Category Archives: Cloud Security Alliance

Originally published by Zscaler.Nearly every day (certainly every week) the headlines scream of massive data breaches. It’s enough to make you wonder: with companies supposedly pouring resources into cybersecurity, why are cyber incidents and data breaches still on the rise? The answer, unfortunately, isn’t a simple one. Cybersecurity is a complex dance between evolving attacks […]

Originally published by Truyo.Considering the evolving regulatory landscape surrounding artificial intelligence (AI), including the EU AI Act and potential future directives from bodies like the U.S. Department of Health and Human Services (HHS), establishing a whistleblower policy has emerged as a proactive measure for organizations. While current laws may not explicitly mandate such policies, the […]

Originally published by Abnormal Security.The integration of artificial intelligence (AI) into cybersecurity practices is transforming the landscape, offering both promising advancements and new challenges. The State of AI and Security Survey Report, sponsored by the Cloud Security Alliance, provides a comprehensive look into how AI is being perceived and utilized in the field of cybersecurity. […]

Originally published by Pentera.With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This frequency gap leaves organizations vulnerable to prolonged risk and highlights a critical area for improvement. Ensuring security measures evolve in tandem with IT changes isn’t just advisable—it’s essential for safeguarding […]

Originally published by Dazz.In the ever-evolving landscape of application security, traditional “AppSec in a box” solutions, which bundle static analysis (SAST), software composition analysis (SCA), secrets detection, API security, and other code analysis tools, have been a popular approach for many organizations. While these tools provide a comprehensive suite for detecting vulnerabilities, they often fall […]

Written by Thales.Artificial intelligence (AI) and cloud computing have become central to modern data environments. The convergence of these technologies promises a wealth of opportunities, enabling businesses to leverage powerful AI tools at scale and with greater efficiency. AI, once accessible only to a select few, is now being democratized by cloud platforms. These platforms […]

Originally published by Tata Communications. Written by Rajesh Awasthi, VP & Global Head of Managed Hosting and Cloud Services, Tata Communications. India’s financial sector is undergoing a profound transformation, driven by a confluence of technological advancements, regulatory changes, and evolving consumer expectations. Central to this revolution is cloud computing, increasingly recognized as the key to […]

A simple yet powerful way to break Generative AI chatbots Written by Satbir Singh, Enkrypt AI.Generative AI models have improved detecting and rejecting malicious prompts. And most models have basic safety alignment training to avoid responding to queries such as: “How can I commit financial fraud?” Or “What are the steps to make a bomb […]

CSA’s Cloud Trust Summit 2024 featured an expert panel discussion about v2 of our CCM v4.0 Implementation Guidelines. Led by CSA’s Lefteris Skoutaris, the panelists included:David Skrdla, Senior IT Auditor, Internal Audit, American Fidelity Corp/CamGen PartnersKerry Steele, Principal, Payments and Cloud Advisory, CoalfireJohn B. Oseh, Information Security Consultant, Handelsbanken Plc, UKBelow, read a summary of […]

Originally published by Astrix.Massive NHI Attack: Insecure AWS Stored Credentials Lead to Compromise of 230 Million Cloud Environments. Researchers from Unit 42 have uncovered a sophisticated and large-scale cyberattack targeting over 230 million AWS, cloud and SaaS environments. The attack exploited exposed environment variable files (.env) commonly stored insecurely on web servers. These files contained […]