Alon Schindel

Director of Data & Threat Research

Auto-patching for Azure OMI dependent agents: How Wiz Research worked with Azure to make the cloud safer

Wiz finds Azure customers remain unpatched from cloud middleware vulnerability

Securing AWS Lambda function URLs

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

Detect and prioritize CISA Known Exploited Vulnerabilities in the cloud with Wiz

For each CVE, the Wiz Research team maintains data from multiple threat intelligence sources and our own independent research. Now that we’ve added support for the new CISA KEV catalog, learn how you can use it in your cloud environment.

The top cloud security threats to be aware of in 2022

As more organizations move to the cloud, so do attackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud security threats and how you can protect against them.

Log4Shell: Wrap all your Log4j fixes before the holidays

The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!

Log4Shell 10 days later: Enterprises halfway through patching

Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.

Security industry call to action: we need a cloud vulnerability database

In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.

Protecting cloud environments from the new critical Apache HTTP Server vulnerability

Learn how to protect cloud environments from the new critical Apache HTTP Server vulnerability.

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution

Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.

ChaosDB: How to discover your vulnerable Azure Cosmos DBs and protect them

Wiz Research found an unprecedented critical vulnerability in Azure Cosmos DB. The vulnerability gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization.