- Incident Response How a Data Security Breach Can Be Used for Good PR
Hershey turned a website breach into positive PR by emphasizing that the attacker only modified a single baking recipe. Headlines focused on the quirky detail rather than consumer data exposure....
- Social Networking Similarities Between Riots and Modern Internet Hacktivism
Riots and hacktivism share dynamics: de-individuation provides impunity, instigating events assemble crowds and signal intentions, and "entrepreneurs" take first risky actions expecting others to...
- Assessments 3 Reasons Why People Choose to Ignore Security Recommendations
People avoid information that challenges beliefs, demands undesired action, or causes unpleasant emotions—all common with security assessments. Recipients may resist findings that contradict "my...
- Malware Learn Better Security Breach PR from Harold Sun's Halfhearted Apology
Herald Sun's website was compromised to serve rogue antivirus, but their brief apology offered few details and underplayed the risk. Better post-incident communications require promptness, clarity,...
- Tools Using Pastebin Sites for Pen Testing Reconnaissance
Pastebin sites can aid penetration testing reconnaissance—stolen data, source code snippets, configuration details, and employee information often appear there. Tools like Pastebin Parser search...
- Incident Response When Does a Suspicious Event Qualify as a Security Incident?
Distinguishing suspicious events from actual incidents is challenging—panicking at every alert wastes resources, while ignoring meaningful ones allows escalation. Each organization must decide its...