Merav Bar

Merav Bar, Gal Nagli, Danielle Aminov

ottobre 31, 2024

Supply chain attack in popular lottie-player library compromises websites with malicious Web3 wallet prompts – update or revert the library to avoid the compromised versions.

Merav Bar, Gili Tikochinski

ottobre 10, 2024

Detect and mitigate critical vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467) in Palo Alto Networks’ Expedition tool. Organizations should patch urgently.

Merav Bar, Scott Piper

settembre 29, 2024

Detect and mitigate CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 vulnerabilities impacting CUPS and IPP packages.

Merav Bar, Amitai Cohen

settembre 23, 2024

Strategies for tracking and defending against malicious activity and threats in the cloud using atomic indicators of compromise (IOCs).

Amitai Cohen, Gili Tikochinski, Merav Bar

luglio 1, 2024

Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.

Merav Bar

giugno 10, 2024

Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.

Merav Bar, Gili Tikochinski

aprile 24, 2024

Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently.

Merav Bar, Amitai Cohen, Danielle Aminov

marzo 29, 2024

Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.

Merav Bar, Gili Tikochinski

marzo 6, 2024

Detect and mitigate CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), authentication bypass vulnerabilities in JetBrains TeamCity.

Amitai Cohen, Merav Bar

febbraio 12, 2024

Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently.

Merav Bar, Amitai Cohen

febbraio 6, 2024

Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances.

Merav Bar, Amitai Cohen, Itamar Gilad

febbraio 5, 2024

Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime.

Amitai Cohen, Merav Bar, Eden Naftali

gennaio 16, 2024

Each member of the Crying out Cloud team at Wiz shares their top stories from the past year 

Merav Bar, Sagi Tzadik

ottobre 11, 2023

Detect and mitigate CVE-2023-38545, a high severity buffer overflow vulnerability in cURL. Organizations should upgrade to the patched version.

Merav Bar, Amitai Cohen

ottobre 10, 2023

Get the tl;dr on Wiz's methodology for cloud vulnerability triage in our new report, "The good, the bad, and the vulnerable."

Merav Bar

ottobre 2, 2023

Detect and mitigate CVE-2023-42115, and 5 more vulnerabilities in Exim. Organizations using affected configurations should mitigate and patch the vulnerabilities urgently.

Merav Bar, Amitai Cohen

ottobre 1, 2023

Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.

Amitai Cohen, Scott Piper, Merav Bar

luglio 26, 2023

Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.

Amitai Cohen, Merav Bar

giugno 4, 2023

Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.

Merav Bar, Amitai Cohen

maggio 23, 2023

Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.

Merav Bar, Amitai Cohen

aprile 13, 2023

Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.

Merav Bar

marzo 13, 2023

CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately.

Merav Bar

febbraio 7, 2023

Recent attacks leverage CVE-2021-21974 to install ransomware on VMWare ESXi servers. Security teams are advised to patch and stay vigilant for indicators of compromise.

Merav Bar

gennaio 17, 2023

Detect and mitigate CVE-2022-44877, a CentOS Control Web Panel (CWP) unauthenticated RCE exploited in the wild. Security teams are advised to patch urgently.

Merav Bar

gennaio 3, 2023

The developers of PyTorch (a popular machine-learning framework) recently identified a malicious dependency confusion attack on the open-source project. Security teams are advised to check for infected resources and rotate any exposed keys.

Merav Bar, Amitai Cohen

dicembre 27, 2022

Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.

Merav Bar

dicembre 22, 2022

A new exploit method targeting CVE-2022-41080 and CVE-2022-41082 vulnerabilities in Exchange servers, which can bypass previous workarounds, has been discovered and exploited in the wild. Organizations should patch urgently.