Wiz

Lightning-fast reactions are crucial in the face of supply chain compromises like the #XZUtils vulnerability! ⚡ Join us for a special rapid-response webinar with the Wiz Research team: Alon Schindel - Director of Data & Threat Research And our Threat Researchers: Amitai Cohen Danielle Aminov Merav Bar 📅 Date: Tuesday, April 9th 🕗 Time: 8:00AM PST | 11:00AM EST We'll dive deep into the tactics deployed, offer guidance on identifying compromised XZ Utils versions, and showcase how Wiz tackles vulnerabilities like this. Don't miss this chance to ask your questions live 📣 Register below: https://lnkd.in/gHy3qmZd

🚨 BREAKING--> Wiz Research identifies critical risks in #AI-as-a-service 🚨 The world has never seen a technology adopted at the pace of #AI, But as adoption skyrockets so do the security risks. Our recent collaboration with Hugging Face sheds light on these challenges and underscores the urgent need for industry-wide regulation and security standards. Our joint findings revealed that malicious models could pose a threat, granting attackers cross-tenant access to sensitive data. Specifically, our research uncovered two critical risks within Hugging Face's infrastructure: 🛡️ Shared inference infrastructure takeover risk. 🔒 Shared CI/CD takeover risk. But the implications extend beyond Hugging Face: As AI-as-a-service platforms become increasingly prevalent, ensuring robust security measures is paramount. Our collaboration with Hugging Face underscores the importance of industry partnerships in fortifying infrastructure against evolving threats. Huge kudos to Hugging Face for proactively implementing Wiz #CSPM and vulnerability scanning. Their commitment to annual penetration testing sets a new standard for #AIsecurity. Read more below https://lnkd.in/eX9AV3-b

The question you need to ask: Are you affected by the XZ Util Backdoor? 🚪 The #XZUtils backdoor caused some panic throughout the security community. the Wiz research team has been on the frontline, dissecting the threat and offering solutions. With a defense-in-depth strategy, Wiz customers were swift in their response, thanks to three key methods: automated agentless scanning, SBOM referencing, and our cloud detection and response with the Linux runtime sensor. For those impacted, consulting specific Linux distribution remediation guidelines is essential. Assessing your organization's exposure could take from minutes to under 2 hours, depending on your approach. 🔍 Struggling to understand if you're impacted by this? It's imperative to conduct a thorough security assessment with agentless scanning or SBOM search. ⚔️ Let's prevent future risks! Github SPM and the Wiz CLIs offer practical solutions to prevent vulnerabilities, misconfigurations, and secrets before getting to production. 🛡️ Considering the possibility of unnoticed backdoors, make sure you have a defense-in-depth strategy using Wiz CDR and runtime sensor. This is the best defense for recognizing anomalous behavior in your environment. Read more about defense in depth below: https://lnkd.in/gG3hVTgB

Ever wondered how a cloud security startup secures its own infrastructure? Here's the inside scoop from Wiz ✨ Our Security Team utilizes the very own power of Wiz to monitor all of our cloud-based infrastructure and services, ensuring top-notch security from code to cloud. 💻☁️ Meet #Wiz4Wiz - our secret weapon in the battle against cyber threats. From day one, it's been the cornerstone of our cloud security strategy, safeguarding our most sensitive assets and empowering our teams to collaborate efficiently. And let's not forget about democratizing security across Wiz. With Wiz4Wiz, every team member becomes an extension of our security team. Developers and DevOps seamlessly integrate security into their day-to-day work, fostering a culture of collaboration and continuous improvement. 🤝 Learn more below https://lnkd.in/gTMzDBNd

We wanted to make it simple for you...Here are the top security talks from #KubeCon Europe 2024 🙌 Last week, KubeCon rocked the Paris Expo with over 12,000 attendees and a whopping 246 (!) videos now available online. We created for you a list of 5 standout sessions that caught our eye: From insights on threat intelligence, admission controller policies, container image security, and eBPF, to privilege escalation techniques. 🎥 Huge shoutout to Cloud Native Computing Foundation (CNCF) for the swift content release! Check out the full list below https://lnkd.in/eJ3AT4xB

Unplug. Unwind. Unphish. Welcome to the cybersecurity mindfulness heaven: CISOasis.com 🌄 Where meditation, cloud security, and spirituality come together as ONE! 🌈 Discover 12+ guided meditation tracks to help you find your cybersecurity zen and beat burnout 🧘🏻♀️🌿

🎙️ Tune in to the special edition episode of #CryingOutCloud with all you need to know on the XZ Utils vuln 🚨 Join hosts Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack shaking the industry: The backdoor in XZ Utils. In this episode: 🔍 The Alert from CISA regarding CVE-2024-3094, a vulnerability in #XZUtils Data Compression Library versions 5.6.0 and 5.6.1 🛑 The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems 🛡️ Security Team Action Plans Stay informed and protect your systems: 🎧 Listen on Spotify https://lnkd.in/ecnTph4b 🍏 Listen on Apple Podcasts https://lnkd.in/eXhFsReS 📺 Watch on YouTube https://lnkd.in/eqrzYvtQ

🚨 Critical Supply Chain compromise: Backdoor in XZ Utils #CISA has issued an alert regarding, CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 👉 The malicious code has been reportedly embedded in the libraries and may allow unauthorized access to affected systems 🔧 Security Team Action Plan: * Follow the guidance provided by each Linux distribution to eliminate the risk * Wiz customers, use our Threat Center pre-built query to find those vulnerable instances Read the full blog below to learn more and stay up-to-date:

Thank you to our customers for making Wiz #1 in over 100 reports! 😱 It's an honor to have earned this achievement for spring 2024 G2 awards. 🪄 Let's keep creating magic... Read more: https://lnkd.in/g276-FKE

GitHub's security game changer 🛡️ Introducing our latest innovation in the Hub: #WizCode, now fortified to safeguard your GitHub environment. Why does securing your #VCS matter? Version control systems like GitHub enable collaboration but require careful configuration to prevent security risks like unauthorized commits and the introduction of malicious code. Measures such as two-factor authentication are essential for securing your VCS. What's new? 🔍 Enhance GitHub security posture by identifying and mitigating risks from misconfigured GitHub organizations, repositories, branches, and access permissions, resulting in a reduced attack surface 💡 Proactively measure your posture against Open-Source Security Foundation (OpenSSF) Source Code Management Platform Best Practices Learn more below... https://lnkd.in/eg_k9TWX