Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
The Real Cost of Cryptomining: Adversarial Analysis of TeamTNT
Published: 03/06/2023

Originally published by Sysdig on November 16, 2022. Written by Nicholas Lang, Sysdig. TeamTNT is a notorious cloud-targeting threat actor, who generates the majority of their criminal profits through cryptojacking. Sysdig TRT attributed more than $8,100 worth of cryptocurrency to TeamTNT, which ...

How Global Conflicts Influenced Cyber Attack Behaviors
Published: 02/16/2023

Originally published by Sysdig. Written by Michael Clark, Sysdig. The conflict between Russia and Ukraine includes a cyberwarfare component with government-supported threat actors and civilian hacktivists taking sides.The goals of disrupting IT infrastructure and utilities have led to a 4-fold in...

The Discovery of a Massive Cryptomining Operation Leveraging GitHub Actions
Published: 01/18/2023

Originally published by Sysdig on October 25, 2022. Written by Crystal Morin, Sysdig. The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration ...

Web 3.0 Security Issues: What Your Company Needs to Know for 2023
Published: 11/22/2022

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. The world wide web had its first major shift when blogging and forum capabilities were added to web alongside the established collection of static company websites. The ability for anyone to add their own content to the web, tho...

2022 Threat Report: Cloud-Native Threats are Increasing and Maturing
Published: 11/04/2022

Originally published by Sysdig. Written by Michael Clark. Sysdig. The first annual cloud-native threat report from Sysdig explores some of the year’s most important security topics in the cloud. As the use of containers and cloud services keeps growing, threat actors are increasingly turning thei...

What Is a Feistel Cipher?
Published: 10/11/2022

Originally published by TokenEx here. Written by Valerie Hare, Content Marketing Specialist, TokenEx. Quick Hits: Feistel cipher is a design model designed to create different block ciphers, such as DES. The model uses substitution and permutation alternately. This cipher structure is based on th...

From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
Published: 08/09/2022

Originally published by SentinelOne here. Written by Tom Hegel, SentinelOne. Over the last month a crimeware group best known as 8220 Gang has expanded their botnet to roughly 30,000 hosts globally through the use of Linux and common cloud application vulnerabilities and poorly secured conf...

The Future of Cloud Security | 2022 and Beyond
Published: 07/21/2022

This blog was originally published by Check Point here.Written by Pete Nicoletti, Field CISO - Americas, Check Point Software.What will the future of cloud security look like? The crystal ball is cloudy when looking beyond a few years from now, but we can anticipate near-term trends! There are th...

How to Protect Your Crypto from Hackers
Published: 06/29/2022

This blog was originally published by TokenEx here.Written by Valerie Hare, Content Marketing Specialist, TokenEx.A McAfee report, "The Hidden Costs of Cybercrime," states that over $4 billion in cryptocurrency was stolen and nearly $1.4 billion was stolen in the first five months of 2020. While ...

Crypto Caper: How Cybercriminals Steal Crypto from Blockchain Networks
Published: 04/19/2022

This blog was originally published by TokenEx here. Written by Valerie Hare, TokenEx. In 2009, the first established cryptocurrency was born – Bitcoin. If you aren't familiar with cryptocurrency, it's an online currency with ledgers secured by encryption. Since those early years, digital currency...

What is a Security Token Offering (STO)?
Published: 04/07/2022

This blog was originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. An STO, also known as a Security Token Offering, is a digital token supported by blockchain technology that represents a stake in an asset. STOs enable digital funding, while still complying with government re...

NFT vs. Tokenization
Published: 02/23/2022

This blog was originally published by TokenEx here. Written by Valerie Hare, TokenEx. When it comes to tokens, there are a wide range of types and use cases. For instance, people researching NFTs often get search results for other types of tokens and related processes, such as tokenization. Even ...

The Future of Cryptocurrency
Published: 02/17/2022

This blog was originally published by VGS here. Written by Kenneth Geers, PhD, Information Security Analyst at VGS. In 2010, Laszlo Hanyecz paid 10,000 bitcoins for two pizzas. Today, with the price of bitcoin over over $40k, those same coins are worth nearly half a billion dollars. How could a s...

Blockchain Security and Legaltech
Published: 12/14/2021

Written by Sebastian Soriano, TRATO Since its inception, the blockchain technology has shown promising application prospects. With the rise of technology many industry players are now digitizing and integrating new technologies to ensure cybersecurity in transactions. Among all solutions, t...

Secure Distributed Ledger Technology Framework for Financial Institutes
Published: 08/03/2021

Last updated: February 25, 2022Distributed ledger technologies (DLT) introduce a multitude of value propositions for the financial services industry. The pace of innovation is aggressively picking up in use cases pertaining to finance such as digital assets, tokenization and cryptocurrency. Howev...

The Use of Blockchain in Healthcare: A Collaboration Between Two CSA Working Groups
Published: 08/02/2021
Author: Megan Theimer

The unique attributes of healthcare data make it a prime target for nefarious actors. Predictably, healthcare information is tightly regulated by privacy and security laws in the United States, the European Union and international rules governing cloud data storage. The data’s high value, coupled...

Detecting new crypto-mining attack targeting Kubeflow and TensorFlow
Published: 07/23/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, Security Researcher, SysdigMicrosoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments....

Can Blockchains Survive the Quantum Computer?
Published: 02/09/2021

Suppose you were asked to rank the most significant innovations in IT over the last few years. What would come to your mind? It is very likely that both blockchain and quantum technologies would come close to the top of your list.Blockchains promise the secure exchange of digital assets (such as ...

Rent to Pwn the Blockchain - 51% Attacks Made Easy
Published: 11/20/2020

By Kurt SeifriedThis article is not legal or investment advice. This article covers some aspects of 51% attacks (and 34% attacks and some other variations) in DeFi, and some potential solutions to prevent these attacks from succeeding. So where I say “51% Attack” I mean “all attacks where you get...

Why lions shouldn’t invest in DeFi Smart Contracts
Published: 11/02/2020

By Kurt Seifried, Chief Blockchain Officer at Cloud Security AllianceThis article is not legal or investment advice, it covers some aspects of front running in DeFi, and potential security solutions. This article also assumes you have a relatively deep understanding of the following Blockchain/DL...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

1
Last »