Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Why You Need Vulnerability Management for Business-Critical Applications
Published: 01/26/2022

This blog was originally published by Onapsis here. This blog is the fourth of a five-part series on the importance of protecting business-critical applications. In our first three blogs, we share how rapid digital transformation projects, cloud migration, and the rise of cybercrime have left org...

An Optimistic Outlook for 2022: Cloud Security Vulnerabilities are 100% Preventable
Published: 01/25/2022

Written by Josh Stella, CEO and Co-Founder of Fugue Originally published on Fugue’s Blog Predicting that more enterprises will suffer a cloud data breach in 2022 is not exactly going out on a limb. Migrating IT systems and applications out of the data center to cloud computing platforms is a ...

Log4Shell and Zero Trust
Published: 01/24/2022

This blog was originally published by Appgate here. Written by Jason Garbis, Appgate. We’re only a few weeks past the emergence of the Log4Shell vulnerability (with a few ongoing related issues still open) and security teams worldwide have been in a mad scramble to diagnose, validate, update and ...

The Elephant Beetle in the Room: Older, Unpatched SAP Vulnerabilities Are Still A Threat
Published: 01/20/2022

This blog was originally published on 1/10/22 by Onapsis. Written by: Onapsis Research Labs and JP Perez-Etchegoyen, CTO, Onapsis. Last week, researchers from Sygnia’s Incident Response team released a report detailing the activities of a threat group they’ve named Elephant Beetle. Compiled f...

Log4j: The Evolution of Vulnerabilities to CVE-2021-45046 and What to Expect in 2022
Published: 01/18/2022

This blog was originally published by Alert Logic here. Written by Josh Davies, Alert Logic. Threat Overview The internet has been alive with talk of Log4Shell (CVE-2021-44228), and for good reason. While the bug appears to have been introduced in 2013, only recently have we observed wi...

What is a Vulnerability?
Published: 01/13/2022
Author: Kurt Seifried

A philosophical but practical exploration of technical vulnerabilitiesLet’s check Merriam-Webster:open to attack or damageThis doesn’t feel complete. What’s missing? Let’s check Wikipedia:In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an atta...

Application Security Best Practices
Published: 01/10/2022

This blog was originally published by Vulcan Cyber here. Written by Tal Morgenstern, Vulcan Cyber. Forget whatever business you think you’re in. As Microsoft CEO Satya Nadella announced in 2019, every company is a software company, creating digital assets like applications and websites. That mean...

How we ended up with #log4shell aka CVE-2021-44228
Published: 01/10/2022
Author: Kurt Seifried

Quick note: from now on I will refer to log4j version 2 as “log4j2” To learn how to deal with the critical vulnerability in log4j2, read the first blog in this series, Dealing with log4shell. To get a breakdown of the timeline of events, refer to the second blog, Keeping up with log4shell. So how...

Not All Visibility Is Created Equal – What Are You Looking For?
Published: 01/03/2022

This blog was originally published by Valtix here. Written by Vishal Jain, Valtix. For enterprises, security-related visibility in the cloud is critical. For many, especially as they try to gain an understanding of what they have in the cloud, how it’s set up, and what’s happening, often across m...

How to Use Kubernetes Audit Logs to Identify Potential Security Issues
Published: 12/21/2021

This blog was originally published by ARMO here. Written by Amir Kaushansky, ARMO. Audit logging involves recording transactions and system events, making it an invaluable tool for regulatory compliance, digital forensics, and information security. In a typical Kubernetes ecosystem, auditing invo...

Top Tips for Ransomware Defense
Published: 12/20/2021

This blog was originally published by Cisco here. Written by Angela Frechette Cannon, Cisco. Ransomware is wreaking havoc. What can we do?Ransomware is making its way outside the cybersecurity space. It’s popping up everywhere from the nightly news to the G7 Summit. Indeed ransomware has entered ...

What Did We Learn About Cyber Risk Management in 2021?
Published: 12/17/2021

By Bob Maley, Chief Security Officer at Black Kite “The more things change, the more they stay the same.” Author Jean-Baptiste Alphonse Karr wrote this in 1849 and it still rings true today, especially in cybersecurity. The number of reported data breaches in 2021 have soared past the total for 2...

Keeping up with log4shell aka CVE-2021-44228 aka the log4j version 2
Published: 12/16/2021
Author: Kurt Seifried

Quick note: from now on I will refer to log4j version 2 as “log4j2”If you use Java within your products or services and haven’t yet patched them, please see “Dealing with log4shell aka CVE-2021-44228 aka the log4j version 2”Trick question: Who helped coordinate the global response on CVE-2021-442...

Dealing with log4shell aka CVE-2021-44228 aka the log4j version 2
Published: 12/14/2021
Author: Kurt Seifried

Quick note: from now on I will refer to log4j version 2 as “log4j2”Update note: This blog entry was updated Dec 17, 2021, to include a note about the second remote code execution vulnerability CVE-2021-45046 in log4jOkay if you haven’t heard about the critical vulnerability in log4j2 then I envy ...

HTML Smuggling Evades Traditional Cybersecurity Solutions
Published: 12/13/2021

This blog was originally published by ZTEdge here. Written by Nick Kael, Chief Technology Officer, ZTEdge. Microsoft’s 365 Defender Threat Intelligence Team recently issued a warning about a worrying increase in HTML smuggling attacks, in which hackers “smuggle” encoded malicious script via ema...

DNS-Layer Security: The Ultimate Guide to What It Is and Why You Need It
Published: 12/09/2021

Originally Published by Cisco on March 10, 2020. Written by Lorraine Bellon, Cisco. If you’re like most people, you probably don’t pay much attention to the domain name system (DNS) or worry about investing in cloud-based DNS-layer security. After all, the hallmark of well-functioning DNS servers...

Instant Messaging Could Take Down Your Network
Published: 12/03/2021

This blog was originally published by Ericom here. By Mendy Newman, Ericom. Individuals who value both convenience and privacy – which means almost all users – depend on instant messaging (IM) apps to communicate across all aspects of their personal lives. Every time we open a new chat, Whats...

How to Better Protect Cloud Workloads and Your Crown Jewels
Published: 12/02/2021

This blog was originally published by Virsec here. Written by Matt Ambroziak, Virsec. Previously, I discussed how the attack surface is expanding in the cloud and the cloud-native security tools and best practices available to help mitigate risk. Now, let’s dig a little deeper into how attack...

Vulnerability Trends for Q3
Published: 12/01/2021

This blog was originally published by Vulcan Cyber here. Written by Orani Amroussi, Vulcan Cyber. Over the past few months, we’ve seen new vulnerability trends emerge, and with new and old vulnerabilities posing threats to the security of major organizations. Left unresolved, these can quickly re...

Spies Hack Cloud Supply Chains Because That's Where the Data Is
Published: 11/26/2021

This blog was originally published by Authomize on October 28, 2021. Written by Gabriel Avner, Authomize. Microsoft announced this week that the Russian hacking crew APT 29 (aka Nobelium) was detected targeting cloud service providers in an attempt to reach those organizations’ customers as part...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.