The threat hunter’s gambit

Welcome to this week's edition of the Threat Source newsletter. " Study hard what interests you the most in the most undisciplined, irreverent and original manner possible." ― Richard Feynman " I had discovered that learning something, no matter how complex, wasn't hard when I had a reason to wan...

A Proactive Guide to Continuous Monitoring & Threat Detection

You’ve invested in a full stack of security tools, but how can you be sure they’re configured correctly and will actually work during an attack? Waiting for a real incident to test your defenses is a risk no one wants to take. This is why validating your security posture is so critical. It’s abou...

How to catch GitHub Actions workflow injections before attackers do

You already know that security is important to keep in mind when creating code and maintaining projects. Odds are, you also know that it's much easier to think about security from the ground up rather than trying to squeeze it in at the end of a project. But did you know that GitHub Actions...

Characterizing Security and Privacy Teaching Standards for Schools in the United States

Increasingly, students begin learning aspects of security and privacy during their primary and secondary education grades K-12 in the United States. Individual U.S. states and some national organizations publish teaching standards -- guidance that outlines expectations for what students should...

Think You're Secure? 49% of Enterprises Underestimate SaaS Risks

It may come as a surprise to learn that 34% of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And it's no wonder—the recent AppOmni 2024 State of SaaS Security Report reveals that only 15% of organizations centralize SaaS security with...

New Book! The Best of TaoSecurity Blog, Volume 3

Introduction I published a new book! The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It's in the Kindle Store, and if you have an Unlimited account, it's free. I also published a print edition,...

The Gartner CISO Playbook: Leveraging Effective Control in the Cloud

For as long as we can remember, the concept of control has rested comfortably in physical location and ownership. It’s simple, if you could see something or you knew exactly where it was, it would be easier to assume that you’d have some measure of control over its security. With the move to the...

Threat to U.S. Government and Businesses 'Deep and Broad', Expert Says

LAS VEGAS–It’s not difficult to find people here who are excited about security. There are roughly 10,000 of them in town this week. But there’s a smaller group of people who are on a different level, who are so passionate and amped up about their ideas that they can’t stop themselves from talkin...

Cryptosystems Showing Signs of 'Wear and Tear'

SAN FRANCISCO– It’s been an interesting year in the cryptography world, with new attacks on several algorithms, continued problems with hash functions and the recent research on weak RSA keys. With all of that as a backdrop, some of the brightest minds in the field, gathered here for the RSA...