Just three years since its launch, Wiz becomes the world’s largest cyber unicorn and fastest SaaS company to reach a $10B valuation
Lateral movement risks in the cloud and how to prevent them – Part 3: from compromised cloud resource to Kubernetes cluster takeover
In this third blog post, we will discuss lateral movement risks from the cloud to Kubernetes. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
A Brief History of Wiz Socks
From the Big Bang to Leonardo da Vinci, these socks have protected the cloud throughout history.
Adapt to endure: navigating the current economic environment
Learn how CISOs are preparing for what’s ahead by embracing consolidation and continuing to invest in security.
Let it snow! Wiz and Snowflake join forces to power insights with actionable intelligence
Automatically push Wiz-identified cloud security issues to Snowflake to analyze and accurately report on your cloud security metrics.
Ransomware attacks targeting VMware ESXi servers: everything you need to know
Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise.
The State of the Cloud 2023
Wiz's State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. In addition, the report highlights notable cloud risks based on insights from 30% of Fortune 100 enterprise cloud environments
Getting started with Open Policy Agent (OPA) to improve your cloud security
Learn Rego basics from Wiz to express policy as code for your cloud security.
Wiz and AWS CloudTrail Lake: Cloud security and compliance posture audits made easy
Simplify and centralize security and compliance management by sending audit-worthy events from Wiz into AWS CloudTrail Lake.
Streamlining OS and Application Hardening: Revealing Misconfigurations with Wiz’s Agentless Custom Host Configuration Rules
Shell commands that once had to be run manually now can be coded into a custom rule and run daily using Wiz agentless workload scanning.
Enhancing Kubernetes security with user namespaces
Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25.
Unleashing the Power of No-Code Automation for Cloud Security with Wiz and Tines
The Wiz and Tines partnership empowers organizations to protect their cloud infrastructure at scale with no-code automation.
CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know
Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel (CWP) unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently.
Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident
Learn how to detect malicious persistence techniques in AWS, GCP & Azure after potential initial compromise, like with the CircleCI incident
Wiz launches Australia cloud data center further demonstrating commitment to ANZ and multinational organizations
Wiz announces availability of new regional data center and adds support for Essential Eight controls.
New Year’s Resolutions: Where CISOs plan to invest and scale back in 2023
Hear from security leaders about their plans, strategies, and priorities for the new year.
Lateral movement risks in the cloud and how to prevent them – Part 2: from compromised container to cloud takeover
In this second blog post, we will discuss lateral movement risks from Kubernetes to the cloud. We will explain attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environments and mitigate risk.
Malicious PyTorch dependency 'torchtriton' on PyPI: everything you need to know
The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys.
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know
Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.
OWASSRF, a new exploit for Exchange vulnerabilities, exploited in the wild: everything you need to know
A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently.
Automatically discover and secure your APIs with Wiz Dynamic Scanner
Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs
Wiz introduces Dangling Domain Detection to help you prevent subdomain takeovers
Easily detect dangling domains to reduce the risk of phishing campaigns and cookie harvesting of organization’s customers.
Wiz enhances dynamic scanner to analyze and validate external exposure
Wiz extends its cloud analysis with an external scanner, giving customers an attacker's view of their externally exposed resources to reduce noise.
Use cases for Delegated Administrator for AWS Organizations
Learn about how AWS's recently released Delegated Administrator for AWS Organization can be used to solve common problems at your company and the issues you might run into with it.
Introducing PEACH, a tenant isolation framework for cloud applications
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface
CVE-2022-27518 exploited in the wild by APT5: everything you need to know
Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently.
Secret-based cloud supply-chain attacks: Case study and lessons for security teams
CI/CD pipelines, as an essential part of the software development process, are an attractive target to malicious actors. Based on our research of cloud environments, we share common misconfigurations and provide tips on how to remediate them in order to prevent supply-chain attacks.
Introducing Azure Least Privilege: Enforce least privilege access for Azure environments
Wiz extends its CIEM capabilities to enable least privilege access for Azure environments.
Top Security Talks from AWS re:Invent 2022
AWS re:Invent is the largest conference of the year for Amazon Web Services (AWS) with hundreds of talks. We picked our favorite cloud security talks that are available online.
Uncover what is really deployed in your environment with the enhanced Wiz inventory
Wiz adds full detection of cloud services for deeper visibility and control over shadow IT.
Navigating the road ahead for CISOs following the Uber verdict
Hear from industry experts to understand the challenges ahead and best practices CISOs can follow to avoid issues in the future.
Wiz introduces agentless solution for detecting host and application misconfigurations
Wiz extends its risk assessment to support host and application level misconfigurations, enabling customers to ensure security and compliance posture for applications.
Giving thanks for a more secure cloud
We'd like to take a moment this holiday season to recognize our greatest asset—our customers.
Wiz at re:Invent 2022 (event recap)
Get all the news from Las Vegas and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments.
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access
How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation
Wiz integrates with AWS Security Hub to help you better manage your AWS security posture
New integration enables AWS customers to send Wiz security issues detected in AWS resources to Security Hub.
