#Research
Key takeaways from the Wiz 2023 Kubernetes Security Report
Today, Wiz published its 2023 Kubernetes Security Report. Here are some key takeaways.
Eight questions to measure vulnerability remediation "pain"
What is it about certain vulnerabilities that makes them especially hard to deal with, and how can vendors make things easier for security teams?
Announcing the EKS Cluster Games
Test your investigation skills and K8s knowledge in a new Wiz-sponsored CTF event: the EKS Cluster Games!
CVE-2023-38545 high severity vulnerability in cURL: everything you need to know
Detect and mitigate CVE-2023-38545, a high severity buffer overflow vulnerability in cURL. Organizations should upgrade to the patched version.
The good, the bad, and the vulnerable
Get the tl;dr on Wiz's methodology for cloud vulnerability triage in our new report, "The good, the bad, and the vulnerable."
Critical and high severity Exim vulnerabilities: everything you need to know
Detect and mitigate CVE-2023-42115, and 5 more vulnerabilities in Exim. Organizations using affected configurations should mitigate and patch the vulnerabilities urgently.
Critical vulnerabilities in media libraries exploited in the wild: everything you need to know
Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.
38TB of data accidentally exposed by Microsoft AI researchers
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
Storm-0558 Update: Takeaways from Microsoft's recent report
The Wiz research team examines Microsoft's latest Storm-0558 findings and summarizes the key learnings cloud customers should take away from the incident.
I know what you mined last summer: summarizing Summer '23 cryptomining activity
During the summer of 2023, using the Wiz Sensor, Wiz Research detected several different cryptomining campaigns targeting cloud workloads. Learn about these campaigns and their associated IoCs, and how to detect and prevent similar threats.
GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads
Wiz Research discovered CVE-2023-2640 and CVE-2023-32629, two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu affecting 40% of Ubuntu cloud workloads.
Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.
Top 16 cloud security experts you should follow in 2023
Handpicked by our research team: The annual list of 16 thought leaders you need on your feed.
Compromised Microsoft Key: More Impactful Than We Thought
Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.
Kubernetes API limitations in finding non-standard pods and containers
Gain a deeper understanding of why it's essential to monitor non-standard pods and containers, including static pods, mirror pods, init containers, pause containers, and ephemeral containers within your Kubernetes environment.
PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer
PyLoose is a newly discovered Python-based fileless malware targeting cloud workloads. Get a breakdown of how the attack unfolds and the steps to mitigate it.
Linux rootkits explained – Part 1: Dynamic linker hijacking
Dynamic linker hijacking via LD_PRELOAD is a Linux rootkit technique utilized by different threat actors in the wild. In part one of this series on Linux rootkits, we discuss this threat and explain how to detect it.
How to get rid of AWS access keys – Part 2: Reducing Privileges
In the previous post in this series, we discussed how to do some basic cleaning of AWS access keys. In this post, we’ll show how to reduce the privileges in order to mitigate their risk.
How to leverage generative AI in cloud apps without putting user data at risk
Learn security best practices to deploy generative AI models as part of your multi-tenant cloud applications and avoid putting your customers’ data at risk.
Kubernetes Grey Zone: Risks in Managed Cluster Middleware
Are your managed Kubernetes clusters safe from the risks posed by middleware components? Learn how to secure your clusters and mitigate middleware risks.
Crying Out Cloud: a magical podcast for cloud security enthusiasts
Join us for game-changing news, unique Wiz insights, and battle-tested advice from industry experts. Stay ahead of the cloud curve with our latest episodes and navigate the complex world of cloud security.
The Big IAM Challenge: Test Your Cloud Security Skills
Put yourself to the test with our unique CTF challenge and boost your AWS IAM knowledge. Do you have what it takes to win The Big IAM Challenge?
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.
Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments
This blog post will discuss lateral movement risks from on-prem to the cloud. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
Exploitable and unpatched KeePass vulnerability: everything you need to know
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.
Intro to forensics in the cloud: A container was compromised. What’s next?
Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example.
BingBang: How a simple developer mistake could have led to Bing.com takeover
How a misconfiguration in a Microsoft Bing.com application allowed Wiz Research to modify Bing’s search results – and potentially compromise the private data of millions of Bing users
BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover
How Wiz Research found a common misconfiguration in Azure Active Directory that compromised multiple Microsoft applications, including a Bing management portal
Using Service Control Policies to protect security baselines
Service Control Policies (SCPs) can be a great way to prevent actions from happening in AWS accounts. In this post, we will illustrate a specific use case of SCPs that protects the security baseline, or landing zone, configuration you’ve created for accounts
CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know
CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately.
