Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
MOVEit Exploit & Ransomware Attack: Why SaaS Security Is Critical During a Cyberattack

Blog Published: 11/08/2023

Originally published by Reco. Written by Gal Nakash. IntroductionIn the ever-changing landscape of cybersecurity threats, the MOVEit zero-day exploit and ransomware attack has been a reminder why a security program can’t be limited to just endpoint security & cloud security. Earlier in 2023, ...

The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 1

Blog Published: 11/07/2023

Originally published by CrowdStrike. Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack. One of the less common techniques includes the exploitation of the Windows Restart Manager. To stay ahead of mali...

Quarterly Threat Bulletin: WinRAR Zero-Day Vuln and More

Blog Published: 11/07/2023

Originally published by Uptycs.Written by Dan Verton. The Uptycs Threat Research Team released its latest Quarterly Threat Bulletin today, covering the tactics, techniques and procedures (TTPs) of the most prevalent malware and threat actor groups. The Q3 Threat Bulletin highlighted the active ex...

Embracing a Cloud-Native Mindset

Blog Published: 11/06/2023

Written by Eyal Estrin. The use of the public cloud has become the new norm for any size organization. Organizations are adopting cloud services, migrating systems to the cloud, consuming SaaS applications, and beginning to see the true benefits of the public cloud. In this blog post, I will ex...

SaaS and the Shared Security Model

Blog Published: 11/06/2023

Originally published by Suridata.Written by Haviv Ohayon, Co-Founder & COO, Suridata. Who is responsible for securing digital assets in the public cloud, the customer, or the cloud service provider (CSP)? Most of the time, it’s both. CSPs require their customers to agree to what’s known as a ...

News of Note: Finding Solutions to Cybersecurity Impacts

Blog Published: 11/03/2023

We’re hitting that time of year where many of us are finalizing or fine-tuning annual strategies. We’re in the midst of framing top goals, priorities, and needs within the context of the plentiful challenges that we’re facing.As we despair over the number of lives lost and the unceasing destructi...

CSA STAR Certifications: What are They?

Blog Published: 11/03/2023

The CSA Security, Trust, Assurance, and Risk (STAR) program is the largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing partners. Any organization operating or providing cloud services can benefit from completing the...

The Current State of Cloud Data Security

Blog Published: 11/02/2023

Originally published by Dig Security. Written by Sharon Farber. Cloud computing has become a go-to solution for businesses worldwide. While cloud services offer several benefits, such as flexibility, scalability, and cost-effectiveness, they also bring in several challenges, especially when handl...

Navigating the AI Landscape: A Security Professional’s Guide to Enhancing Data Security Posture

Blog Published: 11/02/2023

Originally published by BigID. Written by Sarah Hospelhorn, Chief Marketing Officer, BigID. Artificial Intelligence (AI) often evokes a mix of enthusiasm, confusion, and skepticism, particularly among those in cybersecurity leadership roles such as Chief Information Security Officers (CISOs). AI ...

Shift Left is Only Part of Secure Software Delivery in Financial Services

Blog Published: 11/01/2023

Originally published by Sysdig. Written by Eric Carter, Sysdig and Effi Goldstein, Snyk. The way we manage our money has changed dramatically. In little more than a decade, we’ve gone from branch-led services to feature-rich apps offering 24/7 access to our money. Open Banking is driving product ...

3 Cybersecurity Threats Caused by Generative AI

Blog Published: 11/01/2023

Originally published by Abnormal Security. Written by Jade Hill. New technologies invite a spectrum of reactions. On the extreme ends are the people who, perhaps naively, think that novel tech will solve all humanity's problems or lead us to our collective doom. But reality is always more nuanced...

Discovering and Blocking a Zero-Day Exploit: The Case of CVE-2023-36874

Blog Published: 10/31/2023

Originally published by CrowdStrike. In July 2023, CrowdStrike discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component. Our team prepared to report this newly discovered vulnerability to Microsoft — only to discover that the...

Unnatural Selection: Why Cybercriminals are Turning to Encryption-less Ransomware

Blog Published: 10/31/2023

Originally published by CXO REvolutionaries. Written by Sam Curry, VP & CISO in Residence, Zscaler. There is a form of decidedly unnatural selection happening online, but it is nevertheless a selective process in an evolutionary sense. It is unnatural because it is online and driven by humans...

Why the Implementation of CIRA is So Important for Incident Response

Blog Published: 10/30/2023

Originally published by Mitiga. Written by Tal Mozes. Incident response for cloud and SaaS (Software as a Service) requires new capabilities. Gartner® has released its recent report entitled “Emerging Tech: Security — Cloud Investigation and Response Automation Offers Transformation Opportunities...

What is the Business Value of Zero Trust?

Blog Published: 10/27/2023

Written by the CSA Zero Trust Working Group.Zero Trust requires an ongoing investment of time, resources, and budget, but in return results in security, technical, and business benefits. This blog will take a look at the many ways Zero Trust delivers business value.Cost Reduction and Optimization...

Three Cloud Security Remediation Mistakes Companies Keep Making (And What to Do About Them)

Blog Published: 10/26/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. In the fast-paced world of cloud-delivered software, security remediation is critical to the success of your organization. Investing in tools to detect application vulnerability and infrastructure misconfigurations is ...

Penetration Testing vs. Red Teaming

Blog Published: 10/25/2023

Originally published by Schellman.Penetration testing and red team assessments are often conflated or confused—though they’re both advantageous cybersecurity solutions, there are distinct differences between them that any organization considering either should know. Just to be clear, a penetratio...

Charting the Future of AI in Cybersecurity

Blog Published: 10/24/2023

Upon the conclusion of this year’s SECtember event, CSA put together an AI Think Tank Day in order to bring together interested attendees to discuss the current and future state of AI in relation to cybersecurity. We wanted an event where everyone in attendance would be given an opportunity to he...

The State of Cybersecurity Compliance in 2023 – Part 1

Blog Published: 10/24/2023

Originally published by Coalfire. Written by Adam Shnider, EVP, Compliance Services, Coalfire. Key Takeaways: Costs are rising, and many industries, including retail, financial services, tech, and healthcare, report rising compliance costs. Evolving framework requirements and revisions are inc...

Fighting Against the Current is For Salmon, Not Cybersecurity

Blog Published: 10/24/2023

Originally published by CXO REvolutionaries Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler. It’s easy to lose sight of the big picture when seeking truths in the tech sector. Pick any topic in our industry, and you will discover a rabbit hole that forks repeatedly into equally ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.