Was dir gefallen könnte
More from me on s1ngularity, the Nx supply chain attack. We @wiz_io took advantage of the break in attacker activity to break down: * overall impact * efficacy of the AI usage (not great!) * TTPs and investigation breadcrumbs we've seen to date * our work to notify victims
😱Imagine waking up to see all your private github repositories were published publicly ... That's what happened overnight for >400 users/orgs and >5000 repositories s1ngularity (the Nx supply chain attack) continues to bear fruit for attackers. Rotate ASAP!
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wiz_io Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: wiz.io/blog/github-ac…
🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com
Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.
![sshaybbc's tweet image. Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.](https://pbs.twimg.com/media/Gm4VrW2WAAEkask.png)
😺 Cat's out of the bag We've updated our blog post on the `tj-actions` / `reviewdog` incident to disclose the target. We also have new details on the root cause of the `reviewdog` element. h/t @sshaybbc for a ton of leg work here
Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇
🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to @PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…
Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible…
A couple of months ago, we at @wiz_io discovered a container escape vulnerability in the NVIDIA Container Toolkit, which impacts many cloud and AI SaaS providers. We're finally able to share the technical details. wiz.io/blog/nvidia-ai…
🚨 Supply chain attack alert: The curious case of #Ultralytics. A #GitHub Action compromise led to the release of malicious versions (8.3.41, 8.3.42) of the popular Ultralytics Python package, embedding a cryptominer into systems via PyPI.
🌩️ CLOUD THREAT MONTHLY ROUNDUP 🌩️ 🚨Storm-0501 targets hybrid environments, exploiting on-prem vulnerabilities & Microsoft Entra IDs. 🐧REF6138 hits Linux Apache2 with DDoS, cryptominers & malware. ⚠️perfctl hijacks Linux servers stealthily. Read more: threats.wiz.io
🎙️ Don't miss the latest #CryingOutCloud episode! @AmitaiCo & Eden dive into cloud security challenges, AI vulnerabilities, Info Stealers Mitigation, and more. Tune in! 📺 youtube.com/watch?v=RjdZgy… 🍏podcasts.apple.com/us/podcast/ai-…
We discovered a container escape vulnerability in the @NVIDIA Container Toolkit. It allows attackers to gain full access to the host's filesystem and achieve Remote Code Execution (RCE). Here's everything you need to know about CVE-2024-0132 🧵👇
Check out the first entry in our new blog series on cloud IOCs, a subject I'm quite passionate about. We've also launched a new open source collection of such indicators, available here (we'll be updating this regularly): github.com/wiz-sec-public…
Atomic #IOCs in Cloud Security ⚛️ Threat detection in the cloud requires new types of indicators of compromise sourced from threat intelligence. Check out our new blog series from @amitaico and @merav_br to learn more. wiz.io/blog/mastering…
United States Trends
- 1. Lakers 59.7K posts
- 2. Luka 58.9K posts
- 3. Wemby 23.2K posts
- 4. Marcus Smart 4,675 posts
- 5. #LakeShow 4,857 posts
- 6. Blazers 6,977 posts
- 7. Russ 8,855 posts
- 8. Ayton 12.2K posts
- 9. Richard 44.1K posts
- 10. Horford 1,646 posts
- 11. #RipCity N/A
- 12. #AEWDynamite 19.4K posts
- 13. Podz 2,265 posts
- 14. #AmphoreusStamp 4,488 posts
- 15. Champagnie 1,165 posts
- 16. Kuminga 3,139 posts
- 17. Spencer Knight N/A
- 18. Thunder 30.4K posts
- 19. #Survivor49 3,298 posts
- 20. Deni 5,892 posts
Was dir gefallen könnte
-
AWS Security Digest
@AwsSecDigest -
Amitai Cohen 🎗️🤟
@AmitaiCo -
Ami Luttwak
@amiluttwak -
Merav
@merav_br -
Ronen Shustin
@ronenshh -
Andrew Martin ⚡☸️
@sublimino -
alon
@41thexplorer -
Eli Goldberg
@EliG0ldberg -
Daniel Holmberg
@dholmbrg -
Itamar Gilad
@TrustingTrust -
Bryan Jones
@BryanJones_SE -
Lachlan Evenson
@LachlanEvenson
Something went wrong.
Something went wrong.