#Security

AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes

Before it was patched, #AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required.

The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors

How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.

The cloud gray zone—secret agents installed by cloud service providers

Wiz Research builds upon previous “OMIGOD” findings with a presentation at RSA Conference 2022; details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors

Securing AWS Lambda function URLs

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments

Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments.

5 reasons endpoint security agents are not enough

In this post, we discuss five security limitations of endpoint security agents and also explain how adding agentless solutions can improve your cloud environment security.

Towards a better cloud vulnerability response model

Who is responsible for doing what when a new cloud vulnerability is disclosed? Right now, it can be hard to know.

Log4Shell Meltdown: How to protect your cloud from this critical RCE threat

Log4Shell Meltdown: How to protect your cloud from this critical RCE threat. In this post, we’ll provide a quick overview of Log4Shell: what it is, its impact, and recommendations for security teams.

Security industry call to action: we need a cloud vulnerability database

In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.

How to Protect Your Cloud Environment from Supply Chain Attacks

Learn how to protect your cloud environment from supply chain attacks.