Archive for Wiz

Hackers Exploit Pandoc CVE to Steal EC2 IAM Credentials

Posted in Commentary with tags on September 24, 2025 by itnerd

Wiz has disclosed that attackers are actively exploiting CVE-2025-51591, an SSRF flaw in the Linux utility Pandoc, to target AWS Instance Metadata Service (IMDS). The vulnerability allows attackers to abuse iframe rendering to extract IAM credentials from IMDSv1, potentially enabling access to AWS services like S3, RDS, and DynamoDB.

Wade Ellery, Chief Evangelist and IAM Strategy Officer, Radiant Logic has this to say:

     “What we have seen from the most recent breaches is that attackers keep finding ways to compromise account access.  Token hijacking, credential stuffing, phishing, and now iframe rendering to extract valid IAM credentials.  The conclusion we can draw is that the week link in the defenses remains the Authentication Layer.  Given the likelihood of a successful compromise at the AuthN layer the next line of defense is the Authorization Layer.  If an intruder gains access but is blocked from exploiting the compromised account, escalating privileges, or moving east to west then the attack is thwarted at the second wall.  Security is strongest when it is layered.  A robust, comprehensive, and real-time observability platform focused on identity data at the core of all Authorization decisions is critical to detect, obstruct, and remediate attacks that get past the Authentication layer.  The screen door has been proven vulnerable, this mandate a steal door backing it up to protect the enterprise.”

There are prevention tips that are in the Wiz article. They are worth implementing if you are affected by this.

Leave a comment »

Check Point Teams Up With Wiz

Posted in Commentary with tags , on February 11, 2025 by itnerd

Earlier today the news filtered out that Wiz and Check Point are going to team up:

The partnership between Check Point and Wiz addresses these issues head-on offering customers:

  • Unified Security Insights: Check Point’s cloud network security controls integrated within Wiz’s CNAPP risk platform, enabling cloud security teams to automatically prevent attacks access real-time network-driven insights for smarter risk prioritization
  • Enhanced Risk Context: Wiz’s advanced risk analysis feeds integrate directly into Check Point’s platform, providing network security teams with actionable recommendations to optimize security coverage and configurations
  • Prioritization of Unsecured Assets: Cloud security teams are empowered to identify and address unsecured assets more effectively, leveraging network security data to guide decision-making
  • Optimized Security Operations: Network security teams benefit from tailored recommendations generated by Wiz’s platform, enhancing operational efficiency across hybrid environments

The mutually beneficial partnership includes joint integration and the assisted migration of Check Point’s CNAPP customers to Wiz. Check Point expects to reallocate resources and make further investments across its Cloud Security business, including Cloud Network Security, Web Application Firewall (WAF), GenAI and other key Cloud technologies.

Marina Segal, CEO, Tamnoon highlights the risks associated with this team up:

“As organizations transition from Check Point CloudGuard to Wiz, under their newly announced partnership, it is critical to maintain continuous security operations while minimizing disruption. CNAPP migrations can take time and energy from already understaffed security teams. Our experience has shown that it is important to follow a proven process and make sure you have experts to guide every successful migration of any CNAPP.”

It will be interesting to see how organizations navigate this so that the best outcome possible is the one that they get.

Leave a comment »

AHEAD & Wiz Announce Partnership 

Posted in Commentary with tags , on May 30, 2024 by itnerd

AHEAD, a leading provider of enterprise cloud, data, and platform solutions, has announced a partnership with Wiz, an AI and cloud security company and Cloud Native Application Protection Platform (CNAPP) provider. Together, they are offering a comprehensive and integrated approach to securing cloud environments, empowering enterprises to confidently harness the potential of AI and cloud.

In today’s rapidly evolving enterprise cloud landscape, organizations face significant challenges in maintaining a robust security posture across their cloud environments. The complexity of cloud architectures, the pace of change in cloud services, and the growing sophistication of cyber threats make it increasingly difficult for organizations to effectively secure their cloud assets.

AHEAD’s Cloud Security Accelerator, powered by Wiz, addresses these challenges by providing a comprehensive and integrated approach to securing cloud environments. The solution offers precise identification of security posture deviations, robust mitigation of vulnerabilities, comprehensive auditing of development and deployment landscapes, and streamlined processes.

