645 matches found
Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images.
WizOS is now available in private preview for Wiz customers. It’s a key part of how we help teams start secure and stay secure with hardened, minimal container images...
Wiz at re:Invent 2022 (event recap)
Get all the news from Las Vegas and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments...
GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads
Wiz Research discovered CVE-2023-2640 and CVE-2023-32629, two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu affecting 40% of Ubuntu cloud workloads...
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently...
Leaky Vessels: runC and BuildKit container escape vulnerabilities - everything you need to know
Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime...
Introducing Wiz for Exposure Management: Unify, Prioritize, and Remediate Exposures Everywhere
Stop chasing CVEs with new UVM and Sensor Workload Scanner capabilities. Remove silos to effectively prioritize and reduce exposures across cloud, code, and on-prem...
Backdoor in XZ Utils allows RCE: everything you need to know
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently...
OWASSRF, a new exploit for Exchange vulnerabilities, exploited in the wild: everything you need to know
A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently...
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations
Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama...
Introducing the MCP Server for Wiz: Smarter AI Context, Stronger Cloud Security
Unified model context, real-time security answers, and a faster path to remediation...
Automatically discover and secure your APIs with Wiz Dynamic Scanner
Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs...
February Fortinet Advisory: everything you need to know
Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently...
CVE-2023-38545 high severity vulnerability in cURL: everything you need to know
Detect and mitigate CVE-2023-38545, a high severity buffer overflow vulnerability in cURL. Organizations should upgrade to the patched version...
Unveiling the power of Wiz's Security Graph with automated blast radius and root cause analysis for cloud incident response
Wiz assists Incident Response IR and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised resources...
CVE-2024-4040 exploited in the wild: everything you need to know
Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently...
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently...
Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments
Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments...
Announcing the EKS Cluster Games
Test your investigation skills and K8s knowledge in a new Wiz-sponsored CTF event: the EKS Cluster Games!...
Introducing the Prompt Airlines CTF: Test Your AI Security Skills
Wiz is excited to announce "Prompt Airlines," a new cloud security Capture The Flag CTF event focused on AI vulnerabilities...
RCE vulnerability in OpenSSH: everything you need to know
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently...
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information...
Introducing The Cloud Hunting Games CTF: Test Your Cloud Incident Response Skills
Wiz is excited to announce “The Cloud Hunting Games”, a new hands-on Capture the Flag CTF challenge designed to test your cloud incident response skills...
Wiz ❤️ HashiCorp: Wiz’s new integration with Terraform Run Tasks helps customers slash risks and boost developer productivity
Mutual Wiz and HashiCorp customers can leverage this integration to scan their IaC configuration and enforce security best practices to reduce risk...
Wiz CDR and Amazon GuardDuty: Contextualize and prioritize threat detection
Wiz leverages its leading Cloud Security Graph to help Cloud Defenders quickly understand, with the click of a button— what happened, where it happened, and how to respond...
Wiz Recognized as a 2024 Customers’ Choice in Gartner® Peer Insights report.
Wiz named as a Customers’ Choice for Cloud Native Application Protection Platforms CNAPP...
Critical Vulnerabilities in Ivanti Exploited in-the-Wild: everything you need to know
Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances...
OpenSSL vulnerabilities: Everything you need to know
On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts...
CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know
CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately...
Federal Data, Meet your New Bodyguard: DSPM joins Wiz for Government
Wiz is excited to bring Data Security Posture Management DSPM into our FedRAMP authorized offering. DSPM enables organizations requiring FedRAMP to automate classification, policy enforcement, and continuous monitoring for their sensitive cloud data...
Wiz enhances dynamic scanner to analyze and validate external exposure
Wiz extends its cloud analysis with an external scanner, giving customers an attacker's view of their externally exposed resources to reduce noise...
Critical RCE vulnerability in PHP CGI: everything you need to know
Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently...
Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations
Wiz researchers discovered architecture risks that may compromise AI-as-a-Service providers and put customer data at risk. Wiz and Hugging Face worked together to mitigate the issue...
Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors...
Introducing Wiz ASM: Context-Driven Attack Surface Management
Wiz launches Attack Surface Scanner to bring context, ownership, and prioritization to every exposure, anywhere...
Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution...
Announcing the K8s LAN Party Challenge
Test your investigation skills and K8s network knowledge in a new CTF event: the K8s LAN Party Challenge!...
Critical and high severity Exim vulnerabilities: everything you need to know
Detect and mitigate CVE-2023-42115, and 5 more vulnerabilities in Exim. Organizations using affected configurations should mitigate and patch the vulnerabilities urgently...
Ransomware attacks targeting VMware ESXi servers: everything you need to know
Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise...
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads...
Shift left with Wiz Guardrails: New Wiz Admission Controller capabilities enable security policy checks at deployment time
Wiz CLI and Wiz Admission Controller enable developers to leverage a single security policy throughout the software pipeline for cloud-native environments...
Key takeaways from the Wiz 2023 Kubernetes Security Report
Today, Wiz published its 2023 Kubernetes Security Report. Here are some key takeaways...
Wiz and AWS Security Hub Enhance Cloud Risk Prioritization
Wiz joins as a launch partner for AWS Security Hub to help customers act faster on prioritized security findings...
Wiz Data Foundations: Where’s My Sensitive Data—And Who Can Access It?
A hands-on walkthrough of how to use Wiz to find sensitive data and uncover who can access it...
Cisco and Wiz Help Customers Modernize Cybersecurity
Enhanced collaboration deepens cloud security capabilities, democratizes security across cloud businesses...
Critical vulnerabilities in Palo Alto Expedition: everything you need to know
Detect and mitigate critical vulnerabilities CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467 in Palo Alto Networks’ Expedition tool. Organizations should patch urgently...
Wiz enhances real-time threat detection and response capabilities to stop threats from becoming incidents
The Wiz Runtime Sensor for Kubernetes graduates to general availability with proven ability to detect cloud attacks, greater customization for detections, and new cloud-native response capabilities...
Linux rootkits explained – Part 1: Dynamic linker hijacking
Dynamic linker hijacking via LDPRELOAD is a Linux rootkit technique utilized by different threat actors in the wild. In part one of this series on Linux rootkits, we discuss this threat and explain how to detect it...
CVE-2022-27518 exploited in the wild by APT5: everything you need to know
Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently...
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms...
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
Wiz Research uncovers vulnerabilities in SAP AI Core, allowing malicious actors to take over the service and access customer data...