Wiz

Why is everyone suddenly talking about *stolen* cloud keys? 👀 🎙️ In our new podcast episode of "Crying Out Cloud", Eden Naftali and Amitai Cohen break down the latest cloud security chaos — from sneaky supply chain attacks to AI-powered malware: 1) How attackers exploited a GitHub misconfiguration to enable a supply chain attack. 2) The latest twist on cloud-native extortion (spoiler: it all comes back to stolen cloud keys). 3) NullifAI - Malicious AI models hiding in plain sight. 4) whoAMI attack - The clever AWS AMI name confusion flaw that might catch you off guard. And of course... How to protect yourself from these threats 🧠 Listen now ↓ 🍏 Apple: https://lnkd.in/dHgADKYd 🎧 Spotify: https://lnkd.in/dywHHqHt 📺 YouTube: https://lnkd.in/dSXsshgM

🔍 What did we learn from 100K+ code repos? Our latest research uncovers critical trends shaping the future of code and cloud security. By analyzing hundreds of thousands of repos, we've pinpointed the vulnerabilities, misconfigurations, and risks that directly impact production — and they're hard to ignore. Key insights ↓ - 35% of GitHub repos are public—aka hacker goldmines. - 61% of orgs are leaking secrets (yes, actual credentials) in public repos. - 35% of enterprises risk attacks with self-hosted runners that don't reset between jobs. - GitHub Apps? Many have dangerous permissions that let them modify code unchecked. Read the full report >> https://lnkd.in/eHHNqS6Z

Your code is safe… but is your pipeline? 🤔 With software supply chain attacks now the #1 external threat vector (Forrester 2024), protecting code alone isn't enough. Attackers target the tools and processes that build and deploy software—repositories, CI/CD pipelines, and artifact registries—injecting malicious dependencies, hijacking pipelines, and exfiltrating secrets. Wiz for #ASPM extends security beyond code scanning, continuously enforcing secure defaults, monitoring developer identities, detecting misconfigurations, and correlating real-time threats across the software supply chain. 🛠️ Read more: https://lnkd.in/eufqvYVk

How did Datavant centralize security across six companies together with Wiz? Operating in a highly regulated industry, Datavant needed a unified security strategy across #AWS, #Azure, and #Kubernetes. With decentralized teams using different tools, visibility gaps and inefficiencies slowed risk remediation. "We use Wiz like Google: If we need to know what's going on in our environment, we just open it and use the Wiz Security Graph to query those resources." -Nick Waringa, Head of Secure Product and Infrastructure, Datavant By adopting Wiz CNAPP, Datavant: ✅ Gained holistic visibility across six companies ✅ Reduced vulnerabilities by 51% and prevented new critical risks ✅ Consolidated 7 security tools into 1, cutting costs by 50% Read the full story: https://lnkd.in/egCnaQCc

🔍 How do you choose the right runtime solution? Not all runtime security solutions are created equal, how can you be sure you're asking the right questions? Cloud environments are dynamic, fast-moving, and full of unique risks. Containers, Kubernetes, and serverless architectures require a runtime security approach that actually works—without slowing you down. Our NEW 'Runtime Buyer's Guide' breaks it all down: ✅ The key capabilities you should look for in a runtime security solution ⚖️ Strengths & weaknesses of different runtime approaches 📄 A ready-to-use RFP template to help you evaluate solutions Learn more: https://lnkd.in/eFpuGaqi

💘 VALENTINE'S DAY GIVEAWAY: The perfect pair *𝗱𝗼𝗲𝘀* exist! Today, we're celebrating the perfect pair — Security teams & Developers. 🎁 How to WIN our exclusive perfect pair socks? Tag your Sec/Dev partner in the comments! We will send you a mismatched pair of socks (1 Sec 💙,1 Dev 💗). To complete the perfect match, you'll need to swap with your Sec/Dev duo. Winners will be notified soon - start tagging! Love, Wiz https://lnkd.in/eajxnNUB

Another mind-blowing insight from our '𝗦𝘁𝗮𝘁𝗲 𝗼𝗳 𝗔𝗜 𝟮𝟬𝟮𝟱' report: Which AI-hosted technologies are leading the way? 🤖 #AI has become a dominant force in cloud environments, and our second annual 'State of AI' in the Cloud report reveals just how much the landscape has shifted in the past year. Key findings: - 85% of orgs now use AI (up from 70% last year) - Self-hosted AI jumped from 42% to 75% - DeepSeek surged to 7% of self-hosted AI in 1 month - Security gaps persist—exposed databases, AI container risks, and SAP AI Core flaws AI's adoption mirrors the early cloud boom: speed and innovation are the priority, while governance and security scramble to keep up. As AI becomes ubiquitous, ensuring its safety is more critical than ever. 🔍 See the full findings ⬇️ https://lnkd.in/dqFADNnt

🔥 EXCITING NEWS: We're teaming up with Check Point Software to redefine end-to-end cloud security! 🔒 By integrating Wiz's CNAPP with cloud network security, enterprises can now unify their security strategy across hybrid environments. Thank you Nadav Zafrir and to the Check Point Software team for a great partnership 🙌 Can't wait to create magic together with you! 🪄 https://lnkd.in/gEwf9WPT

It's time to reveal the technical details: Breaking out of NVIDIA containers 🚨 Wiz Research has uncovered a critical security vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit, enabling container escape and full host compromise. 🔍 Risk: This CVE-2024-0132 flaw can allow attackers with control over a container image to escape the container and gain full access to the underlying host 🛠 Mitigation steps: ✔️ Upgrade to NVIDIA Container Toolkit 1.17.4 ✔️ Keep --no-cntlibs enabled in production A huge thank you to the NVIDIA security team for their collaboration in addressing these issues! Read more: https://lnkd.in/dbT_JxXU

🎙️ The podcast that CISOs share in their private channels is *𝗯𝗮𝗰𝗸* 🎊 Thank you Sam Curry, Corey Quinn,Valentina Palmiotti, Chris H., Julie Davila and all our amazing guests who made the first two seasons incredible! 🎧 Ready for season 3? This week: Amitai Cohen & Eden Naftali chat with Karim El-Melhaoui about: - How Cloud Security Alliance Norway strengthens security standards. - Why cyber risk is harder to quantify & how Norges Bank used NIST to build resilience. - The risk of abandoned open-source tools. Listen now: 🍏 https://lnkd.in/esJ-9aN4 🎧 https://lnkd.in/e2RHuhBv 📺 https://lnkd.in/e9ftNxR8