CSA Blog

Written by the DevSecOps Working Group. Organizations have a wide array of tools and solutions to choose from when implementing security into their Software Development Lifecycle (SDLC). Since every SDLC is different in terms of structure, processes, tooling, and overall maturity...

Originally published by Black Kite. Written in part by Jeffrey Wheatman, Cyber Risk Evangelist. Within the world of third party risk, cascading and concentration risk have been the buzz of conversation as large events are frequently tied back to this explanation of risk. It is becoming...

Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the 2022 IBM Cost of Data Breach report, 83% of organizations surveyed experienced more than one data breach with an average total cost of $4.35 million. This cost was an all-time high for 2022 and a 2.6...

Originally published by CXO REvolutionaries. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Editor’s note: The world’s first cyber thriller anticipated zero trust more than three decades before it was born. And yes, this article could be a spoiler for some readers...

Originally published by Cyble. New Stealer Targeting Crypto Wallets and 2FA Extensions of Various BrowsersDuring a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and...

Originally published by F5. Written by Gail Coury. F5’s executive leadership got an urgent message: a malicious actor within the company was sending confidential information to a third party that could put customers at serious risk. We immediately formed a combined response team...

Originally published by Dig Security. Written by Sharon Farber, Director of Product Marketing, Dig Security. How long would it take you to respond to a cloud data breach? For most organizations, the answer is ‘far too long’. According to a 2022 report by IBM, businesses took an average...

Originally published by Netskope. Written by Carmine Clementelli. Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly...

Originally published by ManTech. Written by Sandeep Shilawat, Vice President, Cloud and Edge Computing, ManTech. Stock analysts and meteorologists are in the business of making predictions. IT professionals… not so much. But when we think about the cloud and the vast changes it has...

Originally published by InsiderSecurity on December 9, 2022. Uber Technologies disclosed it was investigating a cybersecurity incident after reports that hackers had breached the company’s network. An in-depth analysis of the attack reveals how the attack occurred and ways organizations...

Originally published by Titaniam. FIPS was developed by the Computer Security Division of the National Institute of Standards and Technology (NIST). It established a data security and computer system standard that businesses must follow in accordance with the Federal Information...

Originally published by Gigamon.Editor’s note: This post explores Chapter 4 of the SANS 2022 Cloud Security Survey. Read Chapter 1, Chapter 2, and Chapter 3.In its 2022 Cloud Security Survey, the SANS Institute offers valuable insights into how a representative set of organizations...

Originally published by CrowdStrike. GuLoader is an advanced malware downloader that uses a polymorphic shellcode loader to dodge traditional security solutionsCrowdStrike researchers expose complete GuLoader behavior by mapping all embedded DJB2 hash values for every API used by...

Originally published by Google Cloud. Written by Phil Venables, VP/CISO, Google Cloud. Threat actors are taking tactics from Russia's cyber operations against Ukraine. Businesses and organizations should evaluate their countermeasures accordingly. A new Google report finds the offensive...

Originally published by Sysdig. Written by Stefano Chierici. Supply Chain attacks are not new, but this past year they received much more attention due to high profile vulnerabilities in popular dependencies. Generally, the focus has been on the dependency attack vector. This is...