내가 좋아할 만한 콘텐츠
More from me on s1ngularity, the Nx supply chain attack. We @wiz_io took advantage of the break in attacker activity to break down: * overall impact * efficacy of the AI usage (not great!) * TTPs and investigation breadcrumbs we've seen to date * our work to notify victims
😱Imagine waking up to see all your private github repositories were published publicly ... That's what happened overnight for >400 users/orgs and >5000 repositories s1ngularity (the Nx supply chain attack) continues to bear fruit for attackers. Rotate ASAP!
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wiz_io Covers permissions, secrets, 3rd-party Actions, ++ Use it to avoid learning these lessons the hard way: wiz.io/blog/github-ac…
🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com
Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.
![sshaybbc's tweet image. Re #IngressNightmare - until yesterday, there have been only one Critical and 12 Highs in K8s according to official CVE feed[k8s.io/docs/reference…] (since 2017). Its 2 and 15 now. This is big.](https://pbs.twimg.com/media/Gm4VrW2WAAEkask.png)
😺 Cat's out of the bag We've updated our blog post on the `tj-actions` / `reviewdog` incident to disclose the target. We also have new details on the root cause of the `reviewdog` element. h/t @sshaybbc for a ton of leg work here
Check this out before #KubeCon - we analyzed a huge amount of clusters to get some interesting security stats, like the adoption of the new EKS authentication mode. Hint - its low. Details inside 👇
🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to @PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…
Thrilled to finally share this—one of the coolest container escapes I’ve seen! 🔥 wiz.io/blog/nvidia-ai… A subtle logic bug that lets you break out to the host on ANY NVIDIA GPU-supported container 🤯 Can’t believe we had to sit on the technical details for so long! Incredible…
A couple of months ago, we at @wiz_io discovered a container escape vulnerability in the NVIDIA Container Toolkit, which impacts many cloud and AI SaaS providers. We're finally able to share the technical details. wiz.io/blog/nvidia-ai…
🚨 Supply chain attack alert: The curious case of #Ultralytics. A #GitHub Action compromise led to the release of malicious versions (8.3.41, 8.3.42) of the popular Ultralytics Python package, embedding a cryptominer into systems via PyPI.
🌩️ CLOUD THREAT MONTHLY ROUNDUP 🌩️ 🚨Storm-0501 targets hybrid environments, exploiting on-prem vulnerabilities & Microsoft Entra IDs. 🐧REF6138 hits Linux Apache2 with DDoS, cryptominers & malware. ⚠️perfctl hijacks Linux servers stealthily. Read more: threats.wiz.io
🎙️ Don't miss the latest #CryingOutCloud episode! @AmitaiCo & Eden dive into cloud security challenges, AI vulnerabilities, Info Stealers Mitigation, and more. Tune in! 📺 youtube.com/watch?v=RjdZgy… 🍏podcasts.apple.com/us/podcast/ai-…
We discovered a container escape vulnerability in the @NVIDIA Container Toolkit. It allows attackers to gain full access to the host's filesystem and achieve Remote Code Execution (RCE). Here's everything you need to know about CVE-2024-0132 🧵👇
Check out the first entry in our new blog series on cloud IOCs, a subject I'm quite passionate about. We've also launched a new open source collection of such indicators, available here (we'll be updating this regularly): github.com/wiz-sec-public…
Atomic #IOCs in Cloud Security ⚛️ Threat detection in the cloud requires new types of indicators of compromise sourced from threat intelligence. Check out our new blog series from @amitaico and @merav_br to learn more. wiz.io/blog/mastering…
United States 트렌드
- 1. Dolphins 32.6K posts
- 2. Ryan Rollins 9,318 posts
- 3. Ravens 46.7K posts
- 4. Lamar 43.9K posts
- 5. Mike McDaniel 3,559 posts
- 6. Derrick Henry 5,069 posts
- 7. Happy Halloween 130K posts
- 8. Achane 4,367 posts
- 9. #TNFonPrime 2,434 posts
- 10. Jackson 5 3,754 posts
- 11. Bucks 45.6K posts
- 12. Starks 2,735 posts
- 13. Mark Andrews 3,116 posts
- 14. Tulane 8,929 posts
- 15. #PhinsUp 4,259 posts
- 16. UTSA 3,028 posts
- 17. Ollie Gordon 2,494 posts
- 18. Giannis 23.2K posts
- 19. Kyle Hamilton 1,773 posts
- 20. Ware 5,695 posts
Something went wrong.
Something went wrong.