Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
How to Protect Against SMS Phishing and Other Similar Attacks
Published: 03/14/2023

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. Last year, cloud communications company Twilio announced that its internal systems were breached after attackers obtained employee credentials using an SMS phishing attack. Around the same t...

Zoom Users At Risk In Latest Malware Campaign
Published: 03/07/2023

Originally published by Cyble on January 5, 2023. Modified Zoom App Employed In Phishing Attack To Deliver IcedID Malware Zoom is a video conferencing and online meeting platform that allows users to host virtual meetings, webinars, and video conference calls. It is available on various devices, ...

A Closer Look at BlackMagic Ransomware
Published: 02/21/2023

Originally published by Cyble on December 7, 2022. New Ransomware disrupting Transportation and Logistics Industry in Israel During a routine threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) came across a new ransomware group named “BlackMagic” ransomware. This ransomware gro...

Is Breach Fatigue the New Norm?
Published: 02/21/2023

Originally published by CXO REvolutionaries. Written by Erik Hart, Global CISO, Cushman & Wakefield. How numb is the public to security failures? One of the trickiest security topics involves the shifting relationship between security and privacy. Twenty years ago, people saw these areas as funda...

How Global Conflicts Influenced Cyber Attack Behaviors
Published: 02/16/2023

Originally published by Sysdig. Written by Michael Clark, Sysdig. The conflict between Russia and Ukraine includes a cyberwarfare component with government-supported threat actors and civilian hacktivists taking sides.The goals of disrupting IT infrastructure and utilities have led to a 4-fold in...

What You Need to Know About the Daixin Team Ransomware Group
Published: 02/15/2023

Originally published by Titaniam. Ransomware attacks are common and becoming more creative. However, as attackers evolve, so do their decisions of targets and methodology. As of October 2022, the FBI’s Internet Crime Complaint Center (IC3) holds victim reports across all 16 critical infrastructu...

Beyond BEC: How Modern Phishing Has Evolved Past Email
Published: 02/02/2023

Originally published by Lookout. Written by Hank Schless, Lookout. Business email compromise (BEC) is big business for malicious actors. According to the 2021 FBI Internet Crime Report, BEC was responsible for nearly $2.4 billion in cyber crime losses in 2021. At its root, it’s a type of ph...

Reframing Password Management: What We Learned from the LastPass Breach
Published: 02/02/2023

Originally published by BARR Advisory. In August of 2022, LastPass, the cloud-based password saver, was breached as bad actors stole information that would eventually lead them to access a copy of the data vaults of tens of thousands of customers. When the firm was hacked for a second time in Nov...

Protect Your Organization from BlackCat Ransomware Attacks
Published: 01/18/2023

Originally published by Titaniam. Where there is value for organizations online, there will be a cybercriminal ready with a ransomware attack to exploit it. Since they first emerged in December of 2021, BlackCat Ransomware has become another example of a ring of cybercriminals who practice the mo...

The Discovery of a Massive Cryptomining Operation Leveraging GitHub Actions
Published: 01/18/2023

Originally published by Sysdig on October 25, 2022. Written by Crystal Morin, Sysdig. The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration ...

Could Double Extortion Prompt a Public Health Crisis?
Published: 01/05/2023

Originally published by CXO REvolutionaries on November 15, 2022. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Ransomware actors targeting Australia’s most prominent healthcare insurer have taken the gloves off. After Medibank refused to pay a ransom for the return of data bel...

Combat Attacks Where They Most Often Start: Applications
Published: 01/04/2023

Originally published by TrueFort. Written by Mike Powers, TrueFort. The application environment is one of the most targeted among cyber criminals and has reached a point where organizations can no longer pose the question of “if” there will be an attack on, but “when” there is an attack. The atta...

How to Prevent Account Takeover Fraud
Published: 12/29/2022

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits:Account takeover fraud is the most popular kind of cyberattack for hackers looking to make a large sum of money quickly.Businesses affected by account takeover attacks (ATOs) often lose large numbers of customers due ...

Punisher Ransomware Spreading Through Fake COVID Site
Published: 12/22/2022

Originally published by Cyble on November 25, 2022. New Variant Of Ransomware Targeting Chile Most organizations experienced an increase in cyber-attacks during the COVID-19 pandemic. Threat Actors (TAs) leveraged the COVID-19 pandemic as a thematic lure to infect users with different malware fam...

Top Threat #11 to Cloud Computing: Cloud Storage Data Exfiltration
Published: 12/18/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

The Top Cloud Computing Risk Treatment Options
Published: 12/17/2022
Author: Megan Theimer

Cloud threats pose great harm to organizations’ business objectives. Storage, compute, and even network services have been subjected to nefarious attacks. Since cloud compliance and security is a shared responsibility, every organization should collaborate with their cloud service providers to im...

New Kiss-a-Dog Cryptojacking Campaign Targets Vulnerable Docker and Kubernetes Infrastructure
Published: 12/09/2022

Originally published by CrowdStrike on October 26, 2022. Written by Manoj Ahuje, CrowdStrike. CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “...

’Tis the Season for eCrime
Published: 12/05/2022

Originally published by CrowdStrike. Written by Bart Lenaerts-Bergmans, CrowdStrike. Financially motivated criminal activities, aka “eCrime,” happen in waves. They come and go as adversaries develop new tools and target vulnerable victims. Similar to how investors track stock market activity usin...

Top Threat #10 to Cloud Computing: Organized Crime, Hackers, and APT
Published: 12/04/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

Uber’s Internal Network Breach and Business-Critical SaaS Data Compromise
Published: 12/02/2022

Originally published by DoControl on September 16, 2022. Written by Corey O'Connor, DoControl. Multiple sources have reported that Uber has become the next victim to a man-in-the-middle attack with social engineering and Multi-factor Authentication (MFA) compromise at its core. In this example, t...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

1
3
4
5
Last »