Improve Visibility in Cyberattacks with Cybersecurity Asset Management
Blog Published: 08/24/2022
Originally published by Axonius here. Written by Kathleen Ohlson, Axonius. Google issued three emergency security updates, in as many weeks, to all of its 3.2 billion users of its Chrome browser. One was for a high-severity zero-day vulnerability that attackers exploited. Okta’s platform experien...
Cloud Security is Broken but it Doesn’t Have to Be
Blog Published: 08/23/2022
Originally published by Dazz here. Written by Tomer Schwartz, Co-founder & CTO, Dazz. Continuous Delivery is Here to StayDevelopment is in the cloud in a big way. Modern engineering teams have built continuous integration pipelines, pulling together code repositories, continuous integration p...
Analyzing the Travis CI Attack and Exposure of Developer Secrets
Blog Published: 08/23/2022
Originally published by Open Raven here. Written by Michael Ness, Security Researcher, Open Raven. IntroductionThe Continuous Integration (CI) platform Travis CI was recently victim of a research based attack, where researchers from Aqua security were able to obtain approximately 73,000 sensitive...
Comments on the Extensible Visibility Reference Framework (eVRF) Program Guidebook
Blog Published: 08/23/2022
Originally published by Gigamon here. Written by Orlie Yaniv and Ian Farquhar, Gigamon. Editor’s note: Gigamon is very happy to see the CISA’s recent work on formalizing and structuring what visibility means and assessing its efficacy. As Zero Trust accelerates, visibility becomes a key focu...
Writing Good Legislation is Hard
Blog Published: 08/22/2022
It’s hard to write good legislation. Recently H.R.7900 - National Defense Authorization Act for Fiscal Year 2023 came out. It includes the following text:At first glance, the intent seems reasonable. Vendors need to include an SBOM for their software and services, and any known vulnerabilities (a...
The State of Cloud Data Security
Blog Published: 08/22/2022
We know that the cloud is ever growing in popularity, with new organizations undergoing their digital transformations each day. However, when it comes to security, particularly the security of our most sensitive data, are organizations keeping up with the pace of cloud adoption?To answer this que...
Tales from the Dark Web: How Tracking eCrime’s Underground Economy Improves Defenses
Blog Published: 08/22/2022
Originally published by CrowdStrike here. Written by Bart Lenaerts-Bergmans, CrowdStrike. Ransomware is not new; adversarial groups have relied on compromises for many years. However, over the past 2-3 years, their strategy has started to shift toward a more community based business model enabled...
Top Threat #3 to Cloud Computing: Misconfiguration and Inadequate Change Control
Blog Published: 08/22/2022
Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...
Using AI/ML to Create Better Security Detections
Blog Published: 08/19/2022
Originally published by LogicHub here. Written by Anthony Morris, Solution Architect, LogicHub. The blue-team challenge Ask any person who has interacted with a security operations center (SOC) and they will tell you that noisy detections (false positives) are one of the biggest challenges. There...
The CISOs Report: A Spotlight on Today’s Cybersecurity Challenges
Blog Published: 08/19/2022
Originally published by CXO REvolutionaries here. Written by Sean Cordero, CISO - Americas, Zscaler. New attacks and attack classes demand new solutions and strategies The swift evolution of IT infrastructures has made cybersecurity more challenging than ever for CISOs. They face a broader range ...
Zero Trust for Cloud-Native Workloads: Mitigating Future Log4j Incidents
Blog Published: 08/19/2022
Originally published by Tigera here. Written by Giri Radhakrishnan, Tigera. In my previous blog post, I introduced the brief history of zero trust, the core pillars of a zero-trust model, and how to build a zero-trust model for cloud-native workloads. In this blog post, you will learn how to miti...
An Introduction to CSA STAR and ISO 27001
Blog Published: 08/18/2022
Originally published by Schellman here. Written by Ryan Mackie, Schellman. When making decisions about the kind of compliance your organization needs, the process can be akin to creating an ice cream sundae (albeit, less fun). No doubt your customers and prospects want to see comprehensive assu...
Cyber Resilience – Lessons From Ukraine
Blog Published: 08/18/2022
Originally published by KPMG here. Written by David Ferbrache, Leadership, Global Head of Cyber Futures, KPMG in the UK. Alongside the tragic war in Ukraine, cyber-attacks have played their part, too. This complex and increasingly uncertain situation in cyberspace is driving many countries and or...
What Is Attestation of Compliance (AoC) and Why Does It Matter?
Blog Published: 08/18/2022
Originally published by TokenEx here. Written by Valerie Hare, Content Marketing Specialist, TokenEx.Did you know that a Verizon Payment Security Report found that only 27.9 percent of organizations achieved full compliance with PCI DSS during their validation process in 2019? The Payment Card In...
Cloud Key Management 101: Cryptographic Keys and Algorithms
Blog Published: 08/17/2022
The top cloud security threat in 2022 is insufficient identity, credential, access, and key management. Key Management Systems (KMS), including hardware security modules and other cryptographic tools, are commonly used to address this threat.While different KMS offerings provide varying capabilit...
Context Counts: How to Use Transfer Learning and Model-Aided Labeling to Train Data Tailored Models
Blog Published: 08/17/2022
Originally published by BigID here. Written by Itamar Zaltsman, BigID. Thanks to great advances and breakthroughs in the area of Natural Language Processing (NLP), we have access to a vast amount of ready to use Named Entity Recognition (NER) classifiers. These classifiers are available in many c...
Global Cybersecurity Experts Take the Stage at SECtember, Hosted by Cloud Security Alliance
Press Release Published: 08/17/2022
Event provides state-of-the-art perspective on cybersecurity threat vectors and solutions rooted in cloud computingSEATTLE – Aug. 17, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secu...
Can Ransomware Infect Encrypted Files?
Blog Published: 08/17/2022
Originally published by ShardSecure here. Written by Marc Blackmer, VP of Marketing, ShardSecure. By now, you likely know that ransomware has become a major concern for businesses and organizations across the globe. The European Union Agency for Cybersecurity (ENISA) noted a 150% rise in ransomwa...
Treating Healthcare’s Insider Threat
Blog Published: 08/16/2022
Originally published by Authomize here. Written by Gabriel Avner, Authomize. There’s an old joke about why bank robbers rob banks. Because that’s where the money is. Given the valuable assets under their care, banks, fintech, insurance, and other financial institutions have understood that they h...
Google Workspace - Log Insights to Your Threat Hunt
Blog Published: 08/16/2022
Originally published by Mitiga here. Written by Ariel Szarf and Lionel Saposnik, Mitiga. Google Workspace is a popular service for document collaboration for organizations and for individual users. Threat actors note that the popularity of this service has increased and search for ways to explo...