A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.
Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.
SeleniumGreed is an active crypto-mining campaign targeting older versions of Grid services. Explore the risks, attack methods, and essential security measures.
Wiz Research has detected an ongoing threat campaign that exploits exposed Selenium Grid services for cryptomining, dubbed “SeleniumGreed”.
Selenium is among the most commonly used testing frameworks. Our data shows that the technology can be found in 30% of cloud environments, and the official selenium/hub docker image has over 100 million pulls in Docker Hub.
Unbeknownst to most users, Selenium WebDriver API enables full interaction with the machine itself, including reading and downloading files, and running remote commands.
By default, authentication is not enabled for this service. This means that many publicly accessible instances are misconfigured and can be accessed by anyone and abused for malicious purposes.
We have identified a threat actor targeting publicly exposed instances of Selenium Grid and leveraging features of Selenium WebDriver API to run Python with a reverse shell to deploy scripts that download a XMRig miner.
The threat actor is still active as of this blog post’s date of publication.
We believe this is the first documentation of this misconfiguration being exploited in the wild.
Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama.
Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.
Wiz Research discovers CVE-2023-2640 & CVE-2023-32629, 2 privilege escalation vulnerabilities in Ubuntu's OverlayFS module impacting 40% of cloud workloads.
