In the course of the modem security analysis, we found seven locally exploited vulnerabilities and one remotely exploited vulnerability. The combination of these vulnerabilities could allow an...
Introduction It’s been almost a week since DEVCORE published the technical details of CVE-2024-4577, a remote code execution vulnerability in PHP, closely followed by watchTowr’s PoC. Rest...
On 2024-06-13, an incident was reported, involving , gaining initial access via Insider threat, to achieve Data destruction.
Wiz's custom runtime rules and runtime response policies add new layers to your defense-in-depth strategy.
Powerful new remediation and response capabilities enable the real-time enforcement of organizational security policies and streamline incident management.
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like they deserve special...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Improper Authorization in Handler for...
And publicly reviewable server code means experts can "verify this privacy promise."
Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.
This summary provides an overview of the reports of APT and financial attacks on industrial enterprises, as well as the related activities of groups that have been observed attacking industrial...
Key Takeaways The DFIR Report Services → Click here to access the DFIR Lab related to this report ← Five new sigma rules were created from this report and added … Read More
The TellYouThePass ransomware gang has been exploiting the recently patched vulnerability (CVE-2024-4577) in PHP to deploy webshells and execute their encryptor payload on target systems. Attacks...
This is the first part of a threat hunting blog series I want to start. I plan to share some insights on several related ideas such as risk hunting, incident-based hunting, and leveraging a system...
This is the second part of my threat hunting blog series. Please click here for the first part.IntroductionIt was once put to me that, much like hunting in the wilderness, so much of what matters...
On Zoom, the cookie _zm_csp_script_nonce was used on every single page as part of the CSP script-src field. The CSP was set within an HTML tag that wasn't being escaped. So, it was possible to...
Welcome to the Cyber Threat Intelligence (CTI) Analyst Challenge! I am excited to introduce a comprehensive repository designed to enhance the skills and expertise of CTI analysts through a...
On 2024-06-08, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, targeting GitHub to achieve Data exfiltration.
Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.
Wiz Threat Research discovered a new variant of a cryptojacking campaign targeting misconfigured Kubernetes clusters in cloud environments. The threat actor abuses cluster anonymous access to...
The vulnerability is a known issue that was originally processed over 10 years ago. However, it's such a common mistake that languages keep making the mistake again and again. When executing...
Parser bugs can be real bad, given the wide spread use of them. The article has a few awards: most impactful, parser differential, hardest to fix and weirdest machine. For most impactful, it was...
XML eXternal Entity (XXE) injection is a vulnerability in XML parsing that allows for the adding of entities for file reads, SSRF and other issues. Most of the time, XXE bugs are fairly simple but...
On 2024-06-06, a campaign was reported, involving an unknown actor, gaining initial access via End-user compromise, while using LLMjacking, Cloud key compromise, Cloud API e, targeting Amazon...
devfiles are a mechanism for describes Workspaces in Kubernetes environments for Gitlab. Workspaces are isolated environments. The parent field can be used as a base for a workspace, but was...
Learn how Wiz's latest feature identifies outdated EKS clusters, helping organizations save millions on cloud spend. Find out how to optimize costs and reinvest savings in strategic initiatives.
Great news for State and Local Governments! Wiz for Gov is now StateRAMP authorized
On 2024-06-05, a campaign was reported, involving Gitloker, gaining initial access via End-user compromise, while using Repo encryption for extortion, targeting GitHub to achieve RansomOp.
Club Penguin fans hacked a Disney Confluence server to obtain information about their favorite game, but ended up with 2.5 GB of internal corporate data. Club Penguin, a popular MMO from 2005 to...
On 2024-06-05, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting ThinkPHP to achieve Resource...
Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q2 2024.