Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
On the Criticality of SDLC Context for Vulnerability Remediation
Published: 01/25/2023

Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of how that risk en...

DuckLogs – New Malware Strain Spotted In The Wild
Published: 01/19/2023

Originally published by Cyble.Malware-As-A-Service Provides Sophisticated Features To Threat Actors Cyble Research and Intelligence Labs (CRIL) has been continuously monitoring malware families that are new and active in the wild. Recently, CRIL observed a new malware strain named DuckLogs, which...

The Discovery of a Massive Cryptomining Operation Leveraging GitHub Actions
Published: 01/18/2023

Originally published by Sysdig on October 25, 2022. Written by Crystal Morin, Sysdig. The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration ...

Mitigating Controls for Cloud-Native Applications: Why You Need Them
Published: 01/17/2023

Originally published by Tigera. Written by Phil DiCorpo, Tigera. Fixing vulnerabilities can be hard—especially so for cloud-native applications. Let’s take a deeper look at why this is, and how mitigating controls can help secure your cloud-native applications.Vulnerabilities are like earthquakes...

The Service Account Security Problem
Published: 01/17/2023

Originally published by TrueFort. Written by Matt Hathaway, TrueFort. For a modern-day cyber attacker, initial access to an application is more than half the battle. With it, they are free to pursue their objectives, which likely include moving about freely to find data to sell or hold for ransom...

6 Tips for Understanding 3rd-Party Risk in the Cloud
Published: 01/11/2023

Originally published by Ermetic. If you’re like most modern organizations, you rely on third parties to help you run and grow your business. Yet the vendors, partners and suppliers that make up your supply chain are also a significant component of your cloud environment attack surface.While you c...

Who Stole My Cookies? XSS Vulnerability in Microsoft Azure Functions
Published: 01/11/2023

Originally published by Pentera. Written by Uriel Gabay, Pentera. Purpose Learn how Pentera’s research team discovered a web XSS vulnerability in Azure Functions and determined its exploitability. The vulnerability was reported and fixed by Microsoft. Executive summary Cloud-based services ...

Combat Attacks Where They Most Often Start: Applications
Published: 01/04/2023

Originally published by TrueFort. Written by Mike Powers, TrueFort. The application environment is one of the most targeted among cyber criminals and has reached a point where organizations can no longer pose the question of “if” there will be an attack on, but “when” there is an attack. The atta...

5 Critical Cybersecurity Updates Forecasted for 2023
Published: 12/23/2022

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. As cyberattacks become increasingly common in today’s global environment, government agencies are looking at applying minimum cybersecurity guidelines across several new sectors as the year comes to a close. The f...

Top Threat #11 to Cloud Computing: Cloud Storage Data Exfiltration
Published: 12/18/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

Unpatched ERP Vulnerabilities Haunt Organizations
Published: 12/12/2022

Originally published by Onapsis. The challenge of how to identify vulnerabilities, prioritize patches, and prevent cyberattacks targeting business-critical Enterprise Resource Planning (ERP) data and systems is keeping cybersecurity professionals up at night. Don’t let unpatched ERP vulnerabili...

The Four Horsemen of Network Security
Published: 12/09/2022

Originally published by Netography. Written by Martin Roesch, CEO, Netography. One of the fundamental organizing principles for network security is that we have four fundamental things to secure—users, applications, data, and devices. I sometimes jokingly refer to them as the four horsemen of net...

Detecting and Mitigating CVE-2022-42889 a.k.a. Text4shell
Published: 12/02/2022

Originally published by Sysdig. Written by Miguel Hernández, Sysdig. A new critical vulnerability CVE-2022-42889 a.k.a. Text4shell, similar to the old Spring4Shell and Log4Shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated...

Password Hash Cracking, User Cloning, and User Impersonation: Three Risks Every SAP Customer Should Know
Published: 11/28/2022

Originally published by Onapsis. Written by Thomas Fritsch, Onapsis. The easiest (and a significantly profitable) way for attackers to get into a system is logging in with valid user credentials. According to a recent report, breaches that are caused by stolen or compromised credentials are not o...

5 Steps to Stop the Latest OpenSSL Vulnerabilities: CVE-2022-3602, CVE-2022-3786
Published: 11/16/2022

Originally published by Sysdig. Written by Michael Clark, Sysdig. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786) on Oct. 25, which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was rele...

Defining Cyber Immunity
Published: 11/10/2022

Written by Arti Raman, CEO and Founder of Titaniam. Biologically, a virus is something that inserts itself into the body of a living thing and replicates itself to infect its host. Technology can also be exposed to viruses – codes that replicate themselves with the ultimate goal to destroy da...

Top Threat #7 to Cloud Computing: System Vulnerabilities
Published: 11/06/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

2022 Threat Report: Cloud-Native Threats are Increasing and Maturing
Published: 11/04/2022

Originally published by Sysdig. Written by Michael Clark. Sysdig. The first annual cloud-native threat report from Sysdig explores some of the year’s most important security topics in the cloud. As the use of containers and cloud services keeps growing, threat actors are increasingly turning thei...

OpenSSL Critical Vulnerability - What is Affected?
Published: 11/02/2022

Originally published by Dazz on October 31, 2022. Written by Alon Kollmann, Director of Product Strategy, Dazz. Everything we know about the vulnerability so far and some insights to help you prioritize your remediation efforts‍If you are reading these lines, you are probably already well aware o...

Planning for Attacks: How to Hunt for Threats in BigQuery
Published: 11/01/2022

Originally published by Mitiga. Written by Lionel Saposnik and Dan Abramov, Mitiga. BigQuery (also referred as BQ) is a managed service of Google Cloud Platform (GCP), which provides data warehouse capabilities, such as storing large amounts of logs, machine learning (ML), analytics, and other ty...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.