Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
“Ahhh, So That’s Why Everyone’s Talking About DSPM”

Blog Published: 12/06/2022

Originally published by Sentra. Written by Galia Nedvedovich, VP Marketing, Sentra. The most satisfying part of working at a startup in the hottest space in cybersecurity - cloud data security - is when I get to witness cloud security pros realize how Data Security Posture Management solves o...

’Tis the Season for eCrime

Blog Published: 12/05/2022

Originally published by CrowdStrike. Written by Bart Lenaerts-Bergmans, CrowdStrike. Financially motivated criminal activities, aka “eCrime,” happen in waves. They come and go as adversaries develop new tools and target vulnerable victims. Similar to how investors track stock market activity usin...

How To Understand Impact Through Asset Management and Threat Intelligence, Part 1

Blog Published: 12/05/2022

Originally published by Axonius. Written by Katie Teitler, Axonius. Cyber attack surface sprawl has become a top concern — and risk factor — for enterprise organizations. Even before the early 2020 mass exodus out of corporate offices, the proliferation of devices and device types touching corpor...

Social Engineering and VPN Access: The Making of a Modern Breach

Blog Published: 12/05/2022

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. In what seems to be a constant drip of headlines about large enterprises experiencing security incidents, the world most recently learned of a successful data infiltration of rideshare and de...

Top Threat #10 to Cloud Computing: Organized Crime, Hackers, and APT

Blog Published: 12/04/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

CISOs of the World, Unite!

Blog Published: 12/03/2022

This article represents personal commentary from CSA’s Chief Executive Officer Jim Reavis. I have been in the industry long enough to have observed the creation of the Chief Information Security Officer role and the journey to making this person a crucial part of our ecosystem. For almost all ...

Uber’s Internal Network Breach and Business-Critical SaaS Data Compromise

Blog Published: 12/02/2022

Originally published by DoControl on September 16, 2022. Written by Corey O'Connor, DoControl. Multiple sources have reported that Uber has become the next victim to a man-in-the-middle attack with social engineering and Multi-factor Authentication (MFA) compromise at its core. In this example, t...

Detecting and Mitigating CVE-2022-42889 a.k.a. Text4shell

Blog Published: 12/02/2022

Originally published by Sysdig. Written by Miguel Hernández, Sysdig. A new critical vulnerability CVE-2022-42889 a.k.a. Text4shell, similar to the old Spring4Shell and Log4Shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated a...

IBM Cost of a Data Breach 2022 – Highlights for Cloud Security Professionals

Blog Published: 12/02/2022

Originally published by Ermetic. Security professionals are constantly inundated with warnings about the potentially colossal impact of security threats and risks to their organization. But what is colossal in real currency? By understanding how much the cost of a data breach can impact one's org...

Altruism in Information Security, Part 2: Identifying Hurdles Along the Path

Blog Published: 12/01/2022

Originally published by Tentacle. Written by Matt Combs, Tentacle. Welcome back! If you’re joining me for the second part of this series, I’m assuming I didn’t turn you off with my optimistic and ‘rosy’ view of the Altruism-Information Security relationship. That, or you didn’t read Part 1 and ha...

Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets

Blog Published: 12/01/2022

Originally published by Mitiga. Written by Mitiga's Research Team. Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA, Microsoft Authenticator, and Microsoft 365 Identity Protectio...

Definitive Guide to Hybrid Clouds, Chapter 2: Exploring the Roles of NetOps, CloudOps, and SecOps

Blog Published: 12/01/2022

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon. This post explores Chapter 2 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1 and check back for future posts covering Chapters 3–7. As more organizations move forward with t...

‘Cyber Isolationism’ is Making CXOs’ Jobs More Complicated – And More Critical

Blog Published: 11/30/2022

Originally published by CXO REvolutionaries. Written by Simon Hodgkinson, former CISO, BP. Is globalization in decline? Put this question to a group of economists, diplomats, social scientists, or other specialists, and you’d likely kick off a long and spirited debate with representatives on both...

The Hidden Costs of Appliance-Based Models

Blog Published: 11/30/2022

Originally published by Netography. Written by Martin Roesch, Netography. In the network security game, deep packet inspection (DPI) technologies are primarily delivered on appliance-based architectures, an approach suffering from major evolutionary pressure due to pervasive network encryption an...

AXLocker, Octocrypt, And Alice: Leading A New Wave Of Ransomware Campaigns

Blog Published: 11/30/2022

Originally published by Cyble. AXLocker Ransomware Stealing Victim’s Discord Tokens Ransomware is one of the most critical cybersecurity problems on the internet and possibly the most powerful form of cybercrime plaguing organizations today. It has rapidly become one of the most important and pro...

Managing Operational Complexity in Multicloud Environments

Blog Published: 11/29/2022

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published on Forbes. With the benefits of cloud computing now clear, enterprises are racing to adopt cloud-based infrastructures.According to Synergy Research Group, spending on cloud computing exceeded spendi...

Preventing Hyperjacking in a Virtual Environment

Blog Published: 11/29/2022

Originally published by Entrust. Written by Iain Beveridge and Dave Stevens, Entrust. In the rapidly evolving world of information security, attack vectors, and cyberattacks, there is a regular cadence of new industry terms to grapple with. Hyperjacking is a term you may not have come across. It ...

How to Get CMMC Certified

Blog Published: 11/29/2022

Originally published by Schellman. Written by Todd Connor, Senior Associate, Schellman.For those of you considering CMMC, this new certification affecting contractors in the Defense Industrial Base (DIB) defines three levels—your level of certification will depend on the types of DoD information ...

4 Important Compliance Management Tasks for Startups

Blog Published: 11/28/2022

Originally published by A-LIGN. The ongoing increase in cyberattacks has emphasized the importance of cybersecurity and compliance management, especially for startups still gaining market share. As startups work to win new customers, they may have to overcome a prospect’s fears that as an organiz...

Password Hash Cracking, User Cloning, and User Impersonation: Three Risks Every SAP Customer Should Know

Blog Published: 11/28/2022

Originally published by Onapsis. Written by Thomas Fritsch, Onapsis. The easiest (and a significantly profitable) way for attackers to get into a system is logging in with valid user credentials. According to a recent report, breaches that are caused by stolen or compromised credentials are not o...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
64
65
66
68
70
71
72
Last »