What Is Privilege Escalation? Types and Prevention Strategies
Privilege escalation is when an attacker exploits weaknesses in your environment or infrastructure to gain higher access and control within a system or network.
CloudSec Academy
Bienvenido a CloudSec Academy, tu guía para navegar por la sopa de alfabeto de los acrónimos de seguridad en la nube y la jerga de la industria. Cortar el ruido con contenido claro, conciso y elaborado por expertos que cubra los fundamentos de las mejores prácticas.
What Is Lateral Movement? Understanding Attacker Techniques
Equipo de expertos de Wiz
Lateral movement is a cyberattack technique used by threat actors to navigate a network or environment in search of more valuable information after gaining initial access.
What Is a Brute Force Attack? Types and Countermeasures
Equipo de expertos de Wiz
A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.
What Is an Attack Surface? Key Components and How to Manage
Equipo de expertos de Wiz
An attack surface is refers to all the potential entry points an attacker could exploit to gain unauthorized access to a system, network, or data.
What Is Cryptojacking? How It Works & Tips to Prevent It
Cryptojacking is when an attacker hijacks your processing power to mine cryptocurrency for their own benefit.
RCE meaning: Remote code execution attacks explained
Equipo de expertos de Wiz
Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.
What is Malicious Code? Types, Risks, and Prevention Strategies
Equipo de expertos de Wiz
Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.
What is Shadow AI? Why It's a Threat and How to Embrace and Manage It
Equipo de expertos de Wiz
Shadow AI is the unauthorized use or implementation of AI that is not controlled by, or visible to, an organization’s IT department.
Security Misconfigurations: How They Happen, Common Examples, Prevention
Equipo de expertos de Wiz
A security misconfiguration is when incorrect security settings are applied to devices, applications, or data in your infrastructure.
¿Qué es la TI en la sombra? Causas, riesgos y ejemplos
Equipo de expertos de Wiz
La TI en la sombra es el uso no autorizado por parte de un empleado de servicios, aplicaciones y recursos de TI que no están controlados por el departamento de TI de una organización ni son visibles para él.
Cloud Security Issues: 17 Risks, Threats, and Challenges
Equipo de expertos de Wiz
Uncover the top cloud security issues affecting organizations today. Learn how to address cloud security risks, threats, and challenges to protect your cloud environment.
What Is Cross-Site Request Forgery (CSRF)? Examples, Vulnerabilities, and Prevention
Cross-site request forgery (CSRF), also known as XSRF or session riding, is an attack approach where threat actors trick trusted users of an application into performing unintended actions.
What is Data Sprawl? Causes, Risks, and Management
Data sprawl refers to the dramatic proliferation of enterprise data across IT environments, which can lead to management challenges and security risks.
Source Code Leaks: Risks, Examples, and Prevention
Equipo de expertos de Wiz
In this blog post, we’ll explore security measures and continuous monitoring strategies to prevent these leaks, mitigating the risks posed by security vulnerabilities, human error, and attacks.
LLM Security for Enterprises: Risks and Best Practices
Equipo de expertos de Wiz
LLM models, like GPT and other foundation models, come with significant risks if not properly secured. From prompt injection attacks to training data poisoning, the potential vulnerabilities are manifold and far-reaching.
Data Leakage: riesgos, causas y prevención
La fuga de datos es la exfiltración incontrolada de datos de la organización a un tercero. Se produce a través de varios medios, como bases de datos mal configuradas, servidores de red mal protegidos, ataques de phishing o incluso un manejo de datos descuidado.
ChatGPT Security for Enterprises: Risks and Best Practices
ChatGPT security is the process of protecting an organization from the compliance, brand image, customer experience, and general safety risks that ChatGPT introduces into applications.
The Threat of Adversarial AI
Equipo de expertos de Wiz
Adversarial artificial intelligence (AI), or adversarial machine learning (ML), is a type of cyberattack where threat actors corrupt AI systems to manipulate their outputs and functionality.
What is LLM Jacking?
LLM jacking is an attack technique that cybercriminals use to manipulate and exploit an enterprise’s cloud-based LLMs (large language models).
What is Credential Access (TA0006)?
Equipo de expertos de Wiz
Credential access is a cyberattack technique where threat actors access and hijack legitimate user credentials to gain entry into an enterprise's IT environments.
¿Qué es un Prompt Injection Attack?
Los ataques de inyección de avisos son una amenaza para la seguridad de la IA en la que un atacante manipula el mensaje de entrada en los sistemas de procesamiento de lenguaje natural (NLP) para influir en la salida del sistema.
What is a Data Poisoning Attack?
Equipo de expertos de Wiz
Data poisoning is a kind of cyberattack that targets the training data used to build artificial intelligence (AI) and machine learning (ML) models.
Dark AI Explained
Equipo de expertos de Wiz
Dark AI involves the malicious use of artificial intelligence (AI) technologies to facilitate cyberattacks and data breaches. Dark AI includes both accidental and strategic weaponization of AI tools.
What is the MITRE ATTACK framework?
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a cybersecurity framework that helps enterprises fortify themselves against cyber threats.
What is Defense Evasion According to MITRE?
MITRE ATT&CK®, a publicly available security toolkit that helps enterprises overcome cyber threats, defines defense evasion as a way for malicious actors to evade detection during an attack.