Amitai Cohen
Eight questions to measure vulnerability remediation "pain"
What is it about certain vulnerabilities that makes them especially hard to deal with, and how can vendors make things easier for security teams?
The good, the bad, and the vulnerable
Get the tl;dr on Wiz's methodology for cloud vulnerability triage in our new report, "The good, the bad, and the vulnerable."
Critical vulnerabilities in media libraries exploited in the wild: everything you need to know
Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.
Storm-0558 Update: Takeaways from Microsoft's recent report
The Wiz research team examines Microsoft's latest Storm-0558 findings and summarizes the key learnings cloud customers should take away from the incident.
Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.
How to leverage generative AI in cloud apps without putting user data at risk
Learn security best practices to deploy generative AI models as part of your multi-tenant cloud applications and avoid putting your customers’ data at risk.
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.
Exploitable and unpatched KeePass vulnerability: everything you need to know
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.
Detect critical application misconfiguration risks
Some application misconfigurations are equivalent to remote code execution or information disclosure vulnerabilities, but often go unnoticed. Wiz’s agentless capabilities detect these and correlate them to attack surface and business impact risks, highlighting the most critical misconfigurations.
Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites
Since early September 2022, tens of thousands of websites aimed at East Asian audiences have been hacked, redirecting hundreds of thousands of their users to adult-themed content.
The State of the Cloud 2023
Wiz's State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. In addition, the report highlights notable cloud risks based on insights from 30% of Fortune 100 enterprise cloud environments
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know
Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.
Introducing PEACH, a tenant isolation framework for cloud applications
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface
CVE-2022-27518 exploited in the wild by APT5: everything you need to know
Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently.
OpenSSL vulnerabilities: Everything you need to know
On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts.
Securing AWS Lambda function URLs
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.
Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments
Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments.
Hardening your cloud environment against LAPSUS$-like threat actors
Learn how to harden your cloud environment against LAPSUS$-like threat actors