Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.
SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
Originally published by CrowdStrike. In December 2022, CrowdStrike reported on a campaign by SCATTERED SPIDER, targeting organizations within the telecom and business process outsourcing (BPO) sectors with an end objective of gaining access to mobile carrier networks.In the weeks since that post,...
OWASSRF: New Exploit Method Identified for Exchange Bypassing ProxyNotShell Mitigations
Originally published by CrowdStrike. CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autod...
Exposed Remote Desktop Protocol Actively Targeted by Threat Actors to Deploy Ransomware
Originally published by Cyble on December 2, 2022. Cyble Global Sensors Intelligence and Darkweb findings show TAs actively targeting RDP Cyble Research and Intelligence Labs (CRIL) discovered multiple ransomware groups targeting open Remote Desktop Protocol (RDP) ports. RDP allows users to acces...
5 Steps to Stop the Latest OpenSSL Vulnerabilities: CVE-2022-3602, CVE-2022-3786
Originally published by Sysdig. Written by Michael Clark, Sysdig. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786) on Oct. 25, which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was rele...
What Is Lockdown Mode for iOS and iPadOS and Why Should I Care?
Originally published by Lookout here.Written by Christoph Hebeisen, Director, Security Intelligence Research, Lookout.Apple recently announced a new feature in its upcoming iOS and iPadOS called Lockdown Mode. The aim is to protect users such as corporate executives, government officials, journal...
Are You Ready for a Slack Breach? 5 Ways to Minimize Potential Impact
Originally published by Mitiga here. Written by Ofer Maor, Co-Founder and Chief Technology Officer, Mitiga. TL; DRAs Slack becomes a dominant part of the infrastructure in your organization, it will become a target for attacks and at some point, it is likely to be breached (just like any other te...
Learning Not to Step on Lego: Blast Radius, Cloud Sprawl, and CNAPP
Originally published by CXO REvolutionaries here. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. Ever stepped on a Lego block? It hurts, doesn’t it!If not, imagine for a moment that it’s 2 a.m. and you’re navigating your way to the bathroom in the dark. Your child has ...
Writing Good Legislation is Hard
It’s hard to write good legislation. Recently H.R.7900 - National Defense Authorization Act for Fiscal Year 2023 came out. It includes the following text:At first glance, the intent seems reasonable. Vendors need to include an SBOM for their software and services, and any known vulnerabilities (a...
.jpg)
Zero-day Vulnerability Affecting the Microsoft Windows Support Diagnostic Tool (MSDT)
This blog was originally published by CrowdStrike here. Written by Dan Fernandez - Liviu Arsene, Endpoint & Cloud Security.On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT)The vulnerability, which is classified as a ...
Threat Activity Cluster #4: Strawberry with Sprinkles
This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. In the next edition of our ice cream activity cluster blog series, we’re shining the spotlight on another historic actor that undertook a significant remodeling of their tactics, ...
SynLapse – Technical Details for Critical Azure Synapse Vulnerability
This blog was originally published by Orca Security on June 14, 2022. Written by Tzah Pahima, Orca Security. One attack vector closed, additional hardening is recommended This blog describes the technical details of SynLapse, in continuation to our previous blog. We waited to publish until now in...
3 Vulnerability Management Challenges for SAP Applications (and How to Overcome Them)
This blog was originally published by Onapsis here.Written by Maaya Alagappan, Social Media and Content Strategist, Onapsis.Business-critical applications have never been more vulnerable. The increasing complexity and size of application environments, customization of individual apps, and growing...
Threat Activity Cluster #3: Strawberry
This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. The next flavor from the Alert Logic data set in the activity clustering series is Strawberry. Before diving into this activity cluster, be sure to read the series introduction ...
Runtime Protection: The Secret Weapon for Stopping Breaches in the Cloud
This blog was originally published by CrowdStrike here. Written by David Puzas, CrowdStrike. Mistakes are easy to make, but in the world of cloud computing, they aren’t always easy to find and remediate without help. Cloud misconfigurations are frequently cited as the most common causes of breach...
What is CEO Fraud Phishing?
This blog was originally published by TokenEx here.Written by Anni Burchfiel, Content Marketing Specialist, TokenEx.As companies bolster their security infrastructure and increase budgets to deflect growing cyber-attacks, hackers are attacking the weakest link: human error. Social engineering cyb...
.jpg)
cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)
This blog was originally published by CrowdStrike on March 15, 2022. Written by John Walker – Manoj Ahuje, CrowdStrike. CrowdStrike cloud security researchers discovered a new vulnerability (dubbed “cr8escape” and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O.CrowdStrike disc...
Spring4Shell: Another Vulnerability Showcases Need for More Secure Software Development
This blog was originally published by BlueVoyant here. In late March, a new remote code execution vulnerability known as Spring4Shell, or sometimes SpringShell, was announced. The vulnerability, tracked as CVE-2022-22965, is in the Spring Framework, a set of prewritten Java code to create sof...
For Fun – Aligning or Putting Music to the Varieties of Efforts, Tasks, Work Roles, and Functions in Cybersecurity
Produced by: Stan Mierzwa, M.S., CISSP, CCSK, Cloud Security Alliance NJ Chapter President Contributions by: Eliot Perez, Assistant Director Security, Transportation Industry and Cloud Security Alliance NJ Chapter Board Member Todd Edison, Chapter Relations Manager, Cloud Security Alliance ...
Security Advisory: Insufficient Tenant Separation in Azure Synapse Service
This blog was originally published by Orca Security on May 9, 2022. Written by Avi Shua, Orca Security. TL;DROrca Security is issuing this security advisory for CVE-2022-29972 to address hazards in the use of the Microsoft Azure Synapse service. We believe the tenant separation in this service is...
CVE-2022-23648 – Arbitrary Host File Access from Containers Launched by Containerd CRI and its Impact on Kubernetes
This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.