AHEAD’s Cloud Security Accelerator allows organizations to take control of their cloud security posture, mitigate risks, and achieve compliance, ultimately enabling them to confidently leverage the power of cloud computing while maintaining a secure and resilient IT environment.

Leave a comment »

Laminar Announced as Launch Partner for Wiz Integration (WIN) Platform

Posted in Commentary with tags , on June 13, 2023 by itnerd

Laminar, the leading agile data security platform, today announces its partnership with leading cloud security provider, Wiz as the company unveils Wiz Integration (WIN) Platform. Laminar, hand selected as a launch partner, brings the power of the Laminar Data Security Platform to WIN, to improve customer understanding of how cloud vulnerabilities may put their sensitive data at risk.

The integration between Wiz and Laminar optimizes the value of both platforms while enabling organizations to more efficiently and effectively secure their public cloud environments. With this integration, data security teams can use the Laminar Platform to secure overexposed and unprotected data, remediate misplaced data, and delete any redundant, obsolete, or trivial (ROT) data — which ultimately ensures a more secure, hygienic data environment that meets compliance requirements. Pairing all of this data security posture with the Wiz platform allows cloud security teams to better understand how to prioritize cloud infrastructure vulnerabilities.

WIN enables Wiz and Laminar to share prioritized security findings with context including inventory, vulnerabilities, issues, and configuration findings. Mutual customers receive the following benefits:

  • Prevent Sensitive Data Exposure – Laminar enriches Wiz with a layer of data context that gives organizations additional visibility into the full impact of each attack path and issues.
  • Ruthless Prioritization – In collaboration with Laminar, Wiz enables infrastructure security teams to focus on issues that impact highly sensitive data first.
  • Streamline Collaboration and Remediation Workflows – With the joint solution, data security and infrastructure teams share data with a common view to contain and remediate risk faster.

The combined value of these two offerings will streamline security for organizations on a cloud journey, regardless of where they may be on that journey.

WIN is designed to enable a cloud security operating model where security and cloud teams work collaboratively to understand and control risks across their CI/CD pipeline. Wiz is setting the industry standard in integrated solution strategy to maximize operational capabilities of organizations with partners like Laminar in WIN.

Leave a comment »

Thousands of hijacked websites in East Asia are redirecting to adult-themed sites

Posted in Commentary with tags on March 14, 2023 by itnerd

From the “this is different” file comes this report by Wiz on thousands of hijacked websites in East Asia which are redirecting visitors to adult-themed sites:

The compromised websites include many owned by small companies and several operated by multinational corporations. They are diverse in terms of their tech stacks and hosting services, making it difficult to pinpoint any specific vulnerability, misconfiguration, or source of leaked credentials this threat actor may be abusing. In several cases, including a honeypot we set up to investigate this activity, the threat actor connected to the target web server using legitimate FTP credentials they somehow obtained previously.

While we were not able to determine how this threat actor has been gaining initial access to the affected web servers or where they are sourcing their stolen credentials from, we’ve decided to publish our findings regardless, in order to bring more awareness to this ongoing activity. Given the nature of the destination websites, we believe the threat actor’s motivations are most likely financial, and perhaps they intend to merely increase traffic to these websites from specific countries and nothing more. However, the impact to the compromised websites and their user experience is equivalent to defacement, and whatever weaknesses this actor is exploiting to gain initial access to these websites could be utilized by other actors to inflict greater harm.

Rui Ribeiro, CEO and Cofounder of Jscrambler had this comment:

     “This attack, which has compromised tens of thousands of websites aimed primarily at East Asian audiences and redirecting them to adult-themed content, highlights an often-overlooked security issue: securing the client-side experience at the moment the visitor is interacting with the website. In this case, the hacker injected malicious code into customer-facing web pages, collected information about the visitor, and hijacked their journey. This one incident underscores how important it is to understand the third-party JavaScript running on your browser and what data it is accessing. Not only is the customer experience tainted, but the compromised websites can face issues around data privacy, loss of revenue and reputation. Companies need visibility and control over the JavaScript that’s loaded into their web pages, whatever the source. Whether it’s a hijacking attack, data skimming or a simple configuration error, we must protect the interaction with each visitor.”

Now I just did a check my corporate website and I have FTP enabled. So I will be turning that off so that I am not a victim of this sort of attack. If you have a website, you might want to do the same thing to avoid being a victim as well.

Leave a comment »