649 matches found
Enhancing Kubernetes security with user namespaces
Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25...
Unleashing the Power of No-Code Automation for Cloud Security with Wiz and Tines
The Wiz and Tines partnership empowers organizations to protect their cloud infrastructure at scale with no-code automation...
CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know
Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel CWP unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently...
Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident
Learn how to detect malicious persistence techniques in AWS, GCP & Azure after potential initial compromise, like with the CircleCI incident...
Wiz launches Australia cloud data center further demonstrating commitment to ANZ and multinational organizations
Wiz announces availability of new regional data center and adds support for Essential Eight controls...
New Year’s Resolutions: Where CISOs plan to invest and scale back in 2023
Hear from security leaders about their plans, strategies, and priorities for the new year...
Lateral movement risks in the cloud and how to prevent them – Part 2: from compromised container to cloud takeover
In this second blog post, we will discuss lateral movement risks from Kubernetes to the cloud. We will explain attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environments and mitigate risk...
Malicious PyTorch dependency 'torchtriton' on PyPI: everything you need to know
The developers of PyTorch a popular machine-learning framework recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys...
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know
Critical RCE vulnerability found in Linux kernel's ksmbd module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems...
OWASSRF, a new exploit for Exchange vulnerabilities, exploited in the wild: everything you need to know
A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently...
Automatically discover and secure your APIs with Wiz Dynamic Scanner
Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs...
Wiz introduces Dangling Domain Detection to help you prevent subdomain takeovers
Easily detect dangling domains to reduce the risk of phishing campaigns and cookie harvesting of organization’s customers...
Wiz enhances dynamic scanner to analyze and validate external exposure
Wiz extends its cloud analysis with an external scanner, giving customers an attacker's view of their externally exposed resources to reduce noise...
Use cases for Delegated Administrator for AWS Organizations
Learn about how AWS's recently released Delegated Administrator for AWS Organization can be used to solve common problems at your company and the issues you might run into with it...
Introducing PEACH, a tenant isolation framework for cloud applications
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface...
CVE-2022-27518 exploited in the wild by APT5: everything you need to know
Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently...
Secret-based cloud supply-chain attacks: Case study and lessons for security teams
CI/CD pipelines, as an essential part of the software development process, are an attractive target to malicious actors. Based on our research of cloud environments, we share common misconfigurations and provide tips on how to remediate them in order to prevent supply-chain attacks...
Introducing Azure Least Privilege: Enforce least privilege access for Azure environments
Wiz extends its CIEM capabilities to enable least privilege access for Azure environments...
Top Security Talks from AWS re:Invent 2022
AWS re:Invent is the largest conference of the year for Amazon Web Services AWS with hundreds of talks. We picked our favorite cloud security talks that are available online...
Uncover what is really deployed in your environment with the enhanced Wiz inventory
Wiz adds full detection of cloud services for deeper visibility and control over shadow IT...
Navigating the road ahead for CISOs following the Uber verdict
Hear from industry experts to understand the challenges ahead and best practices CISOs can follow to avoid issues in the future...
Wiz introduces agentless solution for detecting host and application misconfigurations
Wiz extends its risk assessment to support host and application level misconfigurations, enabling customers to ensure security and compliance posture for applications...
Giving thanks for a more secure cloud
We'd like to take a moment this holiday season to recognize our greatest asset—our customers...
Wiz at re:Invent 2022 (event recap)
Get all the news from Las Vegas and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments...
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access
How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation...
Wiz integrates with AWS Security Hub to help you better manage your AWS security posture
New integration enables AWS customers to send Wiz security issues detected in AWS resources to Security Hub...
Wiz integrates with Amazon Security Lake to improve cloud security through cloud security data sharing
New integration enables customers to consolidate security logs, run investigations and analyze security metrics in their customer-owned data lake...
Wiz and BigID expand partnership to extend visibility and control for enterprise data to prevent breaches
Deeper partnership accelerates end-to-end cloud-native data protection from discovery to enforcement...
Wiz becomes the first CNAPP to deliver integrated Data Security Posture Management
Wiz expands its platform to proactively eliminate attack paths to discovered critical data...
Wiz and Google Cloud’s Security Command Center: Modern threat detection and response rooted in risk prioritization
Fully understand the impact and architecture behind any threat to streamline and speed effective response with a first-of-its-kind integration combining the Wiz Security Graph’s deep cloud and multi-cloud risk context with Google Cloud’s Security Command Center’s advanced threat detection...
Wiz introduces VMware vSphere support to provide a unified hybrid cloud security platform
vSphere integration makes Wiz the first cloud security platform to protect both on-premises and cloud environments without an agent...
OpenSSL vulnerabilities: Everything you need to know
On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts...
Wiz rapidly finds and removes risks across the container development lifecycle and entire cloud environment
New Wiz capabilities protect containerized applications by bringing deep cloud context and visibility to quickly identify and prioritize risks across containers, Kubernetes and cloud environments without agents...
KubeCon + CloudNativeCon North America 2022: Our top 10 sessions to attend
KubeCon 2022 will be full of great presentations and content. Here's our take on the conference sessions apart from our own that you shouldn't miss, whether you're onsite or attending virtually...
Meet Wiz at KubeCon North America
Wiz will be attending and sponsoring KubeCon for the first time and we have a lot to share regarding how enterprises can better secure their container and Kubernetes environments. Come say hi!...
Lateral movement risks in the cloud and how to prevent them – Part 1: the network layer (VPC)
In this first blog post, we will introduce lateral movement as it pertains to the VPC. We will discuss attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk...
Wiz Receives Morgan Stanley Innovation Award at 20th Innovation Summit
Recognition in the Cyber category honors Wiz for its exceptional technology partnership with one of the world’s leading financial institutions...
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
Before it was patched, AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required...
How Wiz and Torq Combine to Mitigate Existential Cloud Security Threats
Leonid Belkind, CTO of Torq, and Itay Arbel, PM at Wiz, explain how organizations can build a coherent Cyber Security Incident Response Plan using Wiz CDR to analyze cloud events and threat alerts in their context together with Torq's next-generation orchestration and automation capabilities...
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others...
$100M ARR in 18 months: Wiz becomes the fastest-growing software company ever
Just two years since its launch, Wiz protects hundreds of the world’s leading organizations by enabling them to build faster and more securely in the cloud...
Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta
Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead hyper-growth...
Meet new Wiz board member Emily Heath
Q&A: Why Wiz caught the attention of DocuSign’s Former CTSO...
New customers, new clouds, new challenges
Companies are turning to Wiz every day to gain instant visibility into their cloud environments...
Breaking new ground in the cloud
In just two years, Wiz helps hundreds of customers protect their cloud infrastructure and innovate more quickly. As a result, Wiz has become the fastest-growing software company ever, scaling from $1M ARR to $100M ARR in just 18 months...
Wiz debuts on Forbes Cloud 100 list
Founded in 2020, Wiz is the youngest company on the list...
Join Wiz at Black Hat 2022
Wiz is excited to be back in Las Vegas for Black Hat 2022 as a sponsor of this year's conference. At Black Hat, you'll have the opportunity to learn from our research and product experts, experience live demos in our booth, and mingle with us after the conference...
Securing Azure middleware agents with new auto-patching capabilities
Wiz finds Azure customers remain unpatched from cloud middleware vulnerability and collaborates with Microsoft to introduce an auto-patching solution against cloud middleware security issues and make the cloud safer...
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI
Affected organizations are required to update installed agents that use the OMI cloud middleware software...
See the best of Wiz at AWS re:Inforce
Visit our booth and attend one of our many sessions at re:Inforce this week...