Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy

Blog Published: 03/22/2023

Originally published by CrowdStrike. GuLoader is an advanced malware downloader that uses a polymorphic shellcode loader to dodge traditional security solutionsCrowdStrike researchers expose complete GuLoader behavior by mapping all embedded DJB2 hash values for every API used by the malwareNew s...

Too Much Trust in the Cuckoo’s Nest

Blog Published: 03/22/2023

Originally published by CXO REvolutionaries. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Editor’s note: The world’s first cyber thriller anticipated zero trust more than three decades before it was born. And yes, this article could be a spoiler for some readers.I didn’t read ...

What Business Leaders Can Learn from Russia's Cyber Offensive Against Ukraine

Blog Published: 03/21/2023

Originally published by Google Cloud. Written by Phil Venables, VP/CISO, Google Cloud. Threat actors are taking tactics from Russia's cyber operations against Ukraine. Businesses and organizations should evaluate their countermeasures accordingly. A new Google report finds the offensive against U...

LummaC2 Stealer: A Potent Threat To Crypto Users

Blog Published: 03/21/2023

Originally published by Cyble. New Stealer Targeting Crypto Wallets and 2FA Extensions of Various BrowsersDuring a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based ...

How to Pen Test the C-Suite for Cybersecurity Readiness

Blog Published: 03/21/2023

Originally published by F5. Written by Gail Coury. F5’s executive leadership got an urgent message: a malicious actor within the company was sending confidential information to a third party that could put customers at serious risk. We immediately formed a combined response team of technical cybe...

An Introduction to Data Detection and Response (DDR)

Blog Published: 03/20/2023

Originally published by Dig Security. Written by Sharon Farber, Director of Product Marketing, Dig Security. How long would it take you to respond to a cloud data breach? For most organizations, the answer is ‘far too long’. According to a 2022 report by IBM, businesses took an average of 207 day...

Analysis on Docker Hub Malicious Images: Attacks Through Public Container Images

Blog Published: 03/20/2023

Originally published by Sysdig. Written by Stefano Chierici. Supply Chain attacks are not new, but this past year they received much more attention due to high profile vulnerabilities in popular dependencies. Generally, the focus has been on the dependency attack vector. This is when source code ...

SANS 2022 Cloud Security Survey, Chapter 4: Using IAM to Secure the Cloud

Blog Published: 03/20/2023

Originally published by Gigamon.Editor’s note: This post explores Chapter 4 of the SANS 2022 Cloud Security Survey. Read Chapter 1, Chapter 2, and Chapter 3.In its 2022 Cloud Security Survey, the SANS Institute offers valuable insights into how a representative set of organizations are meeting th...

Doubled-up and Disorganized DLP Strategies Leave Organizations Desiring Simpler Management

Blog Published: 03/17/2023

With the reduction and elimination of many traditional perimeters, the popularization of zero trust security strategies, and an increased attention on data breaches, an even greater focus has been placed on data security in recent years. For many organizations, data loss prevention (DLP) solution...

The DevOps Guide to Applying the Principle of Least Privilege in AWS

Blog Published: 03/17/2023

Originally published by Britive. Applying the principle of least privilege in AWS is vital to securing your DevOps workflows on the platform. Least privilege is a best practice that restricts access rights for users and entities to the minimum necessary to perform their tasks. When you implement ...

Shadow Access in Your Cloud

Blog Published: 03/16/2023

By Venkat Raghavan, Stack IdentityShadow Access is unauthorised, invisible, unsafe and generally over permissioned access that has grown along with cloud identities, apps and data. Today, identities, human and nonhuman are automatically created, along with access pathways to cloud data. Current t...

SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security

Blog Published: 03/16/2023

Originally published by CrowdStrike. In December 2022, CrowdStrike reported on a campaign by SCATTERED SPIDER, targeting organizations within the telecom and business process outsourcing (BPO) sectors with an end objective of gaining access to mobile carrier networks.In the weeks since that post,...

How CAASM Can Help with the New NYDFS Requirements

Blog Published: 03/16/2023

Originally published by Axonius. Written by Katie Teitler. In 2017, The New York Department of Financial Services (NYDFS) enacted its Cybersecurity Regulation designed to help the financial services entities under its purview improve their cyber defenses. The initial regulation outlined tacti...

How to Prepare for ISO/IEC 27001:2022

Blog Published: 03/15/2023

Originally published by Schellman.When it comes to ISO/IEC 27002:2022 recently, it felt a bit like a game of Red Light, Green Light—you know, the childhood game where everyone runs to the finish line upon Green Light being called, but you had to stop on a dime when you heard “Red Light!” and awai...

Three Ways DSPM Reduces the Risk of Data Breaches

Blog Published: 03/15/2023

Originally published by Sentra. The movement of more and more sensitive data to the cloud is driving a cloud data security gap – the chasm between the security of cloud infrastructure and the security of the data housed within it. This is one of the key drivers of the Data Security Posture Manage...

Nearly One Third of Organizations Are Struggling to Manage Cumbersome Data Loss Prevention (DLP) Environments, Cloud Security Alliance Finds

Press Release Published: 03/15/2023

New DLP survey reveals burden of legacy solution limitations and false positivesSEATTLE – March 15, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, t...

Why Your SOC Won’t Save You

Blog Published: 03/15/2023

Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO - EMEA, Zscaler. Are SOCs just the emperor’s new clothes?It’s sometimes suggested in this industry that a security operations center (SOC) is a sign of superior cybersecurity and business success. But is that really wisd...

Cloud-Native Development - Security Challenge or Opportunity?

Blog Published: 03/14/2023

Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Modern SDLC - Complex but manageable Cloud-native development and modern DevOps practices enable faster development cycles, high scalability, and smoother maintenance processes, yet, they also introduce ...

How to Protect Against SMS Phishing and Other Similar Attacks

Blog Published: 03/14/2023

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. Last year, cloud communications company Twilio announced that its internal systems were breached after attackers obtained employee credentials using an SMS phishing attack. Around the same t...

Is Your Digital Transformation Secure? How to Tell if Your Team is on the Right Path

Blog Published: 03/14/2023

Originally published by Google Cloud. Written by David Stone, Office of the CISO, and Anton Chuvakin, Security Solution Strategy, Google Cloud. In our Security Leaders Survival Guide, we answer the tough questions about how to weave security throughout your digital transformation Digital transfor...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.