An Overview of NIST Special Publications 800-34, 800-61, 800-63, and 800-218
Blog Published: 04/26/2023
Originally published by Schellman. Known more commonly as NIST, the National Institute of Standards and Technology provides cybersecurity frameworks that not only are integral for many government and Department of Defense contracts but are also widely accepted as a solid launch point for most org...
Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads
Blog Published: 04/26/2023
Originally published by CrowdStrike. Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hidden...
Security is Only as Good as Your Threat Intelligence
Blog Published: 04/25/2023
Now even stronger with AI Originally published by Microsoft Security. Written by John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research. Longtime cybersecurity observers know how frustrating the fight for progress can be. Our profession demands constant vigila...
Lessons from Blockbusters: What Hollywood Can Teach Us About Cyber Security
Blog Published: 04/25/2023
Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. “Everything I learned I learned from the movies.”-Audrey Hepburn, Oscar-winning actress and humanitarianFew things capture the imagination like movies. From epic dramas to tearful romances, from everyday t...
Migration to the Public Cloud: What You Need to Know and Some Best Practices
Blog Published: 04/25/2023
Written by Bindu Sundaresan, Director, AT&T Cybersecurity. Many organizations are turning to public cloud environments for their IT infrastructure expansion and enhancement. Cloud-based solutions offer many advantages, including cost-effectiveness, scalability, and ease of use. Organizations ...
Why the Cloud Security Alliance Needs to Help Secure AI (And You Do, Too)
Blog Published: 04/24/2023
When I frame a very big technology trend, I have a somewhat annoying habit of paraphrasing a quote that revolutionary Leon Trotsky may or may not have ever said. In this case it goes:You may not be interested in artificial intelligence, but artificial intelligence is interested in you.Artificial ...
The CxO Trust Cloud Change Notification Project
Blog Published: 04/24/2023
In the two years since we kicked it off, the Cloud Security Alliance’s CxO Trust Initiative has provided valuable guidance as to the key strategies necessary to advance cloud and cybersecurity within the C-Suite. We consult the CxO Trust Advisory Council regularly on issues that arise in the indu...
Cloud Security Alliance Releases First ChatGPT Guidance Paper and Issues Call for Artificial Intelligence Roadmap Collaboration
Press Release Published: 04/24/2023
RSA Conference (San Francisco) – April 24, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released Security Implications of ChatGPT, a whitepaper re...
From Cloud Data Sprawl to Cloud Data Security: Navigating the Complexities
Blog Published: 04/24/2023
Originally published by Dig Security. Written by Sharon Farber. More than 60% of enterprise data is now stored in the cloud. And as this number grows, it is becoming increasingly important to ensure complete data security. Cloud computing offers greater efficiency for storing, analyzing, and shar...
How to Support Agile Development with Zero Trust Best Practices
Blog Published: 04/24/2023
Originally published by TrueFort. Written by Nik Hewitt. What is agile development? Agile software development is the practice of delivering small pieces of working software quickly to fix bugs, add features, enhance usability, and generally improve the customer experience. It lets development te...
CSA’s Enterprise Architecture: Business Operation Support Services
Blog Published: 04/22/2023
Written by CSA’s Enterprise Architecture Working Group. The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess oppor...
Report Shows Cloud Adoption is Higher Than Ever and So is Risk
Blog Published: 04/21/2023
Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. — Here’s What You Can Do About ItWith massive global changes rocking the status quo of how organizations operate and secure data, it’s no wonder that 2022 saw some pretty huge chang...
HITRUST CSF Releases v11 to Increase Efficiencies and Stay Threat-Adaptive
Blog Published: 04/21/2023
Originally published by BARR Advisory. Written by Kyle Cohlmia. HITRUST CSF recently released version 11, which includes important updates to the framework that will help streamline the process to greater healthcare assurance and protect against new and emerging threats. As a single framework, HI...
From Code to Cloud, the Case for Cloud-Native App Protection
Blog Published: 04/21/2023
Originally published by CXO REvolutionaries. Written by Rich Campagna, SVP & GM, Posture Control, Zscaler. A Cloud Native Application Protection Platform (CNAPP) is far more than just another buzz-acronym in an industry already chock full of them. It’s the next logical stage of security evolu...
The Discovery of the First-Ever Dero Cryptojacking Campaign Targeting Kubernetes
Blog Published: 04/20/2023
Originally published by CrowdStrike. CrowdStrike discovers the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Dero is a cryptocurrency that claims to offer improved privacy, anonymity and higher and faster monetary rewards compared to Monero, which is a commonly used...
Solving the Tower of Babel Challenge
Blog Published: 04/20/2023
Originally published by Netography. Written by Martin Roesch, CEO, Netography. Today’s Atomized Networks, which are dispersed, ephemeral, encrypted, and diverse (DEED), pose numerous network monitoring and security challenges for the teams responsible for defending and managing them. Here, I’m go...
DevOps Threat Matrix
Blog Published: 04/20/2023
Originally published by Microsoft Security. Written by Ariel Brukman, Senior Security Researcher, Microsoft Defender for Cloud. The use of DevOps practices, which enable organizations to deliver software more quickly and efficiently, has been on the rise. This agile approach minimizes the time-to...
Google Proposal To Reduce TLS Certificates Validity To 90 Days Puts Focus On Automated Certificate Lifecycle Management
Blog Published: 04/19/2023
Originally published by AppViewX. On March 3, in a move that’s meant to reinforce better Internet security, Google announced a proposal called “Moving Forward, Together,” outlining some of the key policy changes it plans to introduce in future versions of its Chrome Root Program.One of the signif...
Cloud Visibility and Port Spoofing: The Known Unknown
Blog Published: 04/19/2023
Originally published by Gigamon. Written by Stephen Goudreault. As with all technology, new tools are iterations built on what came before, and classic network logging and metrics are no different. Tooling, instrumenting, and monitoring of network traffic are virtually unchanged across the privat...
A Brief Overview of the CPRA for Data Security and Privacy Professionals
Blog Published: 04/19/2023
Originally published by Laminar. Written by Orin Israely, Product Manager, Laminar. The new year brought in new changes to the California Consumer Privacy Act (CCPA) under the California Privacy Rights Act (CPRA). What does that mean for data security and privacy professionals? Here are the perti...
