Rami
LightNews LightNews
banner
ramimac.me
Rami
@ramimac.me
370 followers 230 following 35 posts
security, for the internet, at Wiz
opinionated about security.
knowledge hubs at rami.wiki, thoughts at ramimac.me
Posts Replies Media Videos
Pinned
ramimac.me
Rami @ramimac.me · Nov 18
An empty feed is staring into the void...

What you can expect to see here:
* infrequent, but hopefully high signal posting
* promoting and amplifying interesting security work (including dreaded self-promotion)
* scaling security programs & cloud security
* ironic(?) usage of scooby-doo

ramimac.me
High Signal Security
YAIB (Yet Another Infosec blog).
ramimac.me
Reposted by Rami
wizsecurity.bsky.social
🚨 Wiz Research uncovered 100+ leaked VSCode publisher tokens that could let attackers push malicious updates to 185K+ installs. We partnered with Microsoft to secure tokens and protect the ecosystem.
Supply Chain Risk in VSCode Extension Marketplaces | Wiz Blog
Wiz Research uncovered 500+ leaked secrets in VSCode and Open VSX extensions, exposing 150K installs to risk. Learn what happened and how it was fixed.
www.wiz.io
October 15, 2025 at 2:34 PM
Reposted by Rami
wizsecurity.bsky.social
🚨 We scanned GitHub and found *hundreds* of valid secrets, 4 of the top 5 were AI-related:
HuggingFace, Azure OpenAI, Weights & Biases, and Groq.

Read more:
www.wiz.io/blog/leaking...
June 18, 2025 at 1:09 PM
ramimac.me
> We've set up a web endpoint so vetted ... security researchers can submit suspected exposed credentials for review
> To report exposed Google Cloud credentials, please contact [email protected]

cloud.google.com/blog/product... really buried the lede!
Securing open-source credentials at scale | Google Cloud Blog
We’ve developed a powerful tool to scan open-source package and image files by default for leaked Google Cloud credentials. Here’s how to use it.
cloud.google.com
June 17, 2025 at 1:54 PM
ramimac.me
In light of recent GitHub Actions incidents (Ultralytics, tj-actions...), I wrote up a practical guide to hardening for @wizsecurity.bsky.social

Covers permissions, secrets, 3rd-party Actions, ++

Use it to avoid learning these lessons the hard way:
www.wiz.io/blog/github-...
Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog
Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.
www.wiz.io
May 5, 2025 at 3:45 PM
ramimac.me
Synthesized 20+ sources and internal @wizsecurity.bsky.social expertise to come out with a comprehensive guide to MCP security

Today's options, and tomorrow's possibilities

www.wiz.io/blog/mcp-sec...
MCP and LLM Security Research Briefing | Wiz Blog
Explore the evolving Model Context Protocol (MCP), its security risks, and how to prepare for safe adoption as LLMs connect to external systems.
www.wiz.io
April 17, 2025 at 2:50 PM
Reposted by Rami
wizsecurity.bsky.social
🎙️ New episode!
Our own @ramimac.me helps dive into GitHub supply chain attacks, IngressNightmare, and Oracle breach rumors.

Tune in for the latest cloud security insights!
🎧 podcasts.apple.com/us/podcast/q...
Quadruple Supply Chain Attack, IngressNightmare Exploited, and Rumors Abound
Podcast Episode · Crying Out Cloud · 04/09/2025 · 29m
podcasts.apple.com
April 9, 2025 at 11:52 AM
Reposted by Rami
scottpiper.bsky.social
It's been awesome getting to team up with @ramimac.me to dig into a new AWS feature! Read our thoughts on AWS's new CloudTrail network activity events (aka VPC endpoint logs): www.wiz.io/blog/aws-vpc...
CloudTrail Network Activity Events for AWS VPC Endpoints | Wiz Blog
How AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
www.wiz.io
March 20, 2025 at 3:45 PM
ramimac.me
Turns out when you investigate a compromised Github Actions you ... find another compromised Github Action:

www.wiz.io/blog/new-git...
GitHub Action supply chain attack: reviewdog/action-setup | Wiz Blog
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.
www.wiz.io
March 17, 2025 at 10:16 PM
ramimac.me
Very fun to help put final polish on this report in week 3 at Wiz - anecdata is fun, data is funner :)
wizsecurity.bsky.social Wiz io @wizsecurity.bsky.social · Feb 6
📢 JUST DROPPED: Analyzing 150K+ cloud accounts, we took a deep dive into #AI adoption.

And the results? Wild.
February 6, 2025 at 7:19 PM
ramimac.me
New year, new job!

