Service Control Policies (SCPs) can be a great way to prevent actions from happening in AWS accounts. In this post, we will illustrate a specific use case of SCPs that protects the security...

Breakdown of a recent Gozi trojan Italian targeted campaign

ScrubCrypt - Uncovering the rebranded Jlaive crypter

On 2023-03-16, a campaign was reported, involving UNC3886, gaining initial access via 1-day vulnerability, targeting ESXi Server, Fortinet Fortigate to achieve Data exfiltration. The following...

Wiz CLI and Wiz Admission Controller enable developers to leverage a single security policy throughout the software pipeline for cloud-native environments.

In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.

On 2023-03-15, a campaign was reported, involving an unknown actor, gaining initial access via Cloud native misconfig, while using Cloud compute cryptojacking, K8s anonymous auth abuse, targeting...

Corey Ham // Tl;dr Use a password manager instead of browser storage for passwords, credit card numbers, and other autofill items. Personal security: Do not save anything sensitive in […] The post...

Stay compliant with Wiz’s 100+ compliance frameworks, generate quick compliance reports, and remediate issues faster with remediation guidance and auto-remediation.

CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to...

GoBruteforcer is a new kind of botnet malware that is written in Golang, and targets web servers, specifically those running phpMyAdmin, MySQL, FTP and Postgres services. The following information...

Pod Security Policies were removed in Kubernetes v1.25 — learn how to migrate from Pod Security Policies to Pod Security Standards

Wiz for DSPM, now generally available, helps customers reduce the time it takes to discover and fix cloud data exposure before it becomes a costly breach

On 2023-03-09, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting Aspera Faspex to achieve RansomOp. The following tools were observed: IceFire.

On 2023-03-09, a campaign was reported, involving UNC2970, gaining initial access via , while using Azure AD abuse, Intune abuse,.

Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […] The post...

Leading cybersecurity companies partner to increase customer value and disrupt the enterprise security industry

Why a customer focus unlocks new levels of innovation and enables security team success

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.

I'm surprised this is my first blog of 2023, but I have been more busy than usual. My work at the Equinix Threat Analysis Center (ETAC) has been very engaging and when I'm not chasing cyber bad...

This post is from 2019, not was a defense-in-depth measure that I had not seen before. So, I thought it was worth making a note about! In OpenBSD, the system will block all system calls (syscall)...

Breakdown of a BumbleBee PowerShell Dropper & extracting the config of BumbleBee

Hear from John Visneski, CISO of MGM Studios about how the organization fosters collaboration and transparency across business units using Wiz.

Wiz and Procter & Gamble experts share their security insights and tips

*This article contains descriptions of sexual and gender-based violence that some readers may find distressing* Open source methods are increasingly used to document and report on conflicts around...

The Russian parliament is set to meet in order to assess the situation with PMC (Private Military Company) Ryodan following mass detentions across the country. Dmitry Peskov, the Press Secretary...

Since early September 2022, tens of thousands of websites aimed at East Asian audiences have been hacked, redirecting hundreds of thousands of their users to adult-themed content.

Dynamic is a money market aggregator built that helps to enhance the DeFi lending experience. DYNA is the token of the ecosystem. When staking this token, a user can earn interest on it. The...

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: Micros Clinician (A51200) app and InterStim X Clinician (A51300) app Vulnerabilities: Unverified...

After Qualys posted a sudo vulnerability that shook the world a while ago, the author of the post was wondering what other setuid binaries installed have vulnerabilities. They specifically decided...