#Research

Auto-patching for Azure OMI dependent agents: How Wiz Research worked with Azure to make the cloud safer

Wiz finds Azure customers remain unpatched from cloud middleware vulnerability

Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI

Affected organizations are required to update installed agents that use the OMI cloud middleware software

Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL

Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.

Hardening your cloud environment against LAPSUS$-like threat actors

Learn how to harden your cloud environment against LAPSUS$-like threat actors

The top cloud security threats to be aware of in 2022

As more organizations move to the cloud, so do attackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud security threats and how you can protect against them.

NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories

Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories

Log4Shell 10 days later: Enterprises halfway through patching

Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.

ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.

How we broke the cloud with two lines of code: the full story of ChaosDB

A summary and recording of Wiz's talk at BlackHat Europe 2022: the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.

Protecting cloud environments from the new critical Apache HTTP Server vulnerability

Learn how to protect cloud environments from the new critical Apache HTTP Server vulnerability.

OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers

Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution

Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.

ChaosDB: How to discover your vulnerable Azure Cosmos DBs and protect them

Wiz Research found an unprecedented critical vulnerability in Azure Cosmos DB. The vulnerability gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization.

ChaosDB: How we hacked thousands of Azure customers’ databases

As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s flagship database service, Cosmos DB.

Is your organization leaking sensitive Dynamic DNS data? Here’s how to find out

At Black Hat on Wednesday, Wiz researchers disclosed a vulnerability in DNS hosting services that affects millions of corporate endpoints.

Black Hat 2021: How isolated is your AWS cloud environment?

Last November, Wiz Research mapped all the services in AWS that allow access from other accounts to see if any of them might inadvertently expose customers and discovered 3 vulnerabilities in different AWS services that allowed anyone to read or write into the accounts of other AWS customers.

Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain

Wiz CTO Ami Luttwak discusses a new class of vulnerabilities discovered by Wiz Research, which exposed valuable dynamic DNS data from millions of endpoints worldwide.

82% of companies unknowingly give 3rd parties access to all their cloud data

Cloud identity permissions are complex. So complex that innocent looking permissions provided to 3rd party vendors can lead to unintended exposure of all of your data.

Recent Linux sudo vulnerability affects a major percent of cloud workloads

With an estimated 90% of cloud workloads running Linux based OS, with sudo being common across distributions, many Linux cloud assets are at risk and may be affected. Versions released as far back as 2011 are affected by this vulnerability.

The SolarWinds Attack

SolarWinds attack explained by Wiz CTO Ami Luttwak