Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
How to Leverage the NIST Framework for a More Effective SAP Security Strategy
Published: 09/13/2022

Originally published by Onapsis here.Business applications like SAP are responsible for running the enterprise, powering operations and fueling the global economy. Considering 77% of the world’s transactional revenue touches an SAP system and 92% of the Forbes Global 2000 uses SAP, a successful a...

Why Securing Internet-Facing Applications is Challenging in a Kubernetes Environment
Published: 09/08/2022

Originally published by Tigera here. Written by Ratan Tipirneni, Tigera. Internet-facing applications are some of the most targeted workloads by threat actors. Securing this type of application is a must in order to protect your network, but this task is more complex in Kubernetes than in traditi...

Rise of Cloud Computing Adoption and Cybercrimes
Published: 08/24/2022

Originally published by HCL Technologies here.Written by Sam Thommandru, VP, Global Alliances and Product Management, Cybersecurity & GRC Services, HCL Technologies. The COVID-19 pandemic has caused a major disruption in the business leaders’ perspectives of their company’s’ requirements. A surve...

Securing Australia's Critical Infrastructure
Published: 08/24/2022

Originally published by Onapsis here. For more than a decade, cyberattacks on critical infrastructure have been growing as core systems, like power generation and distribution, have become more complex and reliant on networks of connected devices. In fact, over the past 18 months, we’ve seen a ra...

Writing Good Legislation is Hard
Published: 08/22/2022
Author: Kurt Seifried

It’s hard to write good legislation. Recently H.R.7900 - National Defense Authorization Act for Fiscal Year 2023 came out. It includes the following text:At first glance, the intent seems reasonable. Vendors need to include an SBOM for their software and services, and any known vulnerabilities (a...

Zero Trust for Cloud-Native Workloads: Mitigating Future Log4j Incidents
Published: 08/19/2022

Originally published by Tigera here. Written by Giri Radhakrishnan, Tigera. In my previous blog post, I introduced the brief history of zero trust, the core pillars of a zero-trust model, and how to build a zero-trust model for cloud-native workloads. In this blog post, you will learn how to miti...

Google Workspace - Log Insights to Your Threat Hunt
Published: 08/16/2022

Originally published by Mitiga here. Written by Ariel Szarf and Lionel Saposnik, Mitiga. Google Workspace is a popular service for document collaboration for organizations and for individual users. Threat actors note that the popularity of this service has increased and search for ways to exp...

Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Published: 08/11/2022

Originally published by CrowdStrike here. Written by Marina Simakov, CrowdStrike. Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. The PetitPotam vulnerability, combined with AD-CS relay, is one of the recent sev...

From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
Published: 08/09/2022

Originally published by SentinelOne here. Written by Tom Hegel, SentinelOne. Over the last month a crimeware group best known as 8220 Gang has expanded their botnet to roughly 30,000 hosts globally through the use of Linux and common cloud application vulnerabilities and poorly secured conf...

The Call Is Coming from Inside the House: Novel Exploit in VOIP Appliance
Published: 08/04/2022

Originally published by CrowdStrike here. Written by Patrick Bennett, CrowdStrike. CrowdStrike Services recently performed an investigation that identified a compromised Mitel VOIP appliance as the threat actor’s entry point. The threat actor performed a novel remote code execution exploit on the...

Cyber Considerations From the Conflict in Ukraine
Published: 08/03/2022

Originally published by KPMG here.After months and weeks of tension, the Russian government’s invasion of Ukraine has elevated concerns for cyber security incidents and the resilience of critical business functions, amongst international organizations. Beyond protecting their employees and suppor...

Okta Customers Exposed to Risk of Password Theft and Impersonation in PassBleed Attacks
Published: 08/02/2022

Originally published by Authomize here. Written by Gabriel Avner, Authomize. Authomize’s Security Research Lab has uncovered a set of inherent risks in the popular Identity Provider Okta that put users at risk of potential compromise and exploitation. According to Authomize’s CTO and Co-foun...

Should You Outsource or Manage Security In-House?
Published: 07/29/2022

This blog was originally published by LogicHub here.Written by Willy Leichter, Chief Marketing Officer, LogicHub.Cybersecurity professionals Colin Henderson and Ray Espinoza share their take on in-house versus outsourced threat detection and response.Your in-house team has the context necessary t...

Why Penetration Testing Is the First Step to Better Prepare for Hacks
Published: 07/28/2022

Originally published by A-LIGN here. Written by Joseph Cortese, Technical Knowledge Leader and Research and Development Director, A-LIGN. The threat landscape is in a constant state of evolution. What may have been a best practice a year ago to help protect your organization against cyber thr...

9 Questions You Should Ask About Your Cloud Security
Published: 07/25/2022

Originally published on Fugue’s blog on May 13, 2022. Written by Josh Stella, Chief Architect, Snyk and Co Founder, Fugue. In order for business leaders and cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and ap...

Threat Activity Cluster #5: Pistachio
Published: 07/22/2022

This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. The ice cream blog series continues by documenting another activity cluster first observed in our dataset in 2019. This threat cluster has been well documented in the security communi...

Cloud Data Protection
Published: 07/21/2022

Written by Luigi Belvivere, Elena Minghelli, and Sara Frati of NTT DATA. IntroductionIn the digital era and its digital transition, business and institutions have clearly understood that a robust cloud security is essential. It is well known that security threats evolve in parallel with the evol...

An Introduction to Cloud Security for Infosec Professionals
Published: 07/15/2022

Originally published on Fugue’s website. Written by Richard Park, Chief Product officer, Fugue / Senior Director Product Management, Snyk. As someone who has spent a long time in network and endpoint security then moved to cloud security, I can sympathize with people with security backgrounds...

Gatekeepers to Gateopeners
Published: 07/07/2022

This blog was originally published by Laminar here. Written by Amit Shaked, Laminar. The past couple of years have been tragic and challenging as the world responded to COVID-19. One positive side effect of the pandemic however, has been the positive momentum of digital transformation, and the sh...

Zero-day Vulnerability Affecting the Microsoft Windows Support Diagnostic Tool (MSDT)
Published: 07/07/2022

This blog was originally published by CrowdStrike here. Written by Dan Fernandez - Liviu Arsene, Endpoint & Cloud Security.On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT)The vulnerability, which is classified as a ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.