Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Taking Back Control: The Growing Appeal of On-Premise and Hybrid Solutions

Blog Published: 03/13/2024

Written by Ascertia. The digital age demands robust security and unwavering trust. While cloud-based solutions have dominated recent years, organisations across the globe are increasingly turning to on-premise and hybrid-based digital trust solutions. This blog explores the factors driving thi...

Cybersecurity Regulations and the Impact on Consumers

Blog Published: 03/13/2024

Originally published by RegScale.The theme for this year’s Cybersecurity Awareness Month, “Secure Our World,” underscores the importance of cybersecurity in our daily lives. This theme serves as a reminder that despite the convenience and connectivity of the digital age, there are inherent risks ...

CSA Community Spotlight: Propelling the Industry Forward with Larry Whiteside Jr.

Blog Published: 03/12/2024

Now 15 years old, the Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2009, CSA was officially incorporated and we released the first version of our Security Gui...

A Guide to GCP Organization Policy: Managing Access

Blog Published: 03/12/2024

Originally published by Sonrai Security. Written by Tally Shea.Governance, security and compliance become difficult projects at scale. If you’re an enterprise operating out of Google Cloud, you’re likely looking for ways to manage access, enforce guardrails, and make configuration constraints to ...

Checklist for Designing Cloud-Native Applications – Part 2: Security Aspects

Blog Published: 03/12/2024

Written by Eyal Estrin.In Chapter 1 of this series about considerations when building cloud-native applications, we introduced various topics such as business requirements, infrastructure considerations, automation, resiliency, and more. In this chapter, we will review security considerations wh...

The Implications of AI in Cybersecurity - A Transformative Journey

Blog Published: 03/11/2024

The emergence of Artificial Intelligence (AI) stands as both a beacon of hope and a subject of intricate debate. This transformative technology, with its dual-edged potential, demands a careful examination of its implications in the realm of cybersecurity. The integration of AI into cybersecurity...

Phishing in Azure Cloud: A Targeted Campaign on Executive Accounts

Blog Published: 03/11/2024

Originally published by Adaptive Shield.Written by Hananel Livneh.In recent weeks, a concerning wave of cyber attacks has been targeting Microsoft Azure environments, compromising crucial user accounts, including those of senior executives. Proofpoint researchers have identified an ongoing malici...

The Future Role of AI in Cybersecurity

Blog Published: 03/11/2024

Originally published by DigiCert.Written by Dr. Avesta Hojjati.With an estimated market size of $102 billion by 2032, it’s no secret that Artificial intelligence (AI) is taking every industry by storm. We all know the basic idea of AI – it’s like creating really clever computers by showing them l...

Five Lessons Learned From Okta’s Support Site Breach

Blog Published: 03/11/2024

Originally published by Valence. Written by Adrian Sanabria. On September 29th, 2023, security vendor 1Password discovered unauthorized activity in their Okta tenant. An employee unexpectedly received an email that they had requested a report listing Okta administrators. A 1Password employee had ...

HijackLoader Expands Techniques to Improve Defense Evasion

Blog Published: 03/08/2024

Originally published by CrowdStrike. HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and toolingA recent HijackLoader variant employs sophisticated techniques to enhance its complexity and defense evasionCrowdStrike detects this new Hijack...

Embracing Zero Trust: A Blueprint for Secure Digital Transformation

Blog Published: 03/08/2024

Written by the CSA Zero Trust Working Group.Zero Trust security has transitioned from a buzzword to a critical framework essential for safeguarding an organization’s assets. Recently released by CSA, Defining the Zero Trust Protect Surface offers a guide for organizations embarking on the first s...

What are Non-Human Identities?

Blog Published: 03/08/2024

Originally published by Oasis Security.Written by Amit Zimerman, Co-founder & CPO, Oasis Security. A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication. NHIs are pivotal in today's evolving enterprise systems, especially as organizations tran...

Fuzzing and Bypassing the AWS WAF

Blog Published: 03/07/2024

Originally published by Sysdig. Written by Daniele Linguaglossa. The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a...

QR Codes, Audio Notes, and Voicemail - Clever Tricks Up a Phisher’s Sleeve

Blog Published: 03/07/2024

Written by David Balaban.Cybercriminals are increasingly cashing in on human gullibility rather than the security flaws of software architecture. It comes as no surprise that phishing, the dominating vector of social engineering attacks targeting individuals and businesses alike, is on a steady r...

Cybersecurity Advisory: Apache Struts Vulnerability CVE-2023-50164

Blog Published: 03/06/2024

Originally published by Uptycs. The Apache Struts vulnerability CVE-2023-50164, with a critical CVSS score of 9.8, poses a significant threat to a wide range of industries. This newly reported vulnerability enables remote code execution, and its exploitation is already evident in the wild.Apache ...

How Do I Choose a SOC Auditor?

Blog Published: 03/06/2024

Originally published by MJD.Written by JC London, Senior Manager, CISA, CISSP, MJD. Q: How do I choose a SOC auditor?A: MJD Answer:Choosing the right auditor and audit team may seem like an uncomplicated process at first. You’ve done your research, asked ChatGPT for its opinion, and you feel like...

Implementing DevSecOps: Some Practical Considerations for CISOs

Blog Published: 03/06/2024

Originally published by CXO REvolutionaries. Written by Sam Curry, VP & CISO in Residence, Zscaler. “The perfect is the enemy of the good.” – VoltaireIn early development models like Waterfall – where all processes were performed sequentially – a high wall separated build teams and run teams,...

Adhere to the EU Cloud CoC through the CSA

Blog Published: 03/05/2024

Written by SCOPE Europe.It’s live - you can now adhere to the EU Cloud CoC through the CSA!With a shared mission of supporting the dissemination of trusted cloud services, the anticipated collaboration between the EU Cloud CoC and Cloud Service Alliance (CSA) is now live. In practice, this collab...

Evolving Email Threats: 5 Attacks to Watch For in 2024

Blog Published: 03/05/2024

Originally published by Abnormal Security.Written by Emily Burns. A new year means a new set of challenges across the email threat landscape. While traditional attack vectors are continuing to trend upward, there are also a number of novel attack types emerging. Threat actors have learned to bypa...

11 Months to DORA: EU's New Framework For BFSI

Blog Published: 03/04/2024

Written by [email protected], AuditCue.In September 2020, the European Commission unveiled a landmark proposal - the Digital Operational Resilience Act (DORA) - as part of its sweeping Digital Finance Package aimed at fortifying cybersecurity across EU financial institutions. Once finalized, DORA...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.