From Pod Security Policies to Pod Security Standards – a Migration Guide
Pod Security Policies were removed in Kubernetes v1.25 — learn how to migrate from Pod Security Policies to Pod Security Standards
Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites
Since early September 2022, tens of thousands of websites aimed at East Asian audiences have been hacked, redirecting hundreds of thousands of their users to adult-themed content.
Lateral movement risks in the cloud and how to prevent them – Part 3: from compromised cloud resource to Kubernetes cluster takeover
In this third blog post, we will discuss lateral movement risks from the cloud to Kubernetes. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
Ransomware attacks targeting VMware ESXi servers: everything you need to know
Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise.
The State of the Cloud 2023
Wiz's State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. In addition, the report highlights notable cloud risks based on insights from 30% of Fortune 100 enterprise cloud environments
Enhancing Kubernetes security with user namespaces
Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25.
CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know
Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel (CWP) unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently.
Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident
Learn how to detect malicious persistence techniques in AWS, GCP & Azure after potential initial compromise, like with the CircleCI incident
Lateral movement risks in the cloud and how to prevent them – Part 2: from compromised container to cloud takeover
In this second blog post, we will discuss lateral movement risks from Kubernetes to the cloud. We will explain attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environments and mitigate risk.
Malicious PyTorch dependency 'torchtriton' on PyPI: everything you need to know
The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys.
Introducing PEACH, a tenant isolation framework for cloud applications
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface
Secret-based cloud supply-chain attacks: Case study and lessons for security teams
CI/CD pipelines, as an essential part of the software development process, are an attractive target to malicious actors. Based on our research of cloud environments, we share common misconfigurations and provide tips on how to remediate them in order to prevent supply-chain attacks.
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access
How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation
Lateral movement risks in the cloud and how to prevent them – Part 1: the network layer (VPC)
In this first blog post, we will introduce lateral movement as it pertains to the VPC. We will discuss attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
Before it was patched, #AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required.
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.
Securing Azure middleware agents with new auto-patching capabilities
Wiz finds Azure customers remain unpatched from cloud middleware vulnerability and collaborates with Microsoft to introduce an auto-patching solution against cloud middleware security issues and make the cloud safer
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI
Affected organizations are required to update installed agents that use the OMI cloud middleware software
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL
Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.
Hardening your cloud environment against LAPSUS$-like threat actors
Learn how to harden your cloud environment against LAPSUS$-like threat actors
The top cloud security threats to be aware of in 2022
As more organizations move to the cloud, so do attackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud security threats and how you can protect against them.
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories
Log4Shell 10 days later: Enterprises halfway through patching
Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.
ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough
This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.
How we broke the cloud with two lines of code: the full story of ChaosDB
A summary and recording of Wiz's talk at BlackHat Europe 2021: the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.
Protecting cloud environments from the new critical Apache HTTP Server vulnerability
Learn how to protect cloud environments from the new critical Apache HTTP Server vulnerability.
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.
“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution
Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.
ChaosDB: How to discover your vulnerable Azure Cosmos DBs and protect them
Wiz Research found an unprecedented critical vulnerability in Azure Cosmos DB. The vulnerability gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization.
ChaosDB: How we hacked thousands of Azure customers’ databases
As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s flagship database service, Cosmos DB.
Is your organization leaking sensitive Dynamic DNS data? Here’s how to find out
At Black Hat on Wednesday, Wiz researchers disclosed a vulnerability in DNS hosting services that affects millions of corporate endpoints.
Black Hat 2021: How isolated is your AWS cloud environment?
Last November, Wiz Research mapped all the services in AWS that allow access from other accounts to see if any of them might inadvertently expose customers and discovered 3 vulnerabilities in different AWS services that allowed anyone to read or write into the accounts of other AWS customers.
Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain
Wiz CTO Ami Luttwak discusses a new class of vulnerabilities discovered by Wiz Research, which exposed valuable dynamic DNS data from millions of endpoints worldwide.
82% of companies unknowingly give 3rd parties access to all their cloud data
Cloud identity permissions are complex. So complex that innocent looking permissions provided to 3rd party vendors can lead to unintended exposure of all of your data.
Recent Linux sudo vulnerability affects a major percent of cloud workloads
With an estimated 90% of cloud workloads running Linux based OS, with sudo being common across distributions, many Linux cloud assets are at risk and may be affected. Versions released as far back as 2011 are affected by this vulnerability.