Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Detecting new crypto-mining attack targeting Kubeflow and TensorFlow
Published: 07/23/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, Security Researcher, SysdigMicrosoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments....

Got Vulnerability? Cloud Security Alliance Wants to Identify It
Published: 07/15/2021
Author: Jim Reavis

I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry as we have to be careful that we d...

Top 10 Linux Server Hardening and Security Best Practices
Published: 06/28/2021

This blog was originally published by Intezer here.If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from bad actors.Linux server hardening is a set of measures used to reduce the attack surface and improve the security of your ...

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass
Published: 06/22/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, SysdigThe CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates.The kube-apiserver affected are:kube-a...

Security Spotlight: Ransomware Woes Continue Even As DarkSide Shuts Down After Claiming Multiple Victims
Published: 06/15/2021

This blog was originally published by Bitglass hereWritten by Jeff Birnbaum, BitglassHere are the top security stories from recent weeks. DarkSide Ransomware Operations Shut Down Colonial Pipeline Pays $5 Million Ransomware Demand After DarkSide Ransomware AttackChemical Distributor Brenntag Pays...

7 Simple but effective tactics to protect your website against DDoS attacks in 2021
Published: 06/04/2021

Written by Tars Geerts, from Mlytics Intro Experts believe that the total number of DDoS attacks will double from the 7.9 million seen in 2018 to over 15 million by 2023. One of the reasons for this significant increase is that DDoS attacks are quite easy to pull off, making them very appeali...

President Biden’s Cybersecurity Executive Order: What will it mean for you?
Published: 06/01/2021

This blog was originally published by OneTrust here.On May 12, US President Joe Biden issued an executive order on cybersecurity seeking to improve the state of national cybersecurity in the US and to increase protection of government networks following incidents involving SolarWinds and more rec...

With Great Power Comes Great Responsibility: The Challenge of Managing Healthcare Data in the Cloud
Published: 05/26/2021

By Jon Moore, MS, JD, HCISSP, Chief Risk Officer and Head of Consulting Services, Clearwater Seeking flexibility, scalability, and cost savings, an increasing number of healthcare organizations are moving systems and data to the Cloud. This trend is accelerating, fueled by increased adoption of ...

Cloud lateral movement: Breaking in through a vulnerable container
Published: 05/25/2021

This blog was originally published by Sysdig hereWritten By Stefano Chierici, SysdigLateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach?What often happens in famous attacks to Cloud environment...

Application Security is Getting Worse, not Better
Published: 05/19/2021

This blog was originally published by CyberCrypt here.There’s an app for everything, and hackers and thieves are taking advantage. What are enterprises doing about it? Not enough.Web and mobile application use has exploded in recent years as businesses have digitized and moved more of their opera...

Unified threat detection for AWS cloud and containers
Published: 05/17/2021

This blog was originally published by Sysdig here.Written by Vicente Herrera García, SysdigImplementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, c...

Understanding the OWASP API Security Top 10
Published: 05/11/2021

By Sekhar Chintaginjala (This blog originally appeared on CloudVector) As organizations embrace digital transformation initiatives, they are increasingly consuming and exposing APIs that increase their risk surface. The OWASP API Security Top 10 focuses on the strategies and solutions to un...

Security Spotlight: US Government Agencies Take Action Against Exchange Vulnerabilities and Social Media Giants Leak Data
Published: 05/10/2021

This article was originally published by Bitglass hereWritten by Jeff Birnbaum, BitglassHere are the top security stories from recent weeks. FBI Removes Web Shells from Compromised Exchange Servers Without Notifying OwnersCISA Requires Federal Agencies to Patch Exchange Servers for Vulnerabilitie...

How to avoid the biggest mistakes with your SaaS security
Published: 02/08/2021

This blog was originally published on Wandera.comWritten by Alex Powell at WanderaThe biggest mistakes in SaaS securityThe popularity of SaaS applications for businesses continues to grow with 95% of businesses hosting sensitive information in the cloud. Traditional security models and boundary-f...

Google Report Highlights Malware Targeting Browser Vulnerabilities
Published: 01/25/2021

By Nick Kael, CTO at EricomThe browser is the targetLast week, Google’s Project Zero exploit research team published reports detailing a sophisticated cyber operation that targeted vulnerabilities in Chrome and Windows, installing malware to exploit weaknesses in the browser and operating system...

Five Actions to Mitigate the Financial Damage of Ransomware
Published: 10/30/2020

By Eran Farajun, Executive Vice President at Asigra, Inc.Ransomware attacks have become a regular occurrence for organizations today, with events that are increasingly targeted, sophisticated, and costly. According to recent reports by the Federal Bureau of Investigation[1], cybercriminals are ta...

How secure are your SaaS applications?
Published: 10/19/2020

Written by Ian Sharpe, Product Leader at AppOmni The dynamic nature of protecting the enterprise technology stack has always been a challenge for security teams. The complexities of this year, however, have forced teams to consider a new set of paradigms and additional risks given the abrupt shif...

How Hackers Changed Strategy with Cloud
Published: 07/21/2020

By Drew Wright, Co-Founder of FugueOriginally published June 30, 2020 on https://www.fugue.co/blogIf you’re running a workload in the cloud, take a moment to look at the activity logs for your public-facing resources. There’s bad guys there, and they’re probing your cloud infrastructure looking f...

Abusing Privilege Escalation in Salesforce Using APEX
Published: 07/16/2020

By Nitay Bachrach, Senior Security Researcher, PolyrizeThis article describes in detail a Salesforce privilege escalation scenario whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that so...

3 Big Amazon S3 Vulnerabilities You May Be Missing
Published: 06/18/2020

By Drew Wright, Co-Founder Fugue, Inc. When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reli...

Browse by Topic
Write for the CSA blog
Submit your blog proposal