What is a Security Token Offering (STO)?
Blog Published: 04/07/2022
This blog was originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. An STO, also known as a Security Token Offering, is a digital token supported by blockchain technology that represents a stake in an asset. STOs enable digital funding, while still complying with government re...
CVE-2022-23648 – Arbitrary Host File Access from Containers Launched by Containerd CRI and its Impact on Kubernetes
Blog Published: 04/06/2022
This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While gen...
Drawing the RedLine - Insider Threats in Cybersecurity
Blog Published: 04/06/2022
This blog was originally published by LogicHub here. Written by Tessa Mishoe, LogicHub. RedLine Password Theft MalwareThe RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Though Microsoft didn’t offer many officially released details on what occurred,...
Covering Your Assets: 5 Most Common Questions About Cyber Asset Management
Blog Published: 04/05/2022
This blog was originally published by JupiterOne here. Written by Jennie Duong, JupiterOne. The cybersecurity forecast for 2022: More of the same—only worse. Yes, the sophistication of cyberattacks is growing by the minute. Unfortunately, so are the rewards for ransomware and stolen data. But a n...
Glenn Gerstell, Former General Counsel of the U.S. National Security Agency, to Address Attendees at Cloud Security Alliance’s SECtember
Press Release Published: 04/05/2022
Digital and cybersecurity industry expert and thought leader Jim Routh and Norma Krayem, preeminent cybersecurity and data privacy expert, will be featured speakersSEATTLE – April 5, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certif...
3 Ways To Secure SAP SuccessFactors And Stay Compliant
Blog Published: 04/04/2022
This blog was originally published by Lookout here. Written by Steve Banda, Senior Manager, Security Solutions, Lookout. The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are...
What is Quantum Computing? Why Should I Be Concerned?
Blog Published: 04/02/2022
Written by the CSA Quantum-Safe Security Working Group What is quantum mechanics? Quantum mechanics/physics is a long-proven physical science that describes actions and properties of very small particles. Everything in the universe works and depends on quantum mechanics. It’s how the world works....
Zero Trust as a Framework for Fighting Back Against Cyberwarfare
Blog Published: 04/01/2022
This blog was originally published by CXO REvolutionaries here. Written by Howard Sherrington, Director of Transformation Strategy, Zscaler. Russia's ongoing and unfortunate invasion of Ukraine has captured headlines for its cyber dimension as well as its physical one. The breadth of cyber operat...
Cloud Threats: What Business Executives Need to Know Right Now
Blog Published: 03/31/2022
This blog was originally published on fugue.co on February 4, 2022. Written by Josh Stella, Fugue. Read the first blog in this series here and the second blog here. The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a h...
The End of AWS Keys in Slack Channels
Blog Published: 03/31/2022
This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the work...
What Is Compliance as Code? Benefits, Use Cases and Tools
Blog Published: 03/31/2022
This blog was originally published by Contino here. Written by Josh Armitage, Contino. Being compliant in today’s cloud-first world of rapid innovation is a ubiquitous challenge affecting startups and enterprises alike.Enforcing sets of controls, such as acceptable data storage locations and acce...
Handling the Challenge of Model Drift in Data Lakes
Blog Published: 03/30/2022
Written by Dr. Nathan Green, Marymount University and Oliver Forbes, NTT DATA One of the most constant and evolving characteristics of the sharing of information, is data in its readable form and its various models of consumption. Machine learning is an impactful tool of analysis that plays a...
Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
Blog Published: 03/30/2022
This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability they ...
A Whole New World for PCI DSS
Blog Published: 03/30/2022
This blog was originally published by PKWARE on November 23, 2021. As we know, the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 guidelines are coming out in Q1 of next year, with some predicting a March timeframe for its release based on previous releases. The last time PCI came...
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
Blog Published: 03/29/2022
This blog was originally published by Orca Security here. Written by Yanir Tsarimi, Orca Security. AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over res...
When Ransomware and Your Data Move to the Cloud, How to Strengthen Protection
Blog Published: 03/29/2022
Written by ShardSecure Ransomware has been a serious threat for quite some time. But over the last two years it has captured the lion’s share of attention from enterprises, government agencies, and law enforcement as it now presents an increased globalized threat. A February 9, 2022, alert from ...
Anchore to Contribute Grype Open Source Vulnerability Data to the Global Security Database
Press Release Published: 03/29/2022
Contribution of Grype vulnerability data will advance software vulnerability intelligence and empower users of the Global Security Database to create secure softwareSEATTLE - March 29, 2022 - Today the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards...
When It Comes to SaaS Security, Ignorance is Not Bliss for Corporate Leadership
Blog Published: 03/29/2022
Written by Brendan O’Connor, CEO and Co-Founder of AppOmni Organizations are increasingly moving their data to SaaS platforms. But while companies are racing to adopt SaaS, many haven’t yet put the tools and processes in place to protect their SaaS data, leaving it vulnerable in the cloud. It...
Kubernetes for Beginners – A Step-by-Step Guide
Blog Published: 03/28/2022
This blog was originally published by Vulcan Cyber here. Written by Natalie Kriheli, Vulcan Cyber. For beginners, Kubernetes can seem pretty daunting. It offers a feature-rich, flexible, and extensible platform, but the downside is that Kubernetes security can be quite challenging. Any misconfigu...
Data Discovery: A Means to an End or an End to a Means?
Blog Published: 03/28/2022
This blog was originally published by BigID here. Written by Alan Dayley, BigID. When it comes to data management and data governance, “data discovery” has historically been a vague term. Is it simply the ability to connect and create an inventory of an enterprise’s data assets — or is there more...
