Tracking cloud-fluent threat actors - Part two: Behavioral cloud IOCs
Discover how behavioral cloud IOCs can expose malicious activity as we break down real-world examples to reveal actionable detection techniques.
Gili Tikochinski
You can do anything with regex
Gili Tikochinski Posts
Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.
Unpacking Diicot - Evolving Campaign Targeting Linux Environments
Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group.
Critical vulnerabilities in Palo Alto Expedition: everything you need to know
Detect and mitigate critical vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467) in Palo Alto Networks’ Expedition tool. Organizations should patch urgently.
Emerging phishing campaign targeting AWS accounts
Wiz Threat Research recently spotted a new phishing campaign targeting AWS accounts.
Introducing pattern-based agentless malware detection using YARA rules
Wiz is expanding our existing detection capabilities to include pattern-based malware detection using YARA rules written by the Wiz Research team
SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining
Wiz researchers discover ongoing threat to popular testing framework.
RCE vulnerability in OpenSSH: everything you need to know
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.
Pause off my cluster: DERO cryptojacking takes a new shape
Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.
CVE-2024-4040 exploited in the wild: everything you need to know
Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently.
Authentication bypass vulnerabilities in TeamCity: everything you need to know
Detect and mitigate CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), authentication bypass vulnerabilities in JetBrains TeamCity.