Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

All Articles

All Articles
2023 Threat Intelligence Year in Review: Key Insights and Developments

Blog Published: 03/14/2024

Originally published by Microsoft Security.It has been an incredible year for Microsoft Threat Intelligence. The sheer volume of threats and attacks revealed through the more than 65 trillion signals we monitor daily has given us many inflection points, especially as we notice a shift in how thre...

A Comprehensive Guide to Business Cyber Security

Blog Published: 03/14/2024

Originally published by CAS Assurance. In the digital age, online security is among the most critical factors for any business. As more and more people are living their lives online, security has become a priority for those giving up sensitive information – including financial data – via the Worl...

Understanding and Preventing Business Email Compromise

Blog Published: 03/14/2024

Originally published by CXO REvolutionaries.Written by Gary Parker, CTO in Residence, Zscaler.Businesses of all sizes face a growing cybersecurity and financial threat known as business email compromise (BEC) simply because they use email. BEC attacks have become increasingly sophisticated, posin...

Lessons Learned from HIPAA Compliance Breaches

Blog Published: 03/13/2024

Originally published by BARR Advisory.Written by Claire McKenna. According to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), there has been a considerable upward trend in healthcare data breaches since the office began tracking data breach statistics in 2009. You...

Taking Back Control: The Growing Appeal of On-Premise and Hybrid Solutions

Blog Published: 03/13/2024

Written by Ascertia. The digital age demands robust security and unwavering trust. While cloud-based solutions have dominated recent years, organisations across the globe are increasingly turning to on-premise and hybrid-based digital trust solutions. This blog explores the factors driving thi...

Cybersecurity Regulations and the Impact on Consumers

Blog Published: 03/13/2024

Originally published by RegScale.The theme for this year’s Cybersecurity Awareness Month, “Secure Our World,” underscores the importance of cybersecurity in our daily lives. This theme serves as a reminder that despite the convenience and connectivity of the digital age, there are inherent risks ...

CSA Community Spotlight: Propelling the Industry Forward with Larry Whiteside Jr.

Blog Published: 03/12/2024

Now 15 years old, the Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2009, CSA was officially incorporated and we released the first version of our Security Gui...

A Guide to GCP Organization Policy: Managing Access

Blog Published: 03/12/2024

Originally published by Sonrai Security. Written by Tally Shea.Governance, security and compliance become difficult projects at scale. If you’re an enterprise operating out of Google Cloud, you’re likely looking for ways to manage access, enforce guardrails, and make configuration constraints to ...

Checklist for Designing Cloud-Native Applications – Part 2: Security Aspects

Blog Published: 03/12/2024

Written by Eyal Estrin.In Chapter 1 of this series about considerations when building cloud-native applications, we introduced various topics such as business requirements, infrastructure considerations, automation, resiliency, and more. In this chapter, we will review security considerations wh...

The Implications of AI in Cybersecurity - A Transformative Journey

Blog Published: 03/11/2024

The emergence of Artificial Intelligence (AI) stands as both a beacon of hope and a subject of intricate debate. This transformative technology, with its dual-edged potential, demands a careful examination of its implications in the realm of cybersecurity. The integration of AI into cybersecurity...

Phishing in Azure Cloud: A Targeted Campaign on Executive Accounts

Blog Published: 03/11/2024

Originally published by Adaptive Shield.Written by Hananel Livneh.In recent weeks, a concerning wave of cyber attacks has been targeting Microsoft Azure environments, compromising crucial user accounts, including those of senior executives. Proofpoint researchers have identified an ongoing malici...

The Future Role of AI in Cybersecurity

Blog Published: 03/11/2024

Originally published by DigiCert.Written by Dr. Avesta Hojjati.With an estimated market size of $102 billion by 2032, it’s no secret that Artificial intelligence (AI) is taking every industry by storm. We all know the basic idea of AI – it’s like creating really clever computers by showing them l...

Five Lessons Learned From Okta’s Support Site Breach

Blog Published: 03/11/2024

Originally published by Valence. Written by Adrian Sanabria. On September 29th, 2023, security vendor 1Password discovered unauthorized activity in their Okta tenant. An employee unexpectedly received an email that they had requested a report listing Okta administrators. A 1Password employee had ...

HijackLoader Expands Techniques to Improve Defense Evasion

Blog Published: 03/08/2024

Originally published by CrowdStrike. HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and toolingA recent HijackLoader variant employs sophisticated techniques to enhance its complexity and defense evasionCrowdStrike detects this new Hijack...

Embracing Zero Trust: A Blueprint for Secure Digital Transformation

Blog Published: 03/08/2024

Written by the CSA Zero Trust Working Group.Zero Trust security has transitioned from a buzzword to a critical framework essential for safeguarding an organization’s assets. Recently released by CSA, Defining the Zero Trust Protect Surface offers a guide for organizations embarking on the first s...

What are Non-Human Identities?

Blog Published: 03/08/2024

Originally published by Oasis Security.Written by Amit Zimerman, Co-founder & CPO, Oasis Security. A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication. NHIs are pivotal in today's evolving enterprise systems, especially as organizations tran...

Fuzzing and Bypassing the AWS WAF

Blog Published: 03/07/2024

Originally published by Sysdig. Written by Daniele Linguaglossa. The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a...

QR Codes, Audio Notes, and Voicemail - Clever Tricks Up a Phisher’s Sleeve

Blog Published: 03/07/2024

Written by David Balaban.Cybercriminals are increasingly cashing in on human gullibility rather than the security flaws of software architecture. It comes as no surprise that phishing, the dominating vector of social engineering attacks targeting individuals and businesses alike, is on a steady r...

Cybersecurity Advisory: Apache Struts Vulnerability CVE-2023-50164

Blog Published: 03/06/2024

Originally published by Uptycs. The Apache Struts vulnerability CVE-2023-50164, with a critical CVSS score of 9.8, poses a significant threat to a wide range of industries. This newly reported vulnerability enables remote code execution, and its exploitation is already evident in the wild.Apache ...

How Do I Choose a SOC Auditor?

Blog Published: 03/06/2024

Originally published by MJD.Written by JC London, Senior Manager, CISA, CISSP, MJD. Q: How do I choose a SOC auditor?A: MJD Answer:Choosing the right auditor and audit team may seem like an uncomplicated process at first. You’ve done your research, asked ChatGPT for its opinion, and you feel like...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.