Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond
Wiz Research looks at phishing tactics, along with how to trace and investigate these campaigns.
Amitai Cohen
Amitai Cohen leads the Attack Vector Intel team at Wiz, managing research of emerging threats to public cloud infrastructure while supporting development of threat detection and risk mitigation capabilities. Amitai's background is in military intelligence and cyber threat intelligence analysis, working in various analysis, training, and leadership roles within IDF intelligence over a period of 15 years prior to joining Wiz. Amitai's interests include research methodology, knowledge management systems, writing, and sketching diagrams of technical concepts. Amitai is also a co-maintainer of cloudvulndb.org, an open-source project with the goal of cataloging all known cloud infrastructure vulnerabilities, and a co-host on Crying out Cloud, a cybersecurity podcast with a focus on cloud security.
Amitai Cohen Posts
Tracking cloud-fluent threat actors - Part one: Atomic cloud IOCs
Strategies for tracking and defending against malicious activity and threats in the cloud using atomic indicators of compromise (IOCs).
RCE vulnerability in OpenSSH: everything you need to know
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.
Wiz AI-SPM model scanning: Securely innovate with AI community models
Detect malicious hosted AI models with Wiz AI-SPM and gain confidence in the models your data scientists use
Unveiling the power of Wiz's Security Graph with automated blast radius and root cause analysis for cloud incident response
Wiz assists Incident Response (IR) and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised resources.
Backdoor in XZ Utils allows RCE: everything you need to know
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.
February Fortinet Advisory: everything you need to know
Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently.
Critical Vulnerabilities in Ivanti Exploited in-the-Wild: everything you need to know
Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances.
Leaky Vessels: runC and BuildKit container escape vulnerabilities - everything you need to know
Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime.
Introducing the Cloud Threat Landscape, a new TI resource for cloud defenders
The Cloud Threat Landscape is a threat intelligence database that summarizes cloud incidents and offers insights into targeting patterns and initial access methods.
Wiz Research presents its latest report: “State of AI in the Cloud 2024”
Get a sneak peek at the Wiz research team’s new report examining key observations about AI use in the cloud.
Crying out Cloud – Our Favorite Stories of 2023
Each member of the Crying out Cloud team at Wiz shares their top stories from the past year
Wiz extends its AI-SPM offering to OpenAI platform
Wiz becomes the first CNAPP to provide AI security for OpenAI, allowing data scientists and developers to detect and mitigate risk in their OpenAI organization with a new OpenAI SaaS connector.
Eight questions to measure vulnerability remediation "pain"
What is it about certain vulnerabilities that makes them especially hard to deal with, and how can vendors make things easier for security teams?
The good, the bad, and the vulnerable
Get the tl;dr on Wiz's methodology for cloud vulnerability triage in our new report, "The good, the bad, and the vulnerable."
Critical vulnerabilities in media libraries exploited in the wild: everything you need to know
Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild.
Storm-0558 Update: Takeaways from Microsoft's recent report
The Wiz research team examines Microsoft's latest Storm-0558 findings and summarizes the key learnings cloud customers should take away from the incident.
Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors.
How to leverage generative AI in cloud apps without putting user data at risk
Learn security best practices to deploy generative AI models as part of your multi-tenant cloud applications and avoid putting your customers’ data at risk.
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know
Detect and mitigate CVE-2023-34362, a remote code execution vulnerability in MOVEit Transfer exploited in the wild. Organizations should patch urgently.
Exploitable and unpatched KeePass vulnerability: everything you need to know
Detect and mitigate CVE-2023-32784, a vulnerability in KeePass which allows the extraction of the master password in cleartext from the application's memory.
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently.
Detect critical application misconfiguration risks
Some application misconfigurations are equivalent to remote code execution or information disclosure vulnerabilities, but often go unnoticed. Wiz’s agentless capabilities detect these and correlate them to attack surface and business impact risks, highlighting the most critical misconfigurations.
Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites
Since early September 2022, tens of thousands of websites aimed at East Asian audiences have been hacked, redirecting hundreds of thousands of their users to adult-themed content.
The State of the Cloud 2023
Wiz's State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. In addition, the report highlights notable cloud risks based on insights from 30% of Fortune 100 enterprise cloud environments
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know
Critical RCE vulnerability found in Linux kernel's `ksmbd` module: remote attackers can execute code without authentication. The module is not enabled by default on most operating systems.
Introducing PEACH, a tenant isolation framework for cloud applications
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface
CVE-2022-27518 exploited in the wild by APT5: everything you need to know
Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently.
OpenSSL vulnerabilities: Everything you need to know
On November 1st, 2022, the OpenSSL Project disclosed High severity vulnerabilities CVE-2022-3786 and CVE-2022-3602, affecting deployments of OpenSSL 3.0.0–3.0.6. Learn how to effectively manage your organization's patching efforts.
Securing AWS Lambda function URLs
Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.
Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments
Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments.
Hardening your cloud environment against LAPSUS$-like threat actors
Learn how to harden your cloud environment against LAPSUS$-like threat actors