- Social Engineering Similarities Between Riots and Modern Internet Hacktivism
Decentralized hacking groups operate without formal leadership, yet they coordinate like mobs in a riot. De-individuation, instigating events, and risk-taking 'entrepreneurs' drive both, and...
- Assessments 3 Reasons Why People Choose to Ignore Security Recommendations
People avoid information that challenges beliefs, demands undesired action, or causes unpleasant emotions—all common with security assessments. Recipients may resist findings that contradict "my...
- Malware Learn Better Security Breach PR from Harold Sun's Halfhearted Apology
Herald Sun's website was compromised to serve rogue antivirus, but their brief apology offered few details and underplayed the risk. Better post-incident communications require promptness, clarity,...
- Tools Using Pastebin Sites for Pen Testing Reconnaissance
Pastebin sites can aid penetration testing reconnaissance—stolen data, source code snippets, configuration details, and employee information often appear there. Tools like Pastebin Parser search...
- Incident Response When Does a Suspicious Event Qualify as a Security Incident?
Distinguishing suspicious events from actual incidents is challenging—panicking at every alert wastes resources, while ignoring meaningful ones allows escalation. Each organization must decide its...
- Incident Response The Critical Role of the Security Incident Response Coordinator
The incident response coordinator is the linchpin of IR efforts—tracking progress, coordinating team members, providing status updates, and channeling expertise. The ideal candidate knows IT, has...