Wiz integrates with Amazon Security Lake to improve cloud security through cloud security data sharing
New integration enables customers to consolidate security logs, run investigations and analyze security metrics in their customer-owned data lake.
Wiz and BigID expand partnership to extend visibility and control for enterprise data to prevent breaches
Deeper partnership accelerates end-to-end cloud-native data protection from discovery to enforcement.
Wiz becomes the first CNAPP to deliver integrated Data Security Posture Management
Wiz expands its platform to proactively eliminate attack paths to discovered critical data.
Wiz and Google Cloud’s Security Command Center: Modern threat detection and response rooted in risk prioritization
Fully understand the impact and architecture behind any threat to streamline and speed effective response with a first-of-its-kind integration combining the Wiz Security Graph’s deep cloud and multi-cloud risk context with Google Cloud’s Security Command Center’s advanced threat detection.
Wiz introduces VMware vSphere support to provide a unified hybrid cloud security platform
vSphere integration makes Wiz the first cloud security platform to protect both on-premises and cloud environments without an agent.
OpenSSL vulnerabilities: Everything you need to know
On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts.
Wiz rapidly finds and removes risks across the container development lifecycle and entire cloud environment
New Wiz capabilities protect containerized applications by bringing deep cloud context and visibility to quickly identify and prioritize risks across containers, Kubernetes and cloud environments without agents
KubeCon + CloudNativeCon North America 2022: Our top 10 sessions to attend
KubeCon 2022 will be full of great presentations and content. Here's our take on the conference sessions (apart from our own) that you shouldn't miss, whether you're onsite or attending virtually.
Meet Wiz at KubeCon North America
Wiz will be attending and sponsoring KubeCon for the first time and we have a lot to share regarding how enterprises can better secure their container and Kubernetes environments. Come say hi!
Lateral movement risks in the cloud and how to prevent them – Part 1: the network layer (VPC)
In this first blog post, we will introduce lateral movement as it pertains to the VPC. We will discuss attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.
Wiz Receives Morgan Stanley Innovation Award at 20th Innovation Summit
Recognition in the Cyber category honors Wiz for its exceptional technology partnership with one of the world’s leading financial institutions
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
Before it was patched, #AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required.
How Wiz and Torq Combine to Mitigate Existential Cloud Security Threats
Leonid Belkind, CTO of Torq, and Itay Arbel, PM at Wiz, explain how organizations can build a coherent Cyber Security Incident Response Plan using Wiz CDR to analyze cloud events and threat alerts in their context together with Torq's next-generation orchestration and automation capabilities.
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.
$100M ARR in 18 months: Wiz becomes the fastest-growing software company ever
Just two years since its launch, Wiz protects hundreds of the world’s leading organizations by enabling them to build faster and more securely in the cloud
Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta
Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead hyper-growth
Meet new Wiz board member Emily Heath
Q&A: Why Wiz caught the attention of DocuSign’s Former CTSO
New customers, new clouds, new challenges
Companies are turning to Wiz every day to gain instant visibility into their cloud environments.
Breaking new ground in the cloud
In just two years, Wiz helps hundreds of customers protect their cloud infrastructure and innovate more quickly. As a result, Wiz has become the fastest-growing software company ever, scaling from $1M ARR to $100M ARR in just 18 months.
Wiz debuts on Forbes Cloud 100 list
Founded in 2020, Wiz is the youngest company on the list.
Join Wiz at Black Hat 2022
Wiz is excited to be back in Las Vegas for Black Hat 2022 as a sponsor of this year's conference. At Black Hat, you'll have the opportunity to learn from our research and product experts, experience live demos in our booth, and mingle with us after the conference.
Securing Azure middleware agents with new auto-patching capabilities
Wiz finds Azure customers remain unpatched from cloud middleware vulnerability and collaborates with Microsoft to introduce an auto-patching solution against cloud middleware security issues and make the cloud safer
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI
Affected organizations are required to update installed agents that use the OMI cloud middleware software
See the best of Wiz at AWS re:Inforce
Visit our booth and attend one of our many sessions at re:Inforce this week.
Wiz CDR and Amazon GuardDuty: Contextualize and prioritize threat detection
Wiz leverages its leading Cloud Security Graph to help Cloud Defenders quickly understand, with the click of a button— what happened, where it happened, and how to respond.
Meet the Wiz Research team at fwd:cloudsec
We invite you to attend Wiz Research's four technical sessions as well as the Wiz party at Flight Club Boston.
Wiz extends CNAPP leadership with protection for Alibaba Cloud
Support for Alibaba Cloud follows just weeks after launch of Oracle Cloud Infrastructure (OCI) integration, providing organizations the broadest coverage of any cloud native application protection platform (CNAPP)
The cloud gray zone—secret agents installed by cloud service providers
Wiz Research builds upon previous “OMIGOD” findings with a presentation at RSA Conference 2022; details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors
A new vision for cloud security unites builders and defenders
Our introduction of attack path analysis (APA) and Cloud Detection and Response (CDR) further enriches the context provided by our foundational Wiz Security Graph.
Wiz launches cloud detection and response to help organizations quickly identify threats and limit breach exposure
Wiz today unveiled new advancements to its cloud security platform
Wiz now integrates with Oracle Cloud Infrastructure, bringing a graph-based cloud security approach to all major providers
Fortune 500’s Avery Dennison among enterprises that operate securely on OCI and other cloud infrastructure with Wiz
Connect with Wiz at our first-ever RSA Conference
We can’t wait to see many of you at RSA Conference 2022 in San Francisco, June 6-9. Check out a demo at our booth, attend a Wiz speaking session, or unwind at our SFMOMA party!
Securing AWS Lambda function URLs
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL
Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.
Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments
Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments.
Hardening your cloud environment against LAPSUS$-like threat actors
Learn how to harden your cloud environment against LAPSUS$-like threat actors
Wiz and ServiceNow VR: Prioritize and respond to cloud vulnerabilities faster
Wiz is excited to announce its new integration with ServiceNow Vulnerability Response (VR), creating a combined vulnerability management workflow that eliminates blind spots and prioritizes risks.
Detect and prioritize CISA Known Exploited Vulnerabilities in the cloud with Wiz
For each CVE, the Wiz Research team maintains data from multiple threat intelligence sources and our own independent research. Now that we’ve added support for the new CISA KEV catalog, learn how you can use it in your cloud environment.
Wiz and RegScale: Cloud security compliance management at scale
Learn how to achieve compliance security at scale with Wiz and RegScale, supporting a variety of compliance framework controls.
5 reasons endpoint security agents are not enough
In this post, we discuss five security limitations of endpoint security agents and also explain how adding agentless solutions can improve your cloud environment security.
The top cloud security threats to be aware of in 2022
As more organizations move to the cloud, so do attackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud security threats and how you can protect against them.
Towards a better cloud vulnerability response model
Who is responsible for doing what when a new cloud vulnerability is disclosed? Right now, it can be hard to know.
Log4Shell: Wrap all your Log4j fixes before the holidays
The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories
Log4Shell 10 days later: Enterprises halfway through patching
Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.
Log4Shell Meltdown: How to protect your cloud from this critical RCE threat
Log4Shell Meltdown: How to protect your cloud from this critical RCE threat. In this post, we’ll provide a quick overview of Log4Shell: what it is, its impact, and recommendations for security teams.
Wiz magic shifts left
Fixing vulnerabilities and misconfigurations in the pipeline before deployment makes perfect sense - it reduces the overall threat footprint and saves time. Wiz offers customers a straightforward way to operationalize a Shift Left strategy.
Assess your cloud compliance posture in minutes
With Wiz, you can assess your compliance posture across industry standards and business units at a glance to immediately pinpoint your weak spots.
Wiz integrates with the new Amazon Inspector for enhanced security insights, context, and accuracy
Wiz is excited to announce it is a launch partner for the new Amazon Inspector, bringing Amazon Inspector findings together with Wiz insights to give our customers actionable, prioritized and contextually rich security insights.
Security industry call to action: we need a cloud vulnerability database
In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.
ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough
This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.
How we broke the cloud with two lines of code: the full story of ChaosDB
A summary and recording of Wiz's talk at BlackHat Europe 2021: the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.
Celebrating Our Series C: Zero to $6 Billion in 18 Months
Customers have come to realize ignorance isn’t bliss. Cloud has gotten too big and unwieldy for most companies to effectively manage on their own. That’s where Wiz comes in.
Protecting cloud environments from the new critical Apache HTTP Server vulnerability
Learn how to protect cloud environments from the new critical Apache HTTP Server vulnerability.
How to Protect Your Cloud Environment from Supply Chain Attacks
Learn how to protect your cloud environment from supply chain attacks.
Agents are not enough: Why cloud security needs agentless deep scanning
In this post, we’re going to dive into the role and limitations of security agents in the cloud, and put forth a different approach for cloud infrastructure security: agentless deep scanning.
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.
“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution
Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.
Wiz goes (even more) global
The first half of 2021 has been incredible for Wiz. Fueled by an additional $250M in funding ($350M total) from Sequoia, Index Ventures, Insight, Salesforce, Blackstone, Advent, Greenoaks, and Aglaé Wiz has grown at a blistering pace, going from 25 employees at the start of the year to 120 today.
ChaosDB: How to discover your vulnerable Azure Cosmos DBs and protect them
Wiz Research found an unprecedented critical vulnerability in Azure Cosmos DB. The vulnerability gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization.
ChaosDB: How we hacked thousands of Azure customers’ databases
As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s flagship database service, Cosmos DB.
What is a Cloud-Native Application Protection Platform (CNAPP)?
CNAPP stands for Cloud-Native Application Protection Platform. The term was coined by Gartner, who recognized the expanding needs that go into securing applications in the cloud.