Application and AI roundup - October
Exciting news from the SEC, lots of AI, and lots of threat modeling.
Shostack + Friends Blog
Posts in category “breach analysis”
Comparing Retrospectives
We can learn a lot from comparing retrospectives
The Asset Trap
As we look at what's happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling.
Fireeye Hack & Culture
Thoughts on the recent Fireeye Hack and the culture surrounding breaches
The Uber CSO indictment
Thoughts on Mark Rasch's essay, Conceal and Fail to Report - The Uber CSO Indictment
Threat Research: More Like This
I want to call out some impressive aspects of a report by Proofpoint.
How Are Computers Compromised (2020 Edition)
Understanding the way intrusions really happen is a long-standing interest of mine.
Actionable Followups from the Capital One Breach
What have we learned and what steps can we take?
DNS Security
I'm happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.
House Oversight Committee on Equifax
The House Oversight Committee has released a scathing report on Equifax...
GAO Report on Equifax
I still have questions...
It's Not The Crime, It's The Coverup or the Chaos
[no description provided]
Breach Vouchers & Equifax 2017 Breach Links
[no description provided]