Bạn có thể thích
More from me on s1ngularity, the Nx supply chain attack. We @wiz_io took advantage of the break in attacker activity to break down: * overall impact * efficacy of the AI usage (not great!) * TTPs and investigation breadcrumbs we've seen to date * our work to notify victims
😱Imagine waking up to see all your private github repositories were published publicly ... That's what happened overnight for >400 users/orgs and >5000 repositories s1ngularity (the Nx supply chain attack) continues to bear fruit for attackers. Rotate ASAP!
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wiz_io Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: wiz.io/blog/github-ac…
🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com
Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.
![sshaybbc's tweet image. Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.](https://pbs.twimg.com/media/Gm4VrW2WAAEkask.png)
😺 Cat's out of the bag We've updated our blog post on the `tj-actions` / `reviewdog` incident to disclose the target. We also have new details on the root cause of the `reviewdog` element. h/t @sshaybbc for a ton of leg work here
Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇
🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to @PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…
Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible…
A couple of months ago, we at @wiz_io discovered a container escape vulnerability in the NVIDIA Container Toolkit, which impacts many cloud and AI SaaS providers. We're finally able to share the technical details. wiz.io/blog/nvidia-ai…
🚨 Supply chain attack alert: The curious case of #Ultralytics. A #GitHub Action compromise led to the release of malicious versions (8.3.41, 8.3.42) of the popular Ultralytics Python package, embedding a cryptominer into systems via PyPI.
🌩️ CLOUD THREAT MONTHLY ROUNDUP 🌩️ 🚨Storm-0501 targets hybrid environments, exploiting on-prem vulnerabilities & Microsoft Entra IDs. 🐧REF6138 hits Linux Apache2 with DDoS, cryptominers & malware. ⚠️perfctl hijacks Linux servers stealthily. Read more: threats.wiz.io
🎙️ Don't miss the latest #CryingOutCloud episode! @AmitaiCo & Eden dive into cloud security challenges, AI vulnerabilities, Info Stealers Mitigation, and more. Tune in! 📺 youtube.com/watch?v=RjdZgy… 🍏podcasts.apple.com/us/podcast/ai-…
We discovered a container escape vulnerability in the @NVIDIA Container Toolkit. It allows attackers to gain full access to the host's filesystem and achieve Remote Code Execution (RCE). Here's everything you need to know about CVE-2024-0132 🧵👇
Check out the first entry in our new blog series on cloud IOCs, a subject I'm quite passionate about. We've also launched a new open source collection of such indicators, available here (we'll be updating this regularly): github.com/wiz-sec-public…
github.com
GitHub - wiz-sec-public/wiz-research-iocs
Contribute to wiz-sec-public/wiz-research-iocs development by creating an account on GitHub.
Atomic #IOCs in Cloud Security ⚛️ Threat detection in the cloud requires new types of indicators of compromise sourced from threat intelligence. Check out our new blog series from @amitaico and @merav_br to learn more. wiz.io/blog/mastering…
United States Xu hướng
- 1. Elander 2,026 posts
- 2. Tony Vitello 9,274 posts
- 3. Danny White 1,765 posts
- 4. SNAP 642K posts
- 5. #Married2Med 1,095 posts
- 6. #GirlPower N/A
- 7. #GirlBoss N/A
- 8. San Francisco Giants 3,832 posts
- 9. #LoveIsBlindS9 2,863 posts
- 10. #SFGiants N/A
- 11. Jay Johnson N/A
- 12. Surviving Mormonism N/A
- 13. East Wing 131K posts
- 14. Buster Posey N/A
- 15. Eastern Pacific 4,536 posts
- 16. FIDE 5,491 posts
- 17. Roger Goodell 1,539 posts
- 18. Katherine Clark 6,249 posts
- 19. Knoxville 1,269 posts
- 20. Cattle Ranchers 17.2K posts
Bạn có thể thích
-
AWS Security Digest
@AwsSecDigest -
Amitai Cohen 🎗️🤟
@AmitaiCo -
Ami Luttwak
@amiluttwak -
Sascha Grunert
@saschagrunert -
Merav
@merav_br -
Ronen Shustin
@ronenshh -
Andrew Martin ⚡☸️
@sublimino -
alon
@41thexplorer -
Eli Goldberg
@EliG0ldberg -
Daniel Holmberg
@dholmbrg -
Itamar Gilad
@TrustingTrust -
Lachlan Evenson
@LachlanEvenson
Something went wrong.
Something went wrong.