Lucene search
K
WizblogRecent

647 matches found

Wiz blog
Wiz blog
added 2025/03/17 9:28 p.m.35 views

新たなGitHub Actionのサプライチェーン攻撃: reviewdog/action-setup

tj-actions/changed-files に対するサプライチェーン攻撃により、多くのリポジトリが週末に機密情報を漏えいしました。Wiz Research は、reviewdog/actions-setup@v1 に対する追加のサプライチェーン攻撃を発見しており、これが tj-actions/changed-files の侵害に寄与した可能性があります。...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2025/03/15 4:19 p.m.18 views

GitHub Action tj-actions/changed-files supply chain attack: everything you need to know

A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2025/03/07 1:0 p.m.16 views

Key Takeaways from the 2025 State of AI in the Cloud Report

From DeepSeek adoption to impact on security and governance...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/03/06 2:8 p.m.10 views

Introducing new Slack AI App for Wiz and Bi-Directional Slack Integration

Wiz enhances Slack integration to streamline risk investigation and response and bring security knowledge directly to Slack...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/28 4:41 p.m.8 views

Emily Heath’s 5 Key Questions CISOs Should Ask Before Board Meetings

Experts share a powerful framework and strategies for effective board meeting preparation and communication...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/24 2:0 p.m.5 views

Wiz Named #1 CDR Solution by G2

Wiz was named the leader in the Winter 2025 CDR Grid Report, based on independent customer reviews...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/20 4:38 p.m.9 views

2025 State of Code Security: Key Trends and Risks

Explore the key insights on code and cloud security risks shaping 2025...

7.6AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/20 1:0 p.m.13 views

Introducing Wiz Lens: Role-based views for every security team

Empowerment and speed for security teams without losing unified cloud context...

7.4AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/17 12:0 p.m.2 views

The Role of Runtime Security in Cloud Environments

Discover how Wiz's innovative hybrid approach revolutionizes runtime security for the modern cloud era...

7.4AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/14 11:20 a.m.6 views

The Overlooked Attack Surface: Securing Code Repositories, Pipelines, and Developer Infrastructure

Learn how Wiz for ASPM extends security to developer infrastructure by continuously enforcing secure defaults and detecting threats across the software supply chain...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/13 1:0 p.m.4 views

Dev and Sec: The Perfect Pair <3

Discover how this dynamic duo creates secure, agile environments – and how you can foster their romance in your organization...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/12 11:29 a.m.37 views

Cisco and Wiz Help Customers Modernize Cybersecurity

Enhanced collaboration deepens cloud security capabilities, democratizes security across cloud businesses...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/11 6:18 p.m.12 views

How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132)

Technical details on a critical severity vulnerability CVE-2024-0132 in NVIDIA Container Toolkit and GPU Operator, affecting cloud service providers...

9CVSS9AI score0.37055EPSS
Exploits2
Wiz blog
Wiz blog
added 2025/02/10 1:29 p.m.10 views

Our Container Security AMA: You asked, Wiz answered

Check out the top comments and responses from our recent containers AMA...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/02/03 1:0 p.m.9 views

Introducing the Wiz Certified Program: Validate Your Expertise and Showcase Your Mastery!

The Wiz Certified program refines your cloud security skills to help you grow your career and stand out among your industry peers...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/30 1:0 p.m.8 views

The Basics of AWS Infrastructure Security

Discover key strategies to strengthen your AWS security posture, from applying protection at all layers to understanding shared responsibility in the cloud...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/29 8:47 p.m.66 views

Wiz ResearchがDeepSeekの公開データベースを発見、チャット履歴を含む機密情報が流出

DeepSeekが所有する公開アクセス可能なデータベースにより、データベース操作を完全に制御できる状態になっており、内部データへのアクセスも可能でした。この漏えいには、100万行以上のログストリームが含まれており、極めて機密性の高い情報が含まれています。...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/28 2:0 p.m.14 views

Key Performance Indicators for Effective DSPM Implementation

What are the most important KPI’s for a successful DSPM implementation? Let's explore what KPI’s to monitor, why they matter, and how you can take advantage of them for improved security at your org...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/27 2:0 p.m.20 views

Cloud Detection Without Drowning: The Zero-Noise Approach

By adopting the 'Zero Noise' approach—prioritizing attacker-focused detections, continuous feedback loops, and a 'no alert left behind' mentality—security teams can cut through cloud alert noise, enabling swift and precise responses to true threats...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/24 2:0 p.m.10 views

The anatomy of a Toxic Combination of Risk

How to uncover potential threats and eliminate critical risks in your cloud environment...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/23 2:0 p.m.7 views

Securing the Container Frontier: Kubernetes Trends Report 2025

From rapid-fire attack attempts to evolving defense strategies, our Kubernetes Security Report paints a vivid picture of a dynamic landscape. Check out the preview here...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/15 9:56 a.m.6 views

Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs

Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/14 4:30 p.m.58 views

Wiz Recognized as a 2024 Customers’ Choice in Gartner® Peer Insights report.

Wiz named as a Customers’ Choice for Cloud Native Application Protection Platforms CNAPP...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/11 5:23 p.m.31 views

Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)

The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently...

10CVSS7.3AI score0.98545EPSS
Exploits5
Wiz blog
Wiz blog
added 2025/01/09 2:59 p.m.7 views

Welcoming Our New CFO & President

Fazal Merchant joins our leadership team as we look to what lies ahead...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/09 2:23 p.m.25 views

CVE-2025-0282 and CVE-2025-0283: Critical Ivanti 0days Exploited in the Wild

Detect and mitigate CVE-2025-0282, a critical RCE vulnerability in Ivanti Connect Secure and CVE-2025-0283, exploited as 0day vulnerabilities in the wild. Organizations should patch urgently...

9CVSS7AI score0.99971EPSS
Exploits13
Wiz blog
Wiz blog
added 2025/01/06 3:0 p.m.20 views

2025 Cloud Security Predictions: Trends to Look Out for

Wizards share some of the cloud security trends to look out for in 2025...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/03 3:0 p.m.46 views

Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)

Wiz’s engineering team discovered a high-severity signature verification bypass in Nuclei, one of the most popular open-source security tools, which could potentially lead to arbitrary code execution...

7.8CVSS7.6AI score0.01118EPSS
Exploits0
Wiz blog
Wiz blog
added 2025/01/01 2:0 p.m.16 views

Avoiding mistakes with AWS OIDC integration conditions

Let’s explore some common missteps in securing your AWS OIDC...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/20 1:0 p.m.8 views

The many ways to obtain credentials in AWS

Dive into the complexities of AWS IAM credentials and uncover how defenders can stay ahead with in-depth knowledge of SDK behaviors and service-specific mechanisms...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/17 5:31 p.m.10 views

Unpacking Diicot - Evolving Campaign Targeting Linux Environments

Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/16 2:0 p.m.17 views

Under the Radar: Exploring Spring Boot Actuator Misconfigurations

Wiz Threat Research investigates misconfigurations in Spring Boot Actuator’s endpoints that can leak environment variables, passwords, and API keys, and even lead to remote code execution...

8.1AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/15 2:7 p.m.24 views

New Developments in LLM Hijacking Activity

Discover the latest in LLM hijacking activity, including a dive into the JINX-2401 campaign targeting AWS environments with IAM privilege escalation tactics...

7.5AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/11 1:0 p.m.8 views

Top AWS re:Invent Announcements for Security Teams in 2024

AWS re:Invent 2024 brought an avalanche of announcements, with over 500 updates since November. Let's spotlight the most impactful ones for security teams, from Resource Control Policies to centrally managed root access...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/10 11:3 a.m.9 views

A Cloud-First Approach to Vulnerability Remediation: A Holistic Approach

Learn about how Wiz helps organizations operationalize vulnerability remediation with true code-to-cloud visibility...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/10 12:30 a.m.13 views

Wizは日本の新たなテナントの創設をサポートします

当社は、製品サポートとリーダーシップの拡大を通じて、この地域への取り組みを継続します。...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/09 3:56 p.m.15 views

Ultralytics AI Library Hacked via GitHub for Cryptomining

A supply chain attack on Ultralytics exploited GitHub Actions to inject malicious PyPI packages. Discover how it unfolded and the steps to mitigate the risk...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/09 2:6 p.m.5 views

Wiz at Re:Invent 2024

See what’s new with Wiz at Re:Invent 2024 and learn about how Wiz and AWS continue to strengthen their strategic partnership, keeping AWS customers’ environments secure...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/09 12:0 p.m.10 views

Authorized Agility: Wiz adds Code Security in the FedRAMP offering (Wiz for Gov)

Wiz is excited to announce the addition of Wiz Code into our Wiz for Gov offering, enabling organizations to visualize attack paths from cloud-to-code and bring guardrails into the software development lifecycle...

7.4AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/05 2:0 p.m.4 views

Wiz Defend: Delivering the Promise of Cloud-Native Security Operations

A new approach to detect and respond to cloud-native threats...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/03 12:0 p.m.12 views

Introducing Wizdom Community: A New Era of Cloud Security Collaboration

Discover Wizdom: A vibrant community where cloud security professionals connect, collaborate, and lead the charge toward a safer digital future...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/12/02 2:6 p.m.8 views

Wiz Defend is Here: Threat detection and response born for the cloud

Empower SecOps teams to stop incidents before they become breaches...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/28 5:0 a.m.12 views

How to use AWS Resource Control Policies

Unlock the Power of AWS Resource Control Policies: Enforce Security and Streamline Governance Across Your Organization...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/26 12:2 p.m.6 views

Wiz collaborates with NVIDIA to advance ML research for data classification

Wiz Research taps Llama 3 model NVIDIA NIM microservices for sensitive data classification...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/26 12:0 p.m.8 views

Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz

Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/22 1:50 p.m.21 views

Wiz observes exploitation in the wild of PAN-OS vulnerabilities

Detect and mitigate CVE-2024-0012 and CVE-2024-9474, PAN-OS vulnerabilities which Wiz Threat Research has observed being exploited in-the-wild. Organizations should patch urgently...

9.8CVSS7AI score0.99698EPSS
Exploits18
Wiz blog
Wiz blog
added 2024/11/21 2:47 p.m.10 views

Wiz to acquire Dazz, transforming risk remediation from cloud to code

Together, we'll reinvent ASPM and code-to-cloud remediation...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/21 11:0 a.m.30 views

Wiz Remediation and Response - Now available for Azure and GCP environments

Powerful new remediation and response capabilities enable the real-time enforcement of organizational security policies and streamline incident management...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/20 11:0 a.m.8 views

Introducing The Champion Center: Operationalize and Measure Cloud Security Maturity Across Your Organization

Centralize security insights, scale adoption, and demonstrate measurable cloud security progress with Wiz...

7.4AI score
Exploits0
Wiz blog
Wiz blog
added 2024/11/14 6:44 p.m.9 views

Kubernetes Audit Log “Gotchas”

How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection...

7.3AI score
Exploits0
Total number of security vulnerabilities647