Increasing transparency in cloud security: Wiz is now a CVE Numbering Authority (CNA)
Our next steps and hope for the industry.
Alon Schindel
Alon Schindel is the Vice President of AI & Threat Research at Wiz. In his role, Alon leads a the group responsible for detection, cloud risks, threat intelligence, and AI research. He has extensive experience in cybersecurity, having held various leadership positions in both development and research of cybersecurity products. Alon specializes has started and contributed to multiple community projects such as the cloud vulnerability data base, and the Cloud Threat Landscape project. Before joining Wiz, Alon served as a Security Program Manager on the Microsoft M365 Defender team. He is passionate about data research and artificial intelligence, holding an MSc in Computational Neuroscience from the Hebrew University of Jerusalem.
Alon Schindel Posts
Introducing the Cloud Threat Landscape, a new TI resource for cloud defenders
The Cloud Threat Landscape is a threat intelligence database that summarizes cloud incidents and offers insights into targeting patterns and initial access methods.
Choosing an AI-SPM tool: The four questions every security organization needs to ask
Ensure you are staying secure as your organization adopts AI by following these four guiding questions
How to leverage AI-powered security in your organization
AI-powered security helps organizations improve efficiency and scale their security team, follow this framework to effectively leverage AI in your security org
Wiz becomes the first CNAPP to provide AI Security Posture Management
Wiz extends its platform to secure AI with AI-SPM capabilities, helping organizations accelerate their AI innovation in the cloud.
CVE-2022-27518 exploited in the wild by APT5: everything you need to know
Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently.
Secret-based cloud supply-chain attacks: Case study and lessons for security teams
CI/CD pipelines, as an essential part of the software development process, are an attractive target to malicious actors. Based on our research of cloud environments, we share common misconfigurations and provide tips on how to remediate them in order to prevent supply-chain attacks.
OpenSSL vulnerabilities: Everything you need to know
On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts.
Securing Azure middleware agents with new auto-patching capabilities
Wiz finds Azure customers remain unpatched from cloud middleware vulnerability and collaborates with Microsoft to introduce an auto-patching solution against cloud middleware security issues and make the cloud safer
Detect and prioritize CISA Known Exploited Vulnerabilities in the cloud with Wiz
For each CVE, the Wiz Research team maintains data from multiple threat intelligence sources and our own independent research. Now that we’ve added support for the new CISA KEV catalog, learn how you can use it in your cloud environment.
The top cloud security threats to be aware of in 2022
As more organizations move to the cloud, so do attackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud security threats and how you can protect against them.
Log4Shell: Wrap all your Log4j fixes before the holidays
The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!
Log4Shell 10 days later: Enterprises halfway through patching
Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.
Security industry call to action: we need a cloud vulnerability database
In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.
Protecting cloud environments from the new critical Apache HTTP Server vulnerability
Learn how to protect cloud environments from the new critical Apache HTTP Server vulnerability.
“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution
Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.
ChaosDB: How to discover your vulnerable Azure Cosmos DBs and protect them
Wiz Research found an unprecedented critical vulnerability in Azure Cosmos DB. The vulnerability gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization.