Wiz Threat Research recently spotted a new phishing campaign targeting AWS accounts.
The Wizlympic games have officially opened — do you have what it takes to become the master of cloud services?
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It’s so big, in fact, that few people even...
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It’s so big, in fact, that few people even...
Watchdog provisionally finds Advanced failed to act to protect data of 82,946 after ransomware attack in EnglandA software provider faces being fined more than £6m over a 2022 ransomware attack...
My co-worker Jason just published a super sick bug in the main implementation of EVM integration in Cosmos. Under the hood, the execution is done with Geth but the integration with Cosmos is...
Pwn2Own has an automotive category for hacking cars. They decided to tackle the CHARX system because A) the product was very different from other similar products and B) the firmware was easy to...
A large amount of crypto companies had their domains stolen. The only similarity between the domains was that they were all SquareSpace domains that were migrated over from Google Domains after...
Akash is a decentralized cloud computing platform built for the Cosmos ecosystem. It appears to have offer a product similar to EC2 instances on AWS. There are four main parties involved:...
Cato Network has a client application that allows access to access to resources from the Internet, cloud, SaaS or data center. The authors of this post looked into the application and found many...
When hunting for zero days, where do you even start? According to the author, sticking to target is good. In this case, their had been several reference counting bugs recently. When they...
The Wiz INtegration (WIN) Platform has come a long way in the year since it launched.
Paul Givan says details of 407 people mistakenly sent out included names, addresses and personal commentsThe education minister in Northern Ireland has “unreservedly” apologised after the personal...
The contract CvxRewardDistributor was exploited for 210K in value. This contracts job is to mint rewards for eligible stakers. When calling claimMultipleStaking on the contract, there is a...
KEY TAKEAWAYS StormBamboo successfully compromised an internet service provider (ISP) in order to poison DNS responses for target organizations. Insecure software update mechanisms were targeted...
On 2024-08-02, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, while using Jupyter Notebook misconfig abuse, targeting Jupyter Notebook to...
UTF-8 is annoying to look at. Am I looking at the characters or the codepoints? So, Sonar source (after some research that would have benefited from this) built the UTF-8 Visualizer. Just adding...
Wiz is expanding our existing detection capabilities to include pattern-based malware detection using YARA rules written by the Wiz Research team
The Apache Foundation's OFBiz, an open-source Java-based ERP framework, addressed in May 2024 a critical security vulnerability (CVE-2024-32113) involving path traversal that could lead to remote...
Protecting your assets: the fundamentals of physical security and enterprise resilience at Wiz
What we know about the CrowdStrike BSOD outage.
How the market is evolving and why now, more than ever, you need a CNAPP.
Authored by Lakshya Mathur, Vallabh Chole & Abhishek Karnik Recently we witnessed one of the most significant IT disruptions in... The post The Scam Strikes Back: Exploiting the CrowdStrike Outage...
Microsoft researchers have discovered a vulnerability in ESXi hypervisors, identified as CVE-2024-37085. This flaw is being exploited by ransomware operators to gain full administrative access to...
Authored by Lakshya Mathur and Abhishek Karnik As the world gears up for the 2024 Paris Olympics, excitement is building,... The post Olympics Has Fallen – A Misinformation Campaign Featuring a...
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray...
Discover how Wiz extends its existing RBAC with the Custom Roles feature, enabling you to tailor user permissions, maintain security, and stay aligned with business needs.
Phishing kits are "as-a-service" tools that help threat actors rapidly deploy phishing pages and campaigns. This blog examines key components, how they work, helpful resources, and a dive into the...
Officials seized documents from NSO Group to try to stop handover of information about notorious hacking tool, files suggestThe Israeli government took extraordinary measures to frustrate a...
Wiz researchers discover ongoing threat to popular testing framework.