Announcing the EKS Cluster Games
Test your investigation skills and K8s knowledge in a new Wiz-sponsored CTF event: the EKS Cluster Games!
Ronen Shustin
Security Researcher at Wiz
Ronen Shustin Posts
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access
How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL
Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.