MITRE ATTACK Framework: Tactics, Techniques and More
Learn use cases, tactics, and the foundations of the MITRE ATTACK (also known as MITRE ATT&CK) framework and how to leverage it for improved cloud security.
CloudSec Academy
CloudSec Academy へようこそ。クラウドセキュリティの頭字語と業界用語のアルファベットスープをナビゲートするためのガイドです。 明確で簡潔、かつ専門的に作成されたコンテンツで、基本的なことからベストプラクティスまでをカバーします。
Malware Detection: Tools and Techniques
Wiz エキスパートチーム
To defend against malware in the cloud, businesses need a detection and response solution that’s built for the cloud, fluent in cloud-based indicators of compromise (IOCs), and enriched by cloud threat intelligence.
Credential Stuffing 101: What It Is and How to Prevent It
Wiz エキスパートチーム
Credential stuffing attacks can cost a breached organization millions in fines per year. Learn more about foundations, solutions, and real-life cases.
7 Serious AI Security Risks and How to Mitigate Them
Wiz エキスパートチーム
There are many sneaky AI security risks that could impact your organization. Learn practical steps to protect your systems and data while still leveraging AI's benefits.
What is Data Exfiltration? Techniques, Prevention, Examples
Wiz エキスパートチーム
Data exfiltration is when sensitive data is accessed without authorization or stolen. Just like any data breach, it can lead to financial loss, reputational damage, and business disruptions.
What Is Privilege Escalation? Types and Prevention Strategies
Privilege escalation is when an attacker exploits weaknesses in your environment or infrastructure to gain higher access and control within a system or network.
What Is Lateral Movement? Understanding Attacker Techniques
Wiz エキスパートチーム
Lateral movement is a cyberattack technique used by threat actors to navigate a network or environment in search of more valuable information after gaining initial access.
What Is a Brute Force Attack? Types and Countermeasures
Wiz エキスパートチーム
A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.
What Is an Attack Surface? Key Components and How to Manage
Wiz エキスパートチーム
An attack surface is refers to all the potential entry points an attacker could exploit to gain unauthorized access to a system, network, or data.
What Is Cryptojacking? How It Works & Tips to Prevent It
Cryptojacking is when an attacker hijacks your processing power to mine cryptocurrency for their own benefit.
RCE meaning: Remote code execution attacks explained
Wiz エキスパートチーム
Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.
What is Malicious Code? Types, Risks, and Prevention Strategies
Wiz エキスパートチーム
Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.
What is Shadow AI? Why It's a Threat and How to Embrace and Manage It
Wiz エキスパートチーム
Shadow AI is the unauthorized use or implementation of AI that is not controlled by, or visible to, an organization’s IT department.
Security Misconfigurations: How They Happen, Common Examples, Prevention
Wiz エキスパートチーム
A security misconfiguration is when incorrect security settings are applied to devices, applications, or data in your infrastructure.
シャドーITとは? 原因、リスク、および例
Wiz エキスパートチーム
シャドーITとは、組織のIT部門によって制御されていない、または認識されていないITサービス、アプリケーション、およびリソースを従業員が不正に使用することです。
Cloud Security Issues: 17 Risks, Threats, and Challenges
Wiz エキスパートチーム
Uncover the top cloud security issues affecting organizations today. Learn how to address cloud security risks, threats, and challenges to protect your cloud environment.
What Is Cross-Site Request Forgery (CSRF)? Examples, Vulnerabilities, and Prevention
Cross-site request forgery (CSRF), also known as XSRF or session riding, is an attack approach where threat actors trick trusted users of an application into performing unintended actions.
What is Data Sprawl? Causes, Risks, and Management
Data sprawl refers to the dramatic proliferation of enterprise data across IT environments, which can lead to management challenges and security risks.
Source Code Leaks: Risks, Examples, and Prevention
Wiz エキスパートチーム
In this blog post, we’ll explore security measures and continuous monitoring strategies to prevent these leaks, mitigating the risks posed by security vulnerabilities, human error, and attacks.
LLM Security for Enterprises: Risks and Best Practices
Wiz エキスパートチーム
LLM models, like GPT and other foundation models, come with significant risks if not properly secured. From prompt injection attacks to training data poisoning, the potential vulnerabilities are manifold and far-reaching.
Data Leakage:リスク、原因、防止
データ漏洩とは、組織データが第三者に対して野放しに持ち出されることです。 これは、データベースの設定ミス、ネットワークサーバーの保護が不十分な、フィッシング攻撃、さらには不注意なデータ処理など、さまざまな手段で発生します。
ChatGPT Security for Enterprises: Risks and Best Practices
ChatGPT security is the process of protecting an organization from the compliance, brand image, customer experience, and general safety risks that ChatGPT introduces into applications.
The Threat of Adversarial AI
Wiz エキスパートチーム
Adversarial artificial intelligence (AI), or adversarial machine learning (ML), is a type of cyberattack where threat actors corrupt AI systems to manipulate their outputs and functionality.
What is LLM Jacking?
LLM jacking is an attack technique that cybercriminals use to manipulate and exploit an enterprise’s cloud-based LLMs (large language models).
What is Credential Access (TA0006)?
Wiz エキスパートチーム
Credential access is a cyberattack technique where threat actors access and hijack legitimate user credentials to gain entry into an enterprise's IT environments.