🚨 All we had to do was change our user ID to 1337 to get unlimited admin rights... The Wiz Research Team just uncovered serious vulnerabilities in SAP AI Core, revealing potential risks in #AI infrastructure. 🔍 By exploiting simple AI developer permissions, attackers could gain access to customers' private files and cloud credentials across AWS, Azure, SAP HANA Cloud, and more. ⚠️ By changing our user ID, we were able to bypass the Istio firewall. That gave us unrestricted access to the internal network. Through the internal network, a potential attacker could: * Read and modify Docker images on SAP's internal container registry. * Gain cluster-admin privileges on SAP AI Core's Kubernetes cluster. * Access customer secrets and internal AI artifacts. Learn more in the blog by Hillai Ben Sasson: https://lnkd.in/g8DmCkPc
Wiz
Computer and Network Security
New York, NY 206,276 followers
Secure everything you build and run in the cloud
About us
Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, Alibaba Cloud and Kubernetes so they can build faster and more securely.
- Website
-
https://www.wiz.io
External link for Wiz
- Industry
- Computer and Network Security
- Company size
- 1,001-5,000 employees
- Headquarters
- New York, NY
- Type
- Privately Held
- Founded
- 2020
Products
Wiz
Cloud Workload Protection Platforms
The leading cloud infrastructure security platform that enables organizations to rapidly identify and remove the most pressing risks in the cloud. Wiz uses an agentless approach—a single API connector per cloud and Kubernetes environment to scan deep within every cloud resource. It analyzes your cloud stack, evaluating your cloud architecture and risk factors such as internet exposure, software and configuration vulnerabilities, identities, secrets, and malware. Wiz then performs a contextual analysis of this data using a cloud graph to identify the toxic combinations that make your cloud susceptible to a breach. Finally, Wiz delivers a cloud control workflow to enable security, DevOps, and engineering to focus on the highest risks and proactively harden your cloud environment so you can build fast and secure.
Locations
-
Primary
One Manhattan West
New York, NY 10001, US
Employees at Wiz
Updates
-
🎤 How do you create a flow between #Dev and #Security teams? Join our upcoming CISO Series webinar with our star speakers: Caroline Wong, Aneel S., William Burton, and Ami Luttwak as they will share strategies and insights to help cross-functional teams work TOGETHER. 📅 July 17th 🕚 11 AM ET | 8 AM PT Key highlights: • Understand what's most important to dev teams. • Ways to empower your first line of defense – Your development team. • How to foster a culture of mutual understanding. 🔗 Save your spot: https://lnkd.in/eRskc9tq? utm_source=linkedin&utm_content=promo&utm_medium=organic-social&utm_campaign=FY25Q2_EV_WBNR_What-Every-CISO-Should-Know-About-Dev-Teams_2024-07-17
What Every CISO Should Know About Dev Teams
www.linkedin.com
-
Wait... what is AI-SPM anyway? 🧐 If you're using #AI in the cloud (and who isn't?) → you should know about AI Security Posture Management. It's the key to keeping your AI models, pipelines, and data safe and secure. 🛡️ Our latest article breaks down everything you need to know about AI-SPM >> https://lnkd.in/eVV36y3i — #AISPM Shaked Rotlevi
-
📢 Tune in to Snowflake's Haider Dost for an exclusive session on securing databases, cloud threat intelligence, and detection strategies. Join our special hosts, Alon Schindel and Eden Naftali, for an insightful conversation in our latest podcast episode of #CryingOutCloud with Haider Dost, Head of Global Threat Detection and Threat Intelligence at #Snowflake. 🔍 Episode Highlights: 📌 Recent campaign targeting Snowflake customers. 📌 Discussion on the new mandatory MFA for Snowflake admins and its impact. 📌 Architecture of detection in the cloud & logging. What does working in a highly regulated environment mean compared to a fast-growing company like Snowflake. 📌 Defining "good security" in traditional vs. cloud-native settings. 🔗 Listen below: 🍏 https://lnkd.in/e3dr7q8F 🎧 https://lnkd.in/ejNZMhJa 📺 https://lnkd.in/eMu9p3hh
-
👟 Who will win? Wiz's prediction game is ON! ⚽️ Whether team 🏴 or 🇪🇸 wins the UEFA finals, you can win the most stylish Wiz FC shirt. Here's how to play: 🏟️ Drop in the comments below your UEFA final match score prediction (England vs. Spain). 🏟️ Submit an accurate score prediction before the match starts (Sunday, 3 pm ET). 🏟️ Nailed the score? - YOU WIN. Enjoy the game and good luck 👋
-
🎉 Thrilled to announce Wiz's new partnership with ServiceNow! Gartner predicts that by 2028, 70% of workloads will run in the cloud, up from 25% in 2023. Keeping #ServiceNow for ticketing, CMDB, and security operations during this shift can help IT and security teams adapt to the cloud with familiar workflows. Wiz's integration with ServiceNow enables security teams to seamlessly use their existing ServiceNow workflows to achieve their cloud security goals. 🔍 Why this is a game-changer: * Real-Time Cloud Inventory, keeping up with dynamic cloud resources effortlessly. * High-fidelity alerts ensure critical issues are addressed fast. * Prioritize and fix the most impactful vulnerabilities. * By leveraging Wiz's integrations with ServiceNow, your security team can streamline operations and enhance your cloud security posture with ease. Learn more in the blog: https://lnkd.in/gqtevih3
-
We're thrilled to announce our latest upgrade: Wiz's 'Cloud Threat Landscape' NOW offers a #STIX feed! 🌐 🔍 What does this mean for you? All our campaign reports can now seamlessly integrate with your preferred STIX (aka, Structured Threat Information Expression) system. Plus, our upgraded RSS feed features auto-generated descriptions for each posted item. Learn more at our threats.wiz.io and stay ahead with streamlined and standardized threat intelligence.🔒
-
🎁 We made a real-life cloud security card game (inspired by Exploding Kittens)! 😻 It's like playing red team vs. blue team - patch your own vulnerabilities while exploiting everyone else's. Will you find the ultimate zero-day and pwn the game? 🌀 To get your hands on this limited edition game: 1. Follow Wiz 2. Tag a friend you'd destroy in the comments 👇 3. We'll send 10 lucky winners a free deck (+ rulebook)! We worked with professional game developers to create an exciting gameplay experience. Honeypots, exploits, patches - think you can handle it? Prove it 😈 — Ages 10+ | 2-6 Players | 20 Min Rounds #CloudSecurity #WizResearch #ExploitedInTheWild #Giveaway
-
Join us at Wiz's AMAZING WizMart at BlackHat 2024! 🛒🎩 📍 The 'Mandalay Bay Convention Center' in Las Vegas, booth #1140 📅 August 7-8, 2024 Deep dive into our products, meet our cybersecurity Wizards & win custom Nikes! But wait, there's more... Don't miss our exclusive events: 🍹 Wiz happy hour at #BlackHat with our partners Adaptive Shield, Armis, & Checkmarx. 🎤 Wiz talk: 'Hacking AI infrastructure providers for fun and weights': Featuring Hillai Ben Sasson and Sagi Tzadik. Let's make #BlackHat2024 legendary, together. https://lnkd.in/eSS9bRfF