CloudSec Academy

CloudSec Academy へようこそ。クラウドセキュリティの頭字語と業界用語のアルファベットスープをナビゲートするためのガイドです。 明確で簡潔、かつ専門的に作成されたコンテンツで、基本的なことからベストプラクティスまでをカバーします。

LLM Security for Enterprises: Risks and Best Practices

Wiz エキスパートチーム

LLM models, like GPT and other foundation models, come with significant risks if not properly secured. From prompt injection attacks to training data poisoning, the potential vulnerabilities are manifold and far-reaching.

Data Leakage: Risks, Causes, & Prevention

Data leakage is the unchecked exfiltration of organizational data to a third party. It occurs through various means such as misconfigured databases, poorly protected network servers, phishing attacks, or even careless data handling.

The Threat of Adversarial AI

Wiz エキスパートチーム

Adversarial artificial intelligence (AI), or adversarial machine learning (ML), is a type of cyberattack where threat actors corrupt AI systems to manipulate their outputs and functionality.

What is LLM Jacking?

LLM jacking is an attack technique that cybercriminals use to manipulate and exploit an enterprise’s cloud-based LLMs (large language models).

What is Credential Access (TA0006)?

Wiz エキスパートチーム

Credential access is a cyberattack technique where threat actors access and hijack legitimate user credentials to gain entry into an enterprise's IT environments.

What is a Data Poisoning Attack?

Wiz エキスパートチーム

Data poisoning is a kind of cyberattack that targets the training data used to build artificial intelligence (AI) and machine learning (ML) models.

Dark AI Explained

Wiz エキスパートチーム

Dark AI involves the malicious use of artificial intelligence (AI) technologies to facilitate cyberattacks and data breaches. Dark AI includes both accidental and strategic weaponization of AI tools.

Azure Security Risks & Mitigation Steps

Wiz エキスパートチーム

This article offers an extensive examination of Azure environments’ most pressing security risks along with suggested approaches for effectively mitigating these challenges.

7 AI Security Risks You Can't Ignore

Wiz エキスパートチーム

Learn about the most pressing security risks shared by all AI applications and how to mitigate them.

Remote Code Execution Attacks Explained

Wiz エキスパートチーム

Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.

Understanding Cloud Security Risks

Wiz エキスパートチーム

A cloud security risk is any threat that might impact the confidentiality, integrity, and availability (CIA) of data and applications hosted in the cloud.

Cloud Sprawl Explained

Wiz エキスパートチーム

Cloud sprawl is a phenomenon that involves the unmanaged growth of cloud-based resources and services.

Data Exfiltration Explained

Wiz エキスパートチーム

Data exfiltration is when sensitive data is accessed without authorization or stolen. Just like any data breach, it can lead to financial loss, reputational damage, and business disruptions.

Lateral Movement Explained

Wiz エキスパートチーム

Lateral movement is a cyberattack technique used by threat actors to navigate a network or environment in search of more valuable information after gaining initial access.

Credential Stuffing Explained

Wiz エキスパートチーム

Credential stuffing is a type of cyberattack where automated tools are used to repeatedly inject stolen username/password combinations into various services to gain access to legitimate users’ accounts in addition to those that were originally breached.

Cross-site scripting

Wiz エキスパートチーム

Cross-site scripting (XSS) is a vulnerability where hackers insert malicious scripts inside web applications with the aim of executing them in a user’s browser.

What is a man-in-the-middle attack?

Wiz エキスパートチーム

A man-in-the-middle (MitM) attack is a type of cyberattack where a hacker intercepts data transferred between two parties.

Brute Force Attacks

Wiz エキスパートチーム

A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.

AWS Security Risks

Wiz エキスパートチーム

This article examines common AWS security challenges, including identity and access control gaps, data exposure risks, and monitoring blind spots.

Shadow Data

Wiz エキスパートチーム

Shadow data is any data that is created, stored, or shared outside of an organization's formal IT environment and management policies.

What is Privilege Escalation?

Privilege escalation is when an attacker exploits weaknesses in your environment or infrastructure to gain higher access and control within a system or network.

Rootkits Explained

Wiz エキスパートチーム

A rootkit is a suite of software designed to grant a cyberattacker privileged access while disguising the invasion to evade detection.

What is a Reverse Shell Attack?

Wiz エキスパートチーム

A reverse shell attack is a type of cyberattack where a threat actor establishes a connection from a target machine (the victim's) to their machine.

What is an Attack Surface?

Wiz エキスパートチーム

An attack surface is refers to all the potential entry points an attacker could exploit to gain unauthorized access to a system, network, or data.

What is Shadow AI?

Wiz エキスパートチーム

Shadow AI is the unauthorized use or implementation of AI that is not controlled by, or visible to, an organization’s IT department.

Malicious Code Explained

Wiz エキスパートチーム

Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.

Security Misconfigurations

Wiz エキスパートチーム

A security misconfiguration is when incorrect security settings are applied to devices, applications, or data in your infrastructure.

7 Cloud Security Challenges

Wiz エキスパートチーム

As companies transition to the cloud, they are sure to be confronted with these seven security challenges.

8 All-Too-Common Cloud Vulnerabilities

Wiz エキスパートチーム

We outline the most common cloud vulnerabilities with real-life examples of attacks that exploited these vulnerabilities, and simple steps you can take to mitigate them.

Shadow IT Explained

Wiz エキスパートチーム

Shadow IT is an employee’s unauthorized use of IT services, applications, and resources that aren’t controlled by—or visible to—an organization’s IT department.