Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
eCriminals Share Ways to Impersonate School Staff to Steal Paychecks

Blog Published: 10/23/2023

Originally published by CrowdStrike. From October 2022 through the summer of 2023, CrowdStrike observed a significant and steady increase in various eCrime threat actors discussing conducting payroll business email compromise (BEC), including specific mentions of targeting U.S.-based private s...

Three Cloud Security Remediation Mistakes Companies Keep Making (And What to Do About Them)

Blog Published: 10/26/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. In the fast-paced world of cloud-delivered software, security remediation is critical to the success of your organization. Investing in tools to detect application vulnerability and infrastructure misconfigurations ...

Penetration Testing vs. Red Teaming

Blog Published: 10/25/2023

Originally published by Schellman.Penetration testing and red team assessments are often conflated or confused—though they’re both advantageous cybersecurity solutions, there are distinct differences between them that any organization considering either should know. Just to be clear, a penetra...

What is the Business Value of Zero Trust?

Blog Published: 10/27/2023

Written by the CSA Zero Trust Working Group.Zero Trust requires an ongoing investment of time, resources, and budget, but in return results in security, technical, and business benefits. This blog will take a look at the many ways Zero Trust delivers business value.Cost Reduction and Optimizat...

Charting the Future of AI in Cybersecurity

Blog Published: 10/24/2023

Upon the conclusion of this year’s SECtember event, CSA put together an AI Think Tank Day in order to bring together interested attendees to discuss the current and future state of AI in relation to cybersecurity. We wanted an event where everyone in attendance would be given an opportunity to...

Discovering and Blocking a Zero-Day Exploit: The Case of CVE-2023-36874

Blog Published: 10/31/2023

Originally published by CrowdStrike. In July 2023, CrowdStrike discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component. Our team prepared to report this newly discovered vulnerability to Microsoft — only to discover that ...

Shift Left is Only Part of Secure Software Delivery in Financial Services

Blog Published: 11/01/2023

Originally published by Sysdig. Written by Eric Carter, Sysdig and Effi Goldstein, Snyk. The way we manage our money has changed dramatically. In little more than a decade, we’ve gone from branch-led services to feature-rich apps offering 24/7 access to our money. Open Banking is driving produ...

Navigating the AI Landscape: A Security Professional’s Guide to Enhancing Data Security Posture

Blog Published: 11/02/2023

Originally published by BigID. Written by Sarah Hospelhorn, Chief Marketing Officer, BigID. Artificial Intelligence (AI) often evokes a mix of enthusiasm, confusion, and skepticism, particularly among those in cybersecurity leadership roles such as Chief Information Security Officers (CISOs). ...

The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 1

Blog Published: 11/07/2023

Originally published by CrowdStrike. Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack. One of the less common techniques includes the exploitation of the Windows Restart Manager. To stay ahead of m...

The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 2

Blog Published: 11/14/2023

Originally published by CrowdStrike. In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries.Opportunities for RansomwareThe Restart Manager preempts unwelcome reboots by s...

Top 3 Reasons to Replace Your SEG

Blog Published: 11/15/2023

Originally published by Abnormal Security. Written by Lane Billings. By manipulating generative AI and other forms of new technology, highly skilled cybercriminals have made defending email an ever-evolving uphill battle. Traditional secure email gateways (SEGs) are no longer an effective mean...

Unnatural Selection: Why Cybercriminals are Turning to Encryption-less Ransomware

Blog Published: 10/31/2023

Originally published by CXO REvolutionaries. Written by Sam Curry, VP & CISO in Residence, Zscaler. There is a form of decidedly unnatural selection happening online, but it is nevertheless a selective process in an evolutionary sense. It is unnatural because it is online and driven by hum...

The Current State of Cloud Data Security

Blog Published: 11/02/2023

Originally published by Dig Security. Written by Sharon Farber. Cloud computing has become a go-to solution for businesses worldwide. While cloud services offer several benefits, such as flexibility, scalability, and cost-effectiveness, they also bring in several challenges, especially when ha...

CSA STAR Certifications: What are They?

Blog Published: 11/03/2023

The CSA Security, Trust, Assurance, and Risk (STAR) program is the largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing partners. Any organization operating or providing cloud services can benefit from completing ...

News of Note: Finding Solutions to Cybersecurity Impacts

Blog Published: 11/03/2023

We’re hitting that time of year where many of us are finalizing or fine-tuning annual strategies. We’re in the midst of framing top goals, priorities, and needs within the context of the plentiful challenges that we’re facing.As we despair over the number of lives lost and the unceasing destru...

Embracing a Cloud-Native Mindset

Blog Published: 11/06/2023

Written by Eyal Estrin. The use of the public cloud has become the new norm for any size organization. Organizations are adopting cloud services, migrating systems to the cloud, consuming SaaS applications, and beginning to see the true benefits of the public cloud. In this blog post, I will...

The Difference Between CSPM and SSPM

Blog Published: 11/20/2023

Originally published by Suridata. Written by Lee Kappon, Co-Founder & CEO, Suridata. Years ago, a marvelous cartoon in The New Yorker featured one bearded college professor yelling at another, “Wait, all this time, I was talking macro and you were talking micro?” This is how conversations ...

Mastering Data Flow: Enhancing Security and Compliance in the Cloud

Blog Published: 12/01/2023

Originally published by Dig Security. Written by Sharon Farber. Many organizations face challenges in determining their data’s precise locations and pathways. Without understanding where data flows, an organization cannot ensure that it remains appropriately secure and compliant throughout its...

SaaS and the Shared Security Model

Blog Published: 11/06/2023

Originally published by Suridata.Written by Haviv Ohayon, Co-Founder & COO, Suridata. Who is responsible for securing digital assets in the public cloud, the customer, or the cloud service provider (CSP)? Most of the time, it’s both. CSPs require their customers to agree to what’s known as...

MOVEit Exploit & Ransomware Attack: Why SaaS Security Is Critical During a Cyberattack

Blog Published: 11/08/2023

Originally published by Reco. Written by Gal Nakash. IntroductionIn the ever-changing landscape of cybersecurity threats, the MOVEit zero-day exploit and ransomware attack has been a reminder why a security program can’t be limited to just endpoint security & cloud security. Earlier in 202...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
150
151
152
154
156
157
158
Last »