On 2024-01-31, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, while using Credential stuffing, VPN anonymization, Email C2, to achieve Data...

On 2024-01-31, an incident was reported, involving an unknown actor, gaining initial access via Exposed secret, while using Cloud API e, Create new cloud user, Create or modify firewall or...

Learn why Forrester recognized Wiz as the top ranked in the current offering category on the market out of the top 13 providers, and how their analysis connects with the Wiz vision.

Flask is a very popular Python based web framework. The author was poking around their tech stack and noticed a library called Flask_Session, which was used for server-side session application...

Wiz is releasing a new report providing insight into various jobs in the field of cloud security and compensation packages they offer; here are 5 key facts from our data.

Chess.com is a very popular online Chess platform. The author decided to look into this site for security issues. On the platform, you can add friends. When reviewing this request, it is a GET...

SMTP, the Simple Mail Transfer Protocol, is the base email protocol that helps run the world today. Finding emails in servers could allow for terrible email spoofing and mass havoc being caused....

Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona...

Trigona ransomware has been active since at least June 2022, targeting MSSQL servers. Mimic ransomware was first identified in June 2022, with a January 2024 attack by a Turkish-speaking threat...

Chrome extensions have lots of power but do have limitations. They can read the DOM but they can't execute exe files, change settings or many other things. Securing Chrome Extensions from taking...

Alchemix Finance is a synthetic asset protocol around tokenizing future yield. Using the DAO, it's possible to access the future yield. This is done by issuing a synthetic token that represents...

NASCIO has released its top ten policy and technology priorities for 2024! Learn about how Wiz can help you meet all of the new priorities on the list.

SOAPHound — tool to collect Active Directory data via ADWSTL;DRSOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active...

In January 2024, researchers at RedHunt Labs discovered that Mercedes-Benz accidentally included an access token in a one of their public GitHub repositories that granted access to an internal...

We're excited to announce the release of a comprehensive guide to mastering Kubernetes security: "Kubernetes Security for Dummies." Wiz collaborated with Wiley publications to create this...

SMS services remain a critical part of telecommunications; they don't require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly...

SMS services remain a critical part of telecommunications; they don't require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly...

Authors: Axel Boesenach and Erik Schamper In this blog post we will go into a user-friendly memory scanning Python library that was created out of the necessity of having more control during...

Authors: Axel Boesenach and Erik Schamper In this blog post we will go into a user-friendly memory scanning Python library that was created out of the necessity of having more control during...

The Cloud Threat Landscape is a threat intelligence database that summarizes cloud incidents and offers insights into targeting patterns and initial access methods.

An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.

Mutual Wiz and HashiCorp customers can leverage this integration to scan their IaC configuration and enforce security best practices to reduce risk.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Osimis Web Viewer Vulnerability: Cross-site Scripting 2. RISK EVALUATION...

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2023. It was last updated on January 19, 2024.OctoberWe terminated 8 Y…

Metamask is a popular crypto wallet in the web browser. Even if you're not using it to store your funds, it's likely interacting with your hardware wallet. Obviously, having a safe crypto wallet...

Rounding bugs that lead to massive loss of funds have alluded me for a while. I see them in large hacks but don't understand where they're useful and how to find them. This post is a good step for...

A blockchain bridge is used when you want to have one asset owned by one blockchain on another. Having lots of funds on different blockchain makes it harder to use so bridges are a good thing....

Datadog observed an attacker leveraging a compromised IAM user access key to gain initial access to an AWS environment, at which point they immediately began spinning up hundreds of ECS Fargate...

Datadog observed an attacker leveraging a compromised IAM user access key to gain initial access to an AWS environment, at which point they checked SES quotes and enumerated cloud identities. The...

On January 19, 2023, Microsoft disclosed that email accounts of multiple employees had been compromised by Nobelium (which overlaps with APT29).According to Microsoft, beginning in late November...