Identity Modernization for Customer-Facing Applications
Blog Published: 05/02/2023
Originally published by Strata. Want to loan a friend some money? There’s an app for that. Want to exchange some dollars for Euros? There’s an app for that. In fact, the number of mobile apps that let consumers complete financial tasks that used to require a big financial institution is growing b...
SCARLETEEL: Operation Leveraging Terraform, Kubernetes, and AWS for Data Theft
Blog Published: 05/02/2023
Originally published by Sysdig on February 28, 2023. Written by Alberto Pellitteri. The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized wo...
How To Use An Identity Fabric To Manage Identity Sprawl
Blog Published: 05/02/2023
Written by Lior Yaari, CEO, Grip Security. Originally published on Forbes. From HR to IT and factories to finance, the enterprise runs on SaaS. The rapid adoption of SaaS services, however, has led to the two-pronged threat of identity attacks and the hijacking of critical tools leveraged to run ...
Beyond the Inbox: Protecting Against Collaboration Apps as an Emerging Attack Vector
Blog Published: 05/01/2023
Originally published by Abnormal Security. Written by Mike Britton. Email has always been a lucrative attack vector for cybercriminals. Even today, it continues to be their most common path into an organization, and enterprises are undoubtedly feeling the impact. Losses due to business email comp...
A Security Work Stream Is Critical to IT Modernization
Blog Published: 05/01/2023
Originally published by Lookout. Written by Fazal Sadikali, Technology Managing Director of Cloud Insights, Lookout. With new technology being developed at a rapid pace, adaptability is crucial for a company to thrive against its competitors. IT cloud modernization is a great way to drive sal...
The State of Data Security: The Hard Truths
Blog Published: 05/01/2023
Originally published by Rubrik. Written by Steve Stone. Rubrik Zero Labs is excited to debut its second State of Data Security report: “The State of Data Security: The Hard Truths.” This in-depth global study uses telemetry data to provide objective data security insights. Rubrik data is ...
It May Only Take One Attack to Get Stung by OneNote!
Blog Published: 04/28/2023
Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Part of Microsoft’s extensive 365 application suite, Microsoft OneNote offers users a powerful yet flexible information management workbench. As organizations continue their rampant...
Analysis for CVE-2023-23397 Microsoft Outlook Vulnerability
Blog Published: 04/28/2023
Originally published by InsiderSecurity. CVE-2023-23397 Threat Overview InsiderSecurity analysed the possible exploitation techniques for the recent Outlook vulnerability, as well as methods for early detection of such exploits, both for this specific vulnerability and future similar vulnerabilit...
Unintended Third-Party Access to Data Through Supported Azure Built-In Roles
Blog Published: 04/28/2023
Originally published by Symmetry Systems. Written by Sachin Tyagi. A combination of built-in contributor permissions could allow unintended data access in Azure Lighthouse Symmetry Systems would like to extend their appreciation and thanks to the Azure Lighthouse product managers and the ...
What Boards Need to Know About GRC and Atomized Networks
Blog Published: 04/27/2023
Originally published by Netography. Written by Martin Roesch, CEO, Netography. New regulations proposed by the Security Exchange Commission (SEC) around cybersecurity governance, risk management, and compliance (GRC) are forcing CEOs and board members to take a hard look at their governance capab...
3 Reasons Why Data Security Helps Ensure Cyber Recovery
Blog Published: 04/27/2023
Originally published by Rubrik. Written by Srujana Puttagunta. Are you still relying on legacy backup systems to protect your business from cyber attacks? If so, you might want to think twice. Cyber attacks have become so common that 98% of security and IT leaders reported that they dealt w...
Cloud Security Alliance Welcomes Three New Board Members
Press Release Published: 04/27/2023
New members bring wealth of cloud security expertise to CSARSA Conference (San Francisco) – April 27, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment,...
The Road to M&A Hell is Paved with Good (IP-based) Intentions
Blog Published: 04/27/2023
Originally published by Zscaler. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. TCP/IP-based communications have been the cornerstone of corporate networks for more than 30 years. Organisations like Cisco excelled at training an army of mechanical TCP/IP converts who t...
Discover the Cloud Security Alliance's STAR Program: A Must-Know for Enterprise CISOs
Blog Published: 04/26/2023
IntroductionCloud computing has unleashed unprecedented computational prowess and storage potential for businesses, but it comes with increased data privacy and security worries. The Cloud Security Alliance (CSA) spearheads efforts to tackle these concerns via its Security, Trust, Assurance and R...
An Overview of NIST Special Publications 800-34, 800-61, 800-63, and 800-218
Blog Published: 04/26/2023
Originally published by Schellman. Known more commonly as NIST, the National Institute of Standards and Technology provides cybersecurity frameworks that not only are integral for many government and Department of Defense contracts but are also widely accepted as a solid launch point for most org...
Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads
Blog Published: 04/26/2023
Originally published by CrowdStrike. Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hidden...
Security is Only as Good as Your Threat Intelligence
Blog Published: 04/25/2023
Now even stronger with AI Originally published by Microsoft Security. Written by John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research. Longtime cybersecurity observers know how frustrating the fight for progress can be. Our profession demands constant vigila...
Lessons from Blockbusters: What Hollywood Can Teach Us About Cyber Security
Blog Published: 04/25/2023
Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. “Everything I learned I learned from the movies.”-Audrey Hepburn, Oscar-winning actress and humanitarianFew things capture the imagination like movies. From epic dramas to tearful romances, from everyday t...
Migration to the Public Cloud: What You Need to Know and Some Best Practices
Blog Published: 04/25/2023
Written by Bindu Sundaresan, Director, AT&T Cybersecurity. Many organizations are turning to public cloud environments for their IT infrastructure expansion and enhancement. Cloud-based solutions offer many advantages, including cost-effectiveness, scalability, and ease of use. Organizations ...
The CxO Trust Cloud Change Notification Project
Blog Published: 04/24/2023
In the two years since we kicked it off, the Cloud Security Alliance’s CxO Trust Initiative has provided valuable guidance as to the key strategies necessary to advance cloud and cybersecurity within the C-Suite. We consult the CxO Trust Advisory Council regularly on issues that arise in the indu...