CSA STAR CCM Lite
Blog Published: 11/16/2023
Written by Ashwin Chaudhary, CEO, Accedere. The Cloud Security Alliance (CSA) STAR CCM Lite is a streamlined version of the CSA Cloud Controls Matrix (CCM) v4, a cybersecurity controls framework for cloud computing developed by CSA. CCM v4 was released in September 2021. The CCM Lite is a compreh...
Top 3 Reasons to Replace Your SEG
Blog Published: 11/15/2023
Originally published by Abnormal Security. Written by Lane Billings. By manipulating generative AI and other forms of new technology, highly skilled cybercriminals have made defending email an ever-evolving uphill battle. Traditional secure email gateways (SEGs) are no longer an effective means o...
Cloud Security Alliance Launches the Industry’s First Authoritative Zero Trust Training and Credential, the Certificate of Competence in Zero Trust (CCZT)
Press Release Published: 11/15/2023
Uniquely positions CSA as the authoritative source to deliver the industry’s first holistic benchmark for measuring Zero Trust knowledgeSEATTLE – Nov. 15, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices...
Behind the Curtain with a CCZT Developer: Head of Identity Security Sesh Ramasharma
Blog Published: 11/14/2023
The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...
CCZT: A Major Milestone on the Zero Trust Journey
Blog Published: 11/14/2023
My personal history in cybersecurity began in the very early days of the commercialization of the nascent Internet. I started out as a firewall guy in 1992, primarily because my customers relied on firewalls to protect their network perimeters. Firewall implementation was underpinned by a simple ...
More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
Blog Published: 11/14/2023
Originally published by Mitiga. Written by Ariel Szarf and Or Aspir. Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software sig...
The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 2
Blog Published: 11/14/2023
Originally published by CrowdStrike. In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries.Opportunities for RansomwareThe Restart Manager preempts unwelcome reboots by shut...
Understanding Data Inventory and Why It Matters to CISOs
Blog Published: 11/13/2023
Originally published by Symmetry Systems. Written by Claude Mandy, Chief Evangelist, Symmetry Systems. In a modern organization, you cannot overstate the role of data. It is the largest, distributed and most valuable asset they have. Data influences everything from revenue growth to security risk...
Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit
Blog Published: 11/13/2023
Originally published by CAS Assurance. What is the ISO 27001 Internal Audit?Generally, internal audit is defined as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization achieve its objectives by brin...
Nonprofit Cyber Launches World More Than a Password Day
Press Release Published: 11/10/2023
Coalition of nonprofit organizations releases groundbreaking Common Guidance on Passwords with 90 signatories globallyNew York, Nov. 10, 2023: Safeguarding your online identity and data has never been more critical. “World More Than a Password Day” is a global movement to emphasize the importance...
I’m Implementing Generative AI Into My Company’s Cybersecurity Product. Here’s What I’ve Learned.
Blog Published: 11/09/2023
Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. AI is ubiquitously on everyone’s minds today – from large corporations to middle school classrooms. And it’s no wonder—this technology is transformative in the speed of creation and innovation.When ChatGPT came out, I ...
Navigating Compliance Requirements for Businesses Collecting Consumer Health Information
Blog Published: 11/09/2023
Originally published by BARR Advisory.The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) recently released an updated joint publication for organizations that collect consumer health information. The publication provides businesses guidance for complying...
Bad Zero Trust is Not Good Security
Blog Published: 11/08/2023
Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler. As an advocate and veteran practitioner of zero trust, I was intrigued by a recent article decrying its "vulnerability.” In fact, seeing zero trust and vulnerability in the same headline had me wonderin...
MOVEit Exploit & Ransomware Attack: Why SaaS Security Is Critical During a Cyberattack
Blog Published: 11/08/2023
Originally published by Reco. Written by Gal Nakash. IntroductionIn the ever-changing landscape of cybersecurity threats, the MOVEit zero-day exploit and ransomware attack has been a reminder why a security program can’t be limited to just endpoint security & cloud security. Earlier in 2023, ...
The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 1
Blog Published: 11/07/2023
Originally published by CrowdStrike. Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack. One of the less common techniques includes the exploitation of the Windows Restart Manager. To stay ahead of mali...
Quarterly Threat Bulletin: WinRAR Zero-Day Vuln and More
Blog Published: 11/07/2023
Originally published by Uptycs.Written by Dan Verton. The Uptycs Threat Research Team released its latest Quarterly Threat Bulletin today, covering the tactics, techniques and procedures (TTPs) of the most prevalent malware and threat actor groups. The Q3 Threat Bulletin highlighted the active ex...
Embracing a Cloud-Native Mindset
Blog Published: 11/06/2023
Written by Eyal Estrin. The use of the public cloud has become the new norm for any size organization. Organizations are adopting cloud services, migrating systems to the cloud, consuming SaaS applications, and beginning to see the true benefits of the public cloud. In this blog post, I will ex...
SaaS and the Shared Security Model
Blog Published: 11/06/2023
Originally published by Suridata.Written by Haviv Ohayon, Co-Founder & COO, Suridata. Who is responsible for securing digital assets in the public cloud, the customer, or the cloud service provider (CSP)? Most of the time, it’s both. CSPs require their customers to agree to what’s known as a ...
News of Note: Finding Solutions to Cybersecurity Impacts
Blog Published: 11/03/2023
We’re hitting that time of year where many of us are finalizing or fine-tuning annual strategies. We’re in the midst of framing top goals, priorities, and needs within the context of the plentiful challenges that we’re facing.As we despair over the number of lives lost and the unceasing destructi...
CSA STAR Certifications: What are They?
Blog Published: 11/03/2023
The CSA Security, Trust, Assurance, and Risk (STAR) program is the largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing partners. Any organization operating or providing cloud services can benefit from completing the...