Lock Down Your Ubuntu System to Protect It from Being HackedThis is the last part of our four-part series looking at how to protect a fresh Ubuntu install.Null Byte Shared .
Spotify Wrapped 2020 Rollout Marred by Pop Star HacksSpotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.Threatpost Shared .
Think-Tanks Under Attack by Foreign APTs, CISA WarnsThe feds have seen ongoing cyberattacks on think-tanks , using phishing and VPN exploits as primary attack vectors.Threatpost Shared .
Hacker given three years for stealing secret Nintendo Switch blueprints, collecting child sex abuse vidsRyan Hernandez continued to raid gaming giant's systems even after FBI gave him a warning.The Register Shared .
Xerox DocuShare Bugs Allows Data LeaksCISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.Threatpost Shared .
The Shadow Academy schools anglophone universities. Turla's Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to sThe Shadow Academy prospects universities in a domain shadowing campaign. Notes on Turla's Crutch, an backdoor.The CyberWire Shared .
Turla's 'Crutch' Backdoor Leverages Dropbox in Espionage AttacksIn a recent cyberattack against an E.U. country's Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.Threatpost Shared .
I'm an AndroidIn ca. 2009/10 I got my first Android smartphone, an HTC Desire. And I started to learn how to develop apps for it.LiveOverflow Shared .
Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient DataThe post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year.Threatpost Shared .
How to steal photos off someone's iPhone from across the streetThe bug at the heart of this is already patched - but there's a lot to learn from this story anyway.Naked Security Shared .
Account Hijacking Site OGUsers Hacked, AgainFor at least the third time in its existence, OGUsers - a forum overrun with people looking to buy, sell and trade access to compromised social media accounts - has been hacked.Krebs on Security Shared .
Hackers steal sensitive client data in Israeli insurance firm data breachBlackShadow hackers took responsibility for the attack and leaked the data online belonging to Shirbit's customers.HackRead Shared .
Poking the BearThis week, we're going to take on a different aspect of the cybersecurity skills gaps in this episode.Paul's Security Weekly Shared .
Microsoft Revamps 'Invasive' M365 Feature After Privacy BacklashThe Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.Threatpost Shared .
Ghostery Browser Beta: New UpdateHey there, beta testers! We have made a few new updates to Ghostery Browser and Ghostery Search this past week and we wanted to give you a quick summary : We have a much installer that consolidates the entire process into one step.Ghostery Blog Shared .
IPhone Bug Allowed for Complete Device Takeover Over the AirResearcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.Threatpost Shared .
Japan Trade deal letter from MPsDear Minister Liz Truss, We are writing as a cross-party group of MPs who are deeply concerned by the lack of time, information and analysis available given to us and Parliament to consider the impact of the digital trade clauses in the UK-Japan Comprehensive Economic Partnership Agreement.Open Rights Group Shared .
Immigration, Data and Technology: Needs and Capacities of the Immigration SectorThis report is based on the findings of a survey launched earlier this year with Privacy International to identify the needs and capacities of migrants rights organisations to respond to data, privacy and the use of new technologies.Open Rights Group Shared .
Malware attack can trick biologists into making dangerous toxinsResearchers urge for improving bio-cybersecurity as threat actors can use malware to target Synthetic DNA Orders to modify DNA strings sequence.HackRead Shared .
CISO with a small security team? Learn from your peers' experience with this free e-bookThe Hacker News Shared .
Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhonesThe Hacker News Shared .
A Plan Over TimeIf we can protect everything, who cares where it is, as you continue to maintain control!Paul's Security Weekly Shared .
Misconfigured Docker Servers Under Attack By Xanthe