Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona...

Trigona ransomware has been active since at least June 2022, targeting MSSQL servers. Mimic ransomware was first identified in June 2022, with a January 2024 attack by a Turkish-speaking threat...

Chrome extensions have lots of power but do have limitations. They can read the DOM but they can't execute exe files, change settings or many other things. Securing Chrome Extensions from taking...

Alchemix Finance is a synthetic asset protocol around tokenizing future yield. Using the DAO, it's possible to access the future yield. This is done by issuing a synthetic token that represents...

NASCIO has released its top ten policy and technology priorities for 2024! Learn about how Wiz can help you meet all of the new priorities on the list.

SOAPHound — tool to collect Active Directory data via ADWSTL;DRSOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active...

In January 2024, researchers at RedHunt Labs discovered that Mercedes-Benz accidentally included an access token in a one of their public GitHub repositories that granted access to an internal...

We're excited to announce the release of a comprehensive guide to mastering Kubernetes security: "Kubernetes Security for Dummies." Wiz collaborated with Wiley publications to create this...

SMS services remain a critical part of telecommunications; they don't require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly...

SMS services remain a critical part of telecommunications; they don't require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly...

Authors: Axel Boesenach and Erik Schamper In this blog post we will go into a user-friendly memory scanning Python library that was created out of the necessity of having more control during...

Authors: Axel Boesenach and Erik Schamper In this blog post we will go into a user-friendly memory scanning Python library that was created out of the necessity of having more control during...

The Cloud Threat Landscape is a threat intelligence database that summarizes cloud incidents and offers insights into targeting patterns and initial access methods.

An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.

Mutual Wiz and HashiCorp customers can leverage this integration to scan their IaC configuration and enforce security best practices to reduce risk.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Osimis Web Viewer Vulnerability: Cross-site Scripting 2. RISK EVALUATION...

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2023. It was last updated on January 19, 2024.OctoberWe terminated 8 Y…

Metamask is a popular crypto wallet in the web browser. Even if you're not using it to store your funds, it's likely interacting with your hardware wallet. Obviously, having a safe crypto wallet...

Rounding bugs that lead to massive loss of funds have alluded me for a while. I see them in large hacks but don't understand where they're useful and how to find them. This post is a good step for...

A blockchain bridge is used when you want to have one asset owned by one blockchain on another. Having lots of funds on different blockchain makes it harder to use so bridges are a good thing....

Datadog observed an attacker leveraging a compromised IAM user access key to gain initial access to an AWS environment, at which point they immediately began spinning up hundreds of ECS Fargate...

Datadog observed an attacker leveraging a compromised IAM user access key to gain initial access to an AWS environment, at which point they checked SES quotes and enumerated cloud identities. The...

On January 19, 2023, Microsoft disclosed that email accounts of multiple employees had been compromised by Nobelium (which overlaps with APT29).According to Microsoft, beginning in late November...

Finding bugs dynamically via testing frameworks is amazing as a development team. Security issues and general bugs get through less and it requires less person power to go through. There are many...

On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning...

an illustrated blue box with the phrase "Threat Analysis Group" in white

On 2024-01-18, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Apache ActiveMQ to achieve Resource hijacking. The following tools...

On 2024-01-18, a campaign was reported, involving Mimo operator, gaining initial access via 1-day vulnerability, targeting VMware Horizon, Confluence Server, WSO2, Apache ActiveMQ, PaperCut to...

On 2024-01-18, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using Proxyjacking, targeting Docker to achieve Resource hijacking. The...

Gitlab is a platform similar to Github. Recently, a user found an awful password reset issue that borks the security of the entire system. I love the beginning sentence from the DayZeroSec folks:...