Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab

Blog Published: 12/04/2023

Originally published by Sysdig. Written by Miguel Hernández. The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attac...

A Seven Step Approach to IoT Security

Blog Published: 12/05/2023

Written by Ravishankar (Ravi) Chamarajnagar, Chief Product Officer, AppViewX. The Internet of Things (IoT) revolution has transformed the world with everything from our smart homes and wearables to industrial automation and the potential of smart cities. According to IoT Analytics, active IoT ...

What are the Keys to Success with SOC 2 Reporting?

Blog Published: 12/05/2023

Originally published by MJD.Q: What are the keys to success with SOC 2 Reporting?A: MJD AnswerIt’s natural to feel pressure from your organization's SOC 2 exam. There are people counting on it, the expectations are not always clear, and the idea of potential “failure” will always introduce s...

Natural Disasters: A Perfect Storm for Data Breaches

Blog Published: 12/11/2023

Written by Rocco Alfonzetti, CCSK, CCAK, CDPSE, Security Officer at Paperclip, Inc. and Member of the CSA Data Security Working Group. The recent wildfires on Maui have had a devastating impact on the island, both in terms of human life and property damage. However, the fraud implications of t...

Embed Security from Code to Cloud with Unified CNAPPs

Blog Published: 12/12/2023

Originally published by CSO Online. Written by Giulio Astori, Principal Program Manager, Microsoft Security. A decade ago, most companies relied on individual point solutions to secure specific aspects of their cloud environment. They might have one solution for vulnerability management, anoth...

IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations

Blog Published: 12/14/2023

Originally published by CrowdStrike.CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023. Based on a d...

How to Integrate CSA STAR Level 2 Into Your Compliance Strategy

Blog Published: 12/14/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the Cloud Security Alliance (CSA), the Security, Trust, Assurance, and Risk (STAR) program encompasses “key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls ...

AI: Both a Help and a Hindrance for the Public Sector

Blog Published: 12/15/2023

Originally published by Synack on October 27, 2023. Written by Luke Luckett. Last week, we hosted the Synack Security Symposium in Washington, D.C. In an open forum, Wade Lance, Synack’s Global Field CISO, facilitated a lively discussion on cybersecurity in the age of AI. Several theme...

eBPF Offensive Capabilities – Get Ready for Next-Gen Malware

Blog Published: 12/18/2023

Originally published by Sysdig. Written by Daniele Linguaglossa. It’s not a mystery that eBPF (Extended Berkeley Packet Filter) is a powerful technology, and given its nature, it can be used for good and bad purposes. In this article, we will explore some of the offensive capabilities that e...

The Top 3 SaaS Security Challenges

Blog Published: 12/05/2023

Originally published by Suridata.Written by Haviv Ohayon, Co-Founder & COO, Suridata.Software-as-a-Service (SaaS) applications present a number of potentially serious security challenges. The risks posed by SaaS arise out of a combination of factors. For one thing, SaaS is popular, with mo...

11 Attacks in 13 Months: The New Generation of Supply Chain Attacks

Blog Published: 12/06/2023

Originally published by Astrix. Written by Dana Katz. A new generation of supply chain attacks has been rising in recent years. In such attacks, hackers abuse third-party & internal non-human access as a means of accessing core business systems. While many conversations about supply chain ...

The Road to Autonomous Cloud Security Remediation

Blog Published: 12/07/2023

Originally published by Dazz.Written by Tomer Schwartz, Co-founder & CTO, Dazz. Back in the data center days, a typical enterprise had one or two applications and one or two engineering teams to deploy them. When there was a vulnerability, an engineer could simply log into a server and fix...

The Difference Between Securing Custom-Developed vs. Commercial Off-the-Shelf Software

Blog Published: 12/20/2023

Originally published by CrowdStrike. Modern applications are designed to process, use and store vast amounts of sensitive data. As adversaries seek to infiltrate these applications, IT and security teams must ensure the software they use has the strongest possible security. The first step to i...

The 2023 OMB Draft Memorandum on FedRAMP Explained: The Road to Modernization

Blog Published: 12/20/2023

Originally published by Schellman. On October 27, 2023, the Office of Management and Budget (OMB) released a draft memorandum titled Modernizing the Federal Risk Authorization Management Program (FedRAMP). Savvy readers may have noticed the parallelism of the 2011 and 2023 FedRAMP memorandums ...

Scarleteel 2.0 and the MITRE ATT&CK Framework

Blog Published: 01/02/2024

Originally published by Sysdig. Written by Nigel Douglas. In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, w...

Are You a Fit for CSA’s Advanced Cloud Security Practitioner (ACSP) Training?

Blog Published: 12/07/2023

Over a decade ago, there was a significant lack of cloud security skills and knowledge within the industry. We developed the CCSK+ training class as a “101” level training to help security professionals move into the world of cloud computing and gain an understanding of cloud fundamentals. Th...

The Top 5 Third-Party Integration Risks

Blog Published: 01/03/2024

Originally published by Suridata. Written by Haviv Ohayon, Co-Founder & COO, Suridata. Businesses are embracing Software-as-a-Service (SaaS) applications with growing enthusiasm. The market for SaaS software has doubled over the last five years, from $85 billion in 2018 to $171 billion in ...

Defensive AI, Deepfakes, and the Rise of AGI: Cybersecurity Predictions and What to Expect in 2024

Blog Published: 01/04/2024

Originally published by Abnormal Security on November 30, 2023. Written by Jade Hill. There is no denying that AI has been the buzzword of 2023, as this year professionals and cybercriminals alike discovered how to use it to their advantage. And as we look into the new year, that is not likely...

Why Cloud-Forward Tech Teams Need to Abandon Traditional IAM and PAM

Blog Published: 12/11/2023

Originally published by Britive.Most modern tech teams are aware that the cloud has become the backbone of innovation, scalability, and agility. However, with great power comes great responsibility, particularly when it comes to securing cloud resources and data. This is precisely where Identi...

Why Your Public Partners Care About Your Cybersecurity Approach

Blog Published: 12/12/2023

Originally published by CXO REvolutionaries. Written by Kavitha Mariappan, EVP, Customer Experience and Transformation, Zscaler. While the connection between cybersecurity, environmental, social, and governance (ESG) issues, and private companies may not be immediately obvious, they influence ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
153
154
155
157
159
160
161
Last »