Cloud 101
Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
’Tis the Season for eCrime
Published: 12/05/2022

Originally published by CrowdStrike. Written by Bart Lenaerts-Bergmans, CrowdStrike. Financially motivated criminal activities, aka “eCrime,” happen in waves. They come and go as adversaries develop new tools and target vulnerable victims. Similar to how investors track stock market activity usin...

Top Threat #10 to Cloud Computing: Organized Crime, Hackers, and APT
Published: 12/04/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

Uber’s Internal Network Breach and Business-Critical SaaS Data Compromise
Published: 12/02/2022

Originally published by DoControl on September 16, 2022. Written by Corey O'Connor, DoControl. Multiple sources have reported that Uber has become the next victim to a man-in-the-middle attack with social engineering and Multi-factor Authentication (MFA) compromise at its core. In this example, t...

Detecting and Mitigating CVE-2022-42889 a.k.a. Text4shell
Published: 12/02/2022

Originally published by Sysdig. Written by Miguel Hernández, Sysdig. A new critical vulnerability CVE-2022-42889 a.k.a. Text4shell, similar to the old Spring4Shell and Log4Shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated...

Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets
Published: 12/01/2022

Originally published by Mitiga. Written by Mitiga's Research Team. Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA, Microsoft Authenticator, and Microsoft 365 Identity Protectio...

AXLocker, Octocrypt, And Alice: Leading A New Wave Of Ransomware Campaigns
Published: 11/30/2022

Originally published by Cyble. AXLocker Ransomware Stealing Victim’s Discord Tokens Ransomware is one of the most critical cybersecurity problems on the internet and possibly the most powerful form of cybercrime plaguing organizations today. It has rapidly become one of the most important and pro...

Preventing Hyperjacking in a Virtual Environment
Published: 11/29/2022

Originally published by Entrust. Written by Iain Beveridge and Dave Stevens, Entrust. In the rapidly evolving world of information security, attack vectors, and cyberattacks, there is a regular cadence of new industry terms to grapple with. Hyperjacking is a term you may not have come across. It ...

Password Hash Cracking, User Cloning, and User Impersonation: Three Risks Every SAP Customer Should Know
Published: 11/28/2022

Originally published by Onapsis. Written by Thomas Fritsch, Onapsis. The easiest (and a significantly profitable) way for attackers to get into a system is logging in with valid user credentials. According to a recent report, breaches that are caused by stolen or compromised credentials are not o...

Top Threat #9 to Cloud Computing: Misconfiguration and Exploitation of Serverless and Container Workloads
Published: 11/20/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

The Anatomy of Wiper Malware, Part 4: Less Common “Helper” Techniques
Published: 11/16/2022

Originally published by CrowdStrike. Written by Ioan Iacob and Iulian Madalin Ionita, CrowdStrike. In Part 3, a leading Endpoint Protection Content Research Team covered the finer points of Input/Output Control (IOCTL) usage by various wipers. The fourth and final part of the wiper series covers...

Top Threat #8 to Cloud Computing: Accidental Cloud Data Disclosure
Published: 11/13/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

The Anatomy of Wiper Malware, Part 3: Input/Output Controls
Published: 11/09/2022

Originally published by CrowdStrike. Written by Ioan Iacob and Iulian Madalin Ionita, CrowdStrike. In Part 1 of this four-part blog series examining wiper malware, an Endpoint Protection Content Research Team introduced the topic of wipers, reviewed their recent history and presented common adver...

Top Threat #7 to Cloud Computing: System Vulnerabilities
Published: 11/06/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

How to Combat Insider Threats to Critical Data
Published: 11/03/2022

Originally published by TrueFort. Written by Matt Hathaway, TrueFort. Malicious cyber attackers have had unprecedented success in the past few years, but their attacks often rely on tricking or exploiting people inside an organization. Employees, software developers, partners, and even executives...

How to Contain Breaches in the Cloud
Published: 11/02/2022

Written by PJ Kirner, CTO and Co-Founder, Illumio. Hyperconnectivity, hybrid work and an increasingly distributed enterprise have all caused the modern attack surface to explode. In the past 2 years alone, 76 percent of organizations have been attacked by ransomware and 66 percent have experien...

What Lawyers Need to Do to Defend Their Clients and Themselves from Cyber Risk
Published: 11/02/2022

Originally published by Ericom. Written by Nick Kael, CTO, Ericom. Absolute trust is the essential basis of the relationship between law firms and their clients. Lawyers steer clients through complex and often sensitive personal and business situations, helping them navigate difficult issues to g...

Top Threat #6 to Cloud Computing: Unsecure Third-Party Resources
Published: 10/30/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

All Eyes on Cloud | Why the Cloud Surface Attracts Attacks
Published: 10/28/2022

Originally published by SentinelOne here. Cloud environments have seen a meteoric rise in the past decade. What began as means of data storage has now become a full-scale computing platform, enabling a global shift in how businesses share, store, optimize, and manage information. However, threat ...

Traditional Data Security Tools Fail at 60% Rate
Published: 10/24/2022

Written by Titaniam. Titaniam’s ‘State of Data Exfiltration & Extortion Report’ shows that organizations may be less protected from security threats than they believe. Ransomware is becoming more and more about extortion, and current data loss prevention tactics aren’t measuring up to the challen...

Responding to and Recovering from a Ransomware Attack
Published: 10/22/2022
Author: Megan Theimer

Thanks to Dr. Jim Angle, Michael Roza, and Vince Campitelli After learning what ransomware is, how to protect your organization against it, and how to detect it, it’s time to learn how to respond and recover if a ransomware attack occurs. In this blog, we’ll explain how to mitigate and contain a ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.