I've joined the amazing @wiz_io research team

My goal is the "work for the security industry, at Wiz"

I wrote a blog post explaining why, and what that means:
ramimac.me/joining-wiz
🧙 Why I’m Joining Wiz
I’m joining the leading cloud security startup, hoping to “work for the Security Industry, at Wiz.”
ramimac.me
January 28, 2025 at 3:01 PM
ramimac.me
Lately, every BSides seems to have a talk on reframing security teams as a “Department of Yes”

We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”

I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
How to Say “No” Well
Security’s pivot from ‘Department of No’ to ‘Department of Yes’ misses the real lesson - how to say ‘No’ the right way.
ramimac.me
December 30, 2024 at 3:08 PM
ramimac.me
Keep an eye out for notices - AWS RDS Protection for Guardduty seems to have had some issues collecting logs.

Unclear how pervasive this was!
December 26, 2024 at 11:43 AM
ramimac.me
I've spent dozens of hours reading State of Cloud Security reports

You know, the ones that use data from their CSPM product

And I've realized the findings substantially reflect how well that tool helps customers secure their clouds

I wrote up some examples, both good and bad (🔗 in 🧵)
December 18, 2024 at 4:50 PM
Reposted by Rami
charity.wtf
I (finally) wrote up my thoughts on "Founder Mode" and the Brian Chesky morality tale about how he turned around Airbnb company culture.

This has made it into the Silicon Valley water table; it must be dealt with. There are some good nuggets within; let's dig them out.

charity.wtf/2024/12/17/f...
“Founder Mode” and the Art of Mythmaking
I’ve never been good at “hot takes”. Anyone who knows anything about marketing can tell you that the best time to share your opinion about something is when everyone is all worked up about it. Hot …
charity.wtf
December 17, 2024 at 5:56 PM
Reposted by Rami
returnonsecurity.com
New Threat Vector Unlocked

1. Find the Crunchbase page of a cybersecurity company that just raised VC funding
2. Change the page details (which anyone with a Crunchbase account can do) to a personal CashApp page
3. ????
4. Profit! (?)
December 9, 2024 at 2:45 PM
ramimac.me
Somehow <50 people have caught this talk from Coinbase's CSO??

His core advice:
1. Make lives easier - e.g roll out yubikeys
2. Define Security Invariants
3. Plan & Practice IR
4. Balance Risks & Threats
5. Security is a People Problem - use focus groups for new controls!

youtu.be/BPh4Hc3TH74
A decade of defense: securing the largest US crypto exchange | Philip Martin | MSSN CTRL 2024
YouTube video by LimaCharlie
youtu.be
December 9, 2024 at 12:23 PM
ramimac.me
Interesting research out of AWS!

> IAM-PolicyRefiner, a tool that automatically synthesizes refined AWS IAM access control policies from access logs

> fast (<5s per policy), effective and does not overfit

Not open source, but maybe a sign of things to come?

assets.amazon.science/cf/bc/58e56f...
assets.amazon.science
December 1, 2024 at 1:15 PM
ramimac.me
I've been chatting a lot re:when to make the first security hire" recently

I've come up with a Rule of Thumb:
Hire your first security person when security is an unavoidable distraction from scaling your business

ramimac.me/start-security

h/t @grims.bsky.social & @mag00.bsky.social
November 20, 2024 at 4:20 PM
ramimac.me
This webinar will be more relay-race than sparring match when it's with folks like @nanook.bsky.social and @jamesberthoty.bsky.social!
nanook.bsky.social Kat Traxler 🎗️ @nanook.bsky.social · Nov 19
I get to pass virtual batons to @ramimac.me tomorrow!
Tuesday is going to be ok 👍
November 19, 2024 at 6:55 AM
ramimac.me
I love when new research comes out to back up my "phishing training is bad practice" priors:

www.computer.org/csdl/proceed...

I track the latest evidence against phishing simulations: rami.wiki/phishing-sim...
CSDL | IEEE Computer Society
www.computer.org
November 18, 2024 at 4:09 PM
ramimac.me
Speed reading @skamille.bsky.social & Ian Nowland's new book: Platform Engineering

Interesting tidbits in 🧵

paved roads 🛣️: “layers multiple offerings together into easy-to-use workflows”
vs
railways 🚟 building to fill a "meaningful gap that is not covered by any existing product”
Cover image for the book "Platform Engineering", from O'Reilly, with a green gecko(?)
November 18, 2024 at 10:59 AM
ramimac.me
An empty feed is staring into the void...

What you can expect to see here:
* infrequent, but hopefully high signal posting
* promoting and amplifying interesting security work (including dreaded self-promotion)
* scaling security programs & cloud security
* ironic(?) usage of scooby-doo

ramimac.me
High Signal Security
YAIB (Yet Another Infosec blog).
ramimac.me
November 18, 2024 at 9:31 AM