Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Wiz Profile picture
Wiz
@wiz_io
Secure everything you build and run in the cloud
Jan 29 โ€ข 5 tweets โ€ข 1 min read
BREAKING: Internal #DeepSeek database publicly exposed ๐Ÿšจ

Wiz Research has discovered "DeepLeak" - a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs. Image ๐Ÿ” How did we find it?

Following a simple recon on DeepSeek's public infrastructure, we discovered a publicly exposed ClickHouse database that was completely open and required no authentication at all.
Sep 18, 2023 โ€ข 5 tweets โ€ข 2 min read
๐Ÿšจ BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages.

Here's what you need to know ๐Ÿงต Image ๐Ÿ”’ What happened?

While releasing open-source training datasets, Microsoft's AI research team accidentally left the vault door open ๐Ÿ‘€

Over 38TB of data (!), including personal backups of employee workstations, private keys, and internal Microsoft Teams messages, were exposed. Image
Jul 11, 2023 โ€ข 7 tweets โ€ข 2 min read
๐Ÿšจ BREAKING: History written with just 9 lines of code!

We've discovered #PyLoose, the FIRST documented Python-based fileless attack targeting cloud workloads.

See the power of 9 lines of Python code below ๐Ÿ‘‡๐Ÿฝ Fileless attacks are known but rarely seen in the wild. The last reported instance in cloud workloads was 2.5 years ago ๐Ÿ“‰

Despite their rarity, fileless attacks pose significant threats due to their elusive nature and difficulty in detection.
Mar 10, 2023 โ€ข 5 tweets โ€ข 3 min read
3 cloud-to-K8s best practices to mitigate the risk of a lateral movement attack ๐Ÿ›ก

1๏ธโƒฃ Avoid storing long-term #cloud keys in workloads
2๏ธโƒฃ Remove kubeconfig files from publicly exposed workloads
3๏ธโƒฃ Restrict access to container registries

Details in thread ๐Ÿงต๐Ÿ‘‡ #kubernetes 1๏ธโƒฃ Avoid storing long-term #cloud keys in workloads

โœ… Attach IAM roles/service accounts/managed identities to workloads and define minimum permissions.

โœ… Generate and rotate temporary credentials using the IMDS for improved #cloudsecurity.

๐Ÿงต 2/5
Feb 19, 2023 โ€ข 6 tweets โ€ข 4 min read
State of the #Cloud 2023: An in-depth report on the latest trends and risks โ›ˆ

#cloudsecurity #CNAPP #CISO #Engineer

Report highlights in thread ๐Ÿงต or download the full report for free here ๐Ÿ‘‡
wiz.io/blog/the-top-cโ€ฆ โ˜๏ธ The responsibility of #security professionals to stay up-to-date on the state of the #cloud has never been greater.

๐Ÿ›ก With cloud adoption continuing to grow, it is crucial to proactively address potential threats and ensure secure deployment of solutions.

๐Ÿงต2/6
Feb 17, 2023 โ€ข 5 tweets โ€ข 7 min read
Are you taking advantage of Rego's policy language for your #cloudsecurity needs?

If you're not, you need to check out these amazing resources to help get you started ๐Ÿงต๐Ÿ‘‡

#CSPM #Coding #CNAPP #CISO #DevSecOps Gettting started with Open Policy Agent (OPA) to improve your #cloudsecurity!

๐Ÿ’™ What is OPA and why should you use Rego
๐Ÿ’™ How to write your first OPA policy

#CSPM #Coding #CNAPP #CISO #DevSecOps

๐Ÿงต2/5
wiz.io/blog/getting-sโ€ฆ