Lucene search
K
WizblogRecent

649 matches found

Wiz blog
Wiz blog
added 2023/01/23 3:29 p.m.11 views

Enhancing Kubernetes security with user namespaces

Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2023/01/19 3:54 p.m.8 views

Unleashing the Power of No-Code Automation for Cloud Security with Wiz and Tines

The Wiz and Tines partnership empowers organizations to protect their cloud infrastructure at scale with no-code automation...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2023/01/17 1:17 p.m.29 views

CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know

Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel CWP unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently...

9.8CVSS7AI score0.99995EPSS
Exploits12
Wiz blog
Wiz blog
added 2023/01/12 5:4 p.m.13 views

Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident

Learn how to detect malicious persistence techniques in AWS, GCP & Azure after potential initial compromise, like with the CircleCI incident...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2023/01/11 6:55 p.m.10 views

Wiz launches Australia cloud data center further demonstrating commitment to ANZ and multinational organizations

Wiz announces availability of new regional data center and adds support for Essential Eight controls...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2023/01/09 5:30 p.m.9 views

New Year’s Resolutions: Where CISOs plan to invest and scale back in 2023

Hear from security leaders about their plans, strategies, and priorities for the new year...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2023/01/05 5:0 p.m.16 views

Lateral movement risks in the cloud and how to prevent them – Part 2: from compromised container to cloud takeover

In this second blog post, we will discuss lateral movement risks from Kubernetes to the cloud. We will explain attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environments and mitigate risk...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2023/01/03 1:10 p.m.13 views

Malicious PyTorch dependency 'torchtriton' on PyPI: everything you need to know

The developers of PyTorch a popular machine-learning framework recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/27 5:22 p.m.31 views

CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know

Critical RCE vulnerability found in Linux kernel's ksmbd module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems...

9.8CVSS7.4AI score0.46428EPSS
Exploits0
Wiz blog
Wiz blog
added 2022/12/22 6:10 p.m.118 views

OWASSRF, a new exploit for Exchange vulnerabilities, exploited in the wild: everything you need to know

A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently...

9.8CVSS7.1AI score0.99964EPSS
Exploits11
Wiz blog
Wiz blog
added 2022/12/21 6:7 p.m.89 views

Automatically discover and secure your APIs with Wiz Dynamic Scanner

Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/20 3:25 p.m.14 views

Wiz introduces Dangling Domain Detection to help you prevent subdomain takeovers

Easily detect dangling domains to reduce the risk of phishing campaigns and cookie harvesting of organization’s customers...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/16 4:54 p.m.53 views

Wiz enhances dynamic scanner to analyze and validate external exposure

Wiz extends its cloud analysis with an external scanner, giving customers an attacker's view of their externally exposed resources to reduce noise...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/15 6:16 p.m.15 views

Use cases for Delegated Administrator for AWS Organizations

Learn about how AWS's recently released Delegated Administrator for AWS Organization can be used to solve common problems at your company and the issues you might run into with it...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/14 2:15 p.m.13 views

Introducing PEACH, a tenant isolation framework for cloud applications

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/13 9:3 p.m.37 views

CVE-2022-27518 exploited in the wild by APT5: everything you need to know

Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently...

9.8CVSS7AI score0.06931EPSS
Exploits1
Wiz blog
Wiz blog
added 2022/12/13 7:28 p.m.10 views

Secret-based cloud supply-chain attacks: Case study and lessons for security teams

CI/CD pipelines, as an essential part of the software development process, are an attractive target to malicious actors. Based on our research of cloud environments, we share common misconfigurations and provide tips on how to remediate them in order to prevent supply-chain attacks...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/12 3:53 p.m.9 views

Introducing Azure Least Privilege: Enforce least privilege access for Azure environments

Wiz extends its CIEM capabilities to enable least privilege access for Azure environments...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/09 3:54 p.m.9 views

Top Security Talks from AWS re:Invent 2022

AWS re:Invent is the largest conference of the year for Amazon Web Services AWS with hundreds of talks. We picked our favorite cloud security talks that are available online...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/08 3:53 p.m.11 views

Uncover what is really deployed in your environment with the enhanced Wiz inventory

Wiz adds full detection of cloud services for deeper visibility and control over shadow IT...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/08 1:0 p.m.13 views

Navigating the road ahead for CISOs following the Uber verdict

Hear from industry experts to understand the challenges ahead and best practices CISOs can follow to avoid issues in the future...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/07 3:54 p.m.10 views

Wiz introduces agentless solution for detecting host and application misconfigurations

Wiz extends its risk assessment to support host and application level misconfigurations, enabling customers to ensure security and compliance posture for applications...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/06 8:35 p.m.6 views

Giving thanks for a more secure cloud

We'd like to take a moment this holiday season to recognize our greatest asset—our customers...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/05 6:51 p.m.158 views

Wiz at re:Invent 2022 (event recap)

Get all the news from Las Vegas and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2022/12/01 3:0 p.m.18 views

Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access

How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2022/11/30 6:54 p.m.24 views

Wiz integrates with AWS Security Hub to help you better manage your AWS security posture

New integration enables AWS customers to send Wiz security issues detected in AWS resources to Security Hub...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2022/11/29 7:36 p.m.22 views

Wiz integrates with Amazon Security Lake to improve cloud security through cloud security data sharing

New integration enables customers to consolidate security logs, run investigations and analyze security metrics in their customer-owned data lake...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/11/29 1:56 p.m.12 views

Wiz and BigID expand partnership to extend visibility and control for enterprise data to prevent breaches

Deeper partnership accelerates end-to-end cloud-native data protection from discovery to enforcement...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/11/21 1:54 p.m.16 views

Wiz becomes the first CNAPP to deliver integrated Data Security Posture Management

Wiz expands its platform to proactively eliminate attack paths to discovered critical data...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2022/11/14 3:57 p.m.19 views

Wiz and Google Cloud’s Security Command Center: Modern threat detection and response rooted in risk prioritization

Fully understand the impact and architecture behind any threat to streamline and speed effective response with a first-of-its-kind integration combining the Wiz Security Graph’s deep cloud and multi-cloud risk context with Google Cloud’s Security Command Center’s advanced threat detection...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2022/11/07 1:56 p.m.17 views

Wiz introduces VMware vSphere support to provide a unified hybrid cloud security platform

vSphere integration makes Wiz the first cloud security platform to protect both on-premises and cloud environments without an agent...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/10/29 4:11 a.m.56 views

OpenSSL vulnerabilities: Everything you need to know

On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts...

7.5CVSS7AI score0.92488EPSS
Exploits6
Wiz blog
Wiz blog
added 2022/10/24 12:55 p.m.4 views

Wiz rapidly finds and removes risks across the container development lifecycle and entire cloud environment

New Wiz capabilities protect containerized applications by bringing deep cloud context and visibility to quickly identify and prioritize risks across containers, Kubernetes and cloud environments without agents...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/10/21 2:52 p.m.8 views

KubeCon + CloudNativeCon North America 2022: Our top 10 sessions to attend

KubeCon 2022 will be full of great presentations and content. Here's our take on the conference sessions apart from our own that you shouldn't miss, whether you're onsite or attending virtually...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/10/19 2:51 p.m.7 views

Meet Wiz at KubeCon North America

Wiz will be attending and sponsoring KubeCon for the first time and we have a lot to share regarding how enterprises can better secure their container and Kubernetes environments. Come say hi!...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/10/13 5:43 p.m.8 views

Lateral movement risks in the cloud and how to prevent them – Part 1: the network layer (VPC)

In this first blog post, we will introduce lateral movement as it pertains to the VPC. We will discuss attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/09/22 5:41 p.m.5 views

Wiz Receives Morgan Stanley Innovation Award at 20th Innovation Summit

Recognition in the Cyber category honors Wiz for its exceptional technology partnership with one of the world’s leading financial institutions...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/09/20 12:57 p.m.13 views

AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes

Before it was patched, AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/09/19 6:2 p.m.11 views

How Wiz and Torq Combine to Mitigate Existential Cloud Security Threats

Leonid Belkind, CTO of Torq, and Itay Arbel, PM at Wiz, explain how organizations can build a coherent Cyber Security Incident Response Plan using Wiz CDR to analyze cloud events and threat alerts in their context together with Torq's next-generation orchestration and automation capabilities...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/11 6:20 p.m.9 views

The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors

How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/10 1:19 p.m.18 views

$100M ARR in 18 months: Wiz becomes the fastest-growing software company ever

Just two years since its launch, Wiz protects hundreds of the world’s leading organizations by enabling them to build faster and more securely in the cloud...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/10 1:12 p.m.16 views

Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta

Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead hyper-growth...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/10 1:11 p.m.14 views

Meet new Wiz board member Emily Heath

Q&A: Why Wiz caught the attention of DocuSign’s Former CTSO...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/10 1:11 p.m.6 views

New customers, new clouds, new challenges

Companies are turning to Wiz every day to gain instant visibility into their cloud environments...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/10 1:11 p.m.17 views

Breaking new ground in the cloud

In just two years, Wiz helps hundreds of customers protect their cloud infrastructure and innovate more quickly. As a result, Wiz has become the fastest-growing software company ever, scaling from $1M ARR to $100M ARR in just 18 months...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/09 3:9 p.m.11 views

Wiz debuts on Forbes Cloud 100 list

Founded in 2020, Wiz is the youngest company on the list...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/08 3:11 p.m.14 views

Join Wiz at Black Hat 2022

Wiz is excited to be back in Las Vegas for Black Hat 2022 as a sponsor of this year's conference. At Black Hat, you'll have the opportunity to learn from our research and product experts, experience live demos in our booth, and mingle with us after the conference...

6.8AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/05 5:55 a.m.7 views

Securing Azure middleware agents with new auto-patching capabilities

Wiz finds Azure customers remain unpatched from cloud middleware vulnerability and collaborates with Microsoft to introduce an auto-patching solution against cloud middleware security issues and make the cloud safer...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2022/08/05 5:51 a.m.29 views

Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI

Affected organizations are required to update installed agents that use the OMI cloud middleware software...

7.8CVSS6.9AI score0.0091EPSS
Exploits0
Wiz blog
Wiz blog
added 2022/07/27 5:46 a.m.17 views

See the best of Wiz at AWS re:Inforce

Visit our booth and attend one of our many sessions at re:Inforce this week...

7AI score
Exploits0
Total number of security vulnerabilities649