CloudSec Academy

Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.

Shadow AI is the unauthorized use or implementation of AI that is not controlled by, or visible to, an organization’s IT department.

A security misconfiguration is when incorrect security settings are applied to devices, applications, or data in your infrastructure.

シャドーITとは、組織のIT部門によって制御されていない、または認識されていないITサービス、アプリケーション、およびリソースを従業員が不正に使用することです。

Uncover the top cloud security issues affecting organizations today. Learn how to address cloud security risks, threats, and challenges to protect your cloud environment.

Shaked Rotlevi

10月 25, 2024

Cross-site request forgery (CSRF), also known as XSRF or session riding, is an attack approach where threat actors trick trusted users of an application into performing unintended actions.

Shaked Rotlevi

10月 25, 2024

Data sprawl refers to the dramatic proliferation of enterprise data across IT environments, which can lead to management challenges and security risks.

In this blog post, we’ll explore security measures and continuous monitoring strategies to prevent these leaks, mitigating the risks posed by security vulnerabilities, human error, and attacks.

LLM models, like GPT and other foundation models, come with significant risks if not properly secured. From prompt injection attacks to training data poisoning, the potential vulnerabilities are manifold and far-reaching.

Shaked Rotlevi

9月 19, 2024

データ漏洩とは、組織データが第三者に対して野放しに持ち出されることです。 これは、データベースの設定ミス、ネットワークサーバーの保護が不十分な、フィッシング攻撃、さらには不注意なデータ処理など、さまざまな手段で発生します。

Shaked Rotlevi

9月 13, 2024

ChatGPT security is the process of protecting an organization from the compliance, brand image, customer experience, and general safety risks that ChatGPT introduces into applications.

Adversarial artificial intelligence (AI), or adversarial machine learning (ML), is a type of cyberattack where threat actors corrupt AI systems to manipulate their outputs and functionality.

Shaked Rotlevi

8月 5, 2024

LLM jacking is an attack technique that cybercriminals use to manipulate and exploit an enterprise’s cloud-based LLMs (large language models).

Credential access is a cyberattack technique where threat actors access and hijack legitimate user credentials to gain entry into an enterprise's IT environments.

Shaked Rotlevi

8月 2, 2024

プロンプトインジェクション攻撃は、攻撃者が自然言語処理(NLP)システムの入力プロンプトを操作してシステムの出力に影響を与えるAIセキュリティの脅威です。

Data poisoning is a kind of cyberattack that targets the training data used to build artificial intelligence (AI) and machine learning (ML) models.

Dark AI involves the malicious use of artificial intelligence (AI) technologies to facilitate cyberattacks and data breaches. Dark AI includes both accidental and strategic weaponization of AI tools.

Greg Zemlin

7月 1, 2024

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a cybersecurity framework that helps enterprises fortify themselves against cyber threats.

Greg Zemlin

6月 20, 2024

MITRE ATT&CK®, a publicly available security toolkit that helps enterprises overcome cyber threats, defines defense evasion as a way for malicious actors to evade detection during an attack.

This article offers an extensive examination of Azure environments’ most pressing security risks along with suggested approaches for effectively mitigating these challenges.

Learn about the most pressing security risks shared by all AI applications and how to mitigate them.

Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.

Cloud sprawl is a phenomenon that involves the unmanaged growth of cloud-based resources and services.

Data exfiltration is when sensitive data is accessed without authorization or stolen. Just like any data breach, it can lead to financial loss, reputational damage, and business disruptions.

Lateral movement is a cyberattack technique used by threat actors to navigate a network or environment in search of more valuable information after gaining initial access.

Greg Zemlin

4月 29, 2024

Cryptojacking is when an attacker hijacks your processing power to mine cryptocurrency for their own benefit.

Credential stuffing is a type of cyberattack where automated tools are used to repeatedly inject stolen username/password combinations into various services to gain access to legitimate users’ accounts in addition to those that were originally breached.

Cross-site scripting (XSS) is a vulnerability where hackers insert malicious scripts inside web applications with the aim of executing them in a user’s browser.

A man-in-the-middle (MitM) attack is a type of cyberattack where a hacker intercepts data transferred between two parties.

A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.

This article examines common AWS security challenges, including identity and access control gaps, data exposure risks, and monitoring blind spots.

Shadow data is any data that is created, stored, or shared outside of an organization's formal IT environment and management policies.

Explore common security missteps in detail and learn actionable recommendations to help organizations strengthen their GCP environments.

Greg Zemlin

3月 15, 2024

Privilege escalation is when an attacker exploits weaknesses in your environment or infrastructure to gain higher access and control within a system or network.

A rootkit is a suite of software designed to grant a cyberattacker privileged access while disguising the invasion to evade detection.

A reverse shell attack is a type of cyberattack where a threat actor establishes a connection from a target machine (the victim's) to their machine.

An attack surface is refers to all the potential entry points an attacker could exploit to gain unauthorized access to a system, network, or data.

Nicolas Ehrman

10月 9, 2023

The open-source nature of Kubernetes means that it is continually being updated and improved, which introduces new features and functionalities—as well as new vulnerabilities. Understand the most pressing K8 security challenges.

Shaked Rotlevi

10月 6, 2023

Configuration drift is when operating environments deviate from a baseline or standard configuration over time.

We outline the most common cloud vulnerabilities with real-life examples of attacks that exploited these vulnerabilities, and simple steps you can take to mitigate them.