Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Threat Activity Clusters: Project Ice Cream
Published: 05/11/2022

This blog was originally published by Alert Logic here. Written by Josh Davies, Product Manager, Alert Logic. The Challenge Continuously hunting for the latest and emerging threats and campaigns requires dedicated SOC analysts, data scientists, and security researchers. This human led pro...

The Challenge of Protecting Business-Critical Data and Applications
Published: 04/25/2022

This blog was originally published by Onapsis here. Global market intelligence firm IDC conducted a market survey in Germany in September 2021 to explore the challenges enterprises are currently facing in the development and running of security landscapes, as well as the plans they are pursuing t...

DevSecOps Best Practices for Vulnerability Management in the Cloud
Published: 04/22/2022

This blog was originally published by Vulcan Cyber here. Written by Natalie Kriheli, Vulcan Cyber. With DevSecOps best practices, teams can remain on top of their security controls while taking full advantage of everything the cloud has to offer. A growing trend in the cloud ecosystem, DevSecOps ...

CVE-2022-23648 – Arbitrary Host File Access from Containers Launched by Containerd CRI and its Impact on Kubernetes
Published: 04/06/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general...

Covering Your Assets: 5 Most Common Questions About Cyber Asset Management
Published: 04/05/2022

This blog was originally published by JupiterOne here. Written by Jennie Duong, JupiterOne. The cybersecurity forecast for 2022: More of the same—only worse. Yes, the sophistication of cyberattacks is growing by the minute. Unfortunately, so are the rewards for ransomware and stolen data. But a n...

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
Published: 03/30/2022

This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability they ...

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
Published: 03/29/2022

This blog was originally published by Orca Security here. Written by Yanir Tsarimi, Orca Security. AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over res...

The Debate: Should You Build or Buy CAASM?
Published: 03/23/2022

This blog was originally published by JupiterOne here. Written by Jasmine Henry, JupiterOne. Should you build or buy a CAASM solution? It’s a valid question, especially in an ecosystem rich with open source and low-cost security tools. You don’t need enterprise software to create API integrations...

4 Things To Know About the ICMAD Vulnerabilities in SAP Business-Critical Applications
Published: 03/15/2022

This blog was originally published by Onapsis on February 16, 2022. Last week, we announced how Onapsis and SAP partnered on the discovery and mitigation of a set of three vulnerabilities affecting the SAP Internet Communication Manager (ICM) component in SAP business-critical applications. Thi...

Latest Security Vulnerabilities Breakdown: February 2022
Published: 03/14/2022

This blog was originally published by Schellman here. Written by Jacob Ansari, Chief Information Security Officer, Schellman. In his play Julius Caesar, Shakespeare famously portrays a soothsayer as warning Caesar to beware the Ides of March, forever giving the otherwise innocuous middle of the m...

Your Network and Their Cloud: Less Visibility. More Vulnerabilities.
Published: 03/08/2022

This blog was originally published by Gigamon here. Written by Mark Leary, IDC Research Director, Network Analytics and Automation. Cloud services form a core component of a resilient digital infrastructure. Cloud-first has developed into a primary infrastructure and application strategy for a go...

The Significance of PwnKit to Insider Threats
Published: 03/01/2022

This blog was originally published by Alert Logic here. Written by Josh Davies, Alert Logic. Alert Logic has been covering and tracking PwnKit since its initial discovery, and we’ve developed the appropriate detection and coverage to both determine exposure and identify compromises. PwnKit all...

Why We Created the Global Security Database
Published: 02/22/2022
Author: Kurt Seifried

The Global Security Database is a modern approach to a modern problem. CVE is an old approach to an old problem, one that still exists (legacy code bases), but has been superseded by new and much more complicated IT systems.Stage 1: We can improve CVE from withinIn the beginning (1999) there was ...

SAP Security Patch Day January 2022: Log4j Causes Record-Breaking Number of HotNews Notes
Published: 02/21/2022

This blog was originally published by Onapsis on January 11, 2022. Written by Thomas Fritsch, Onapsis. Highlights of January SAP Security Notes analysis include:January Summary - 35 new and updated SAP security patches released, including 20 HotNews Notes and six High Priority Notes Information ...

Leveraging CSA to React to Critical Risks
Published: 02/18/2022

Written by JP Perez-Etchegoyen, CTO, Onapsis On February 8th, 2022, SAP released its SAP Security Notes as part of the monthly cadence of releasing security patches. This last patch Tuesday was noteworthy due to the release of patches for critical, unauthenticated, HTTP exploitable vulnerabilitie...

From the Trenches: Common-Sense Measures to Prevent Cloud Incidents - Part 2
Published: 02/16/2022

Written by Omri Segev Moyal & Brenton Morris, Profero - Rapid IRIntroduction In part one of this series, we discussed some specific incidents that we at Profero have dealt with in the past and some ways in which attackers can take advantage of cloud environments during an incident. In part two w...

ICMAD: Critical Vulnerabilities in SAP Business Applications Require Immediate Attention
Published: 02/14/2022

This blog was originally published by Onapsis on February 8, 2022. Written by JP Perez-Etchegoyen and the Onapsis Research Labs. Detailed research from the Onapsis Research Labs throughout 2021 around HTTP Response Smuggling led to the recent discovery of a set of extremely critical vulner...

From the Trenches: Common-Sense Measures to Prevent Cloud Incidents - Part 1
Published: 02/10/2022

Written by Omri Segev Moyal & Brenton Morris, Profero - Rapid IR Introduction As an incident response team, we see a lot of cloud breaches that could have been prevented. Adequate protection requires in-depth knowledge of the cloud provider and its APIs and ample preparation. In cases when a co...

NOBELIUM’s Unprecedented Nation-State Attack
Published: 02/08/2022

This blog was originally published by Microsoft on December 15, 2021. Written by Rob Lefferts, Corporate Vice President, Microsoft 365 Security. This is the final post in a four-part series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the wo...

App Patching is a No-Win Situation. First Principles Reveals a Better Approach.
Published: 02/03/2022

Written by Satya Gupta, Co-Founder and CTO, Virsec When organizations need to get applications up and running quickly, they turn to cloud infrastructure. The last two years accelerated this strategy as nearly everything went digital. But now cloud users are facing an existential threat. I...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.