Wiz

🥇 Meet our '2024 PJ DESIGN WINNER', the incredible little Wizard: Sawyer (Thomas N.) 🎨 We invited our little Wizards to design their own PJ sets. And boy, did they deliver! A massive round of applause to all the talented kiddos who participated. Your designs truly lit up our holidays.🎄

🎆 How can you start the new year with a secure cloud? Make it your New Year's resolution to eliminate misconfigurations in your #AWS OIDC integrations! AWS OIDC integrations have vendor specific nuances that can lead to misconfigurations if setup incorrectly. A mistake here can lead to confused deputy issues, where other customers of a vendor may be able to access your AWS accounts. We looked at over two dozen common integrations to learn what critical conditions are needed to avoid mistakes. 🤓 Learn more: https://lnkd.in/enGm-Gsn

3, 2, 1… 0 Critical! 🎆 This New Year's, we're celebrating our customers who achieved Zero Critical's in 2024, including Ramp, Questrade Financial Group, PROS, IG Group, Tide, Fortitude Re, and so many more. 🥳 Let's make 2025 your zero critical year, together! 🥂 Learn more about our Zero Critical Club --> https://lnkd.in/eqUFVGCv

How did Cribl gain visibility across its rapidly expanding cloud environments? Faced with challenges like resource sprawl, misconfigurations, and vulnerabilities across their rapidly growing cloud environments, Cribl's team needed a solution to streamline security and scale with confidence. By partnering with Wiz and adopting #CNAPP, they achieved: ✅ Clear visibility into their cloud environment ✅ Automated workflows to reduce remediation times ✅ Identified and removed unused resources to optimize costs Now, Cribl's security team is building scalable processes to support growth while maintaining security. Check out the full story: https://lnkd.in/eACA_hqW

🎄 The most secure fireplace you'll see this season... Put this calming fireplace on your second screen while you work - our sensor's got your cloud covered! 🔥🪵 Warm wishes for a cozy, secure, and threats-free holiday season ☃️ https://lnkd.in/eMh3pEuF

🎙️ Every great story starts with a beer in the Alps... 🏔️ From building #Adallom to becoming a sommelier — hear Roy Reznik's journey as Co-Founder and VP R&D at Wiz in our podcast season finale! In this episode Eden Naftali & Amitai Cohen dive into: ☁️ Roy's journey from Tel Aviv to London-culture. 🛠️ How companies can scale fast while staying secure. 💡 How R&D should foster a culture where developers proactively embrace security as a core value. 🤖 Thoughts on AI in development — Co-Pilots: where do they excel? 🔗 Catch the #cryingoutcloud episode here: 🍏 https://lnkd.in/eQ8bWPBW 🎧 https://lnkd.in/eKRkAcm3 📺 https://lnkd.in/eQVs75dZ

Did you know EC2s can have more than one #IAM role? 😮 From various services and features, there are multiple magic IPs, files, and special values that can be used to obtain #AWS credentials. 🛠️ Why it matters? Defenders need to know what to protect and monitor to stop attackers. 🔍 Want to learn more? Read Scott Piper's deep dive into the many ways to obtain credentials in AWS. 👉 https://lnkd.in/e_Z2egp4

How did BMW shift gears in their cloud security together with Wiz? 🚗 👇 BMW Group needed to enable cloud innovation while maintaining strong security, all without slowing teams down. "Every team must fix the issues. Wiz gives them all of the information and also gives them a guide on how to remediate". -Guido Roesler, Manager of IT Operations, BMW. Here's how they did it: ⚙️ Wiz connected across multiple clouds, connecting between DevOps and security teams. 🔍 Our agentless, cloud-agnostic platform gave BMW a clear view of their entire cloud infrastructure. 💡 Developers at BMW received security issues with easy-to-follow fixes. The result? BMW increased its cloud adoption with a strong emphasis on digitalization leading to a 95% decrease in critical cloud security issues [with no speed bumps 🙃]. Explore the full story: https://lnkd.in/dCkBfuxU — Roland Lechner Karl Klostermann

🎶 Our 'Winter Hacking Playlist' is here! We reached out to some of the biggest names in the industry to collect their fav 2024 tunes to listen to while hacking! John Hammond, Corey Quinn, Valentina Palmiotti, Tanya Janca, Anton Chuvakin, Day Johnson, Jerry Bell, Clint Gibler, Rami McCarthy, Jamie Williams, Erik Bloch. 🎵 Click here to 'hack-tivate' the playlist: https://lnkd.in/dPZVV6yv

🔍 NEW malware alert: #Diicot threat group's advanced #Linux campaign 🚨 Recently, the Wiz threat research team uncovered a new malware campaign by the Romanian #Diicot threat group [aka #Mexals]. This campaign showcases significant advancements in tactics, targeting Linux systems, including those in cloud environments. What's new in this iteration? 💻 Malware adapts based on the environment—focusing on spreading in cloud setups and deploying cryptominers elsewhere. 🔧 From go-based tools to modified UPX packers designed to evade detection, the attackers are evolving rapidly. 🌐 Shifting from discord-based C2 to HTTP, using Zephyr protocol for cryptomining, and introducing new servers and wallets. 🔑 Systems running OpenSSH with weak credentials are prime candidates for compromise. 🛡 What can you do? - Enforce strong SSH credentials and limit access. - Monitor for unusual activity, such as outbound connections to suspicious domains or IPs. - Update and patch Linux distributions to avoid known vulnerabilities. Learn more about the tactics, infrastructure, and how to safeguard your systems: https://lnkd.in/e7e-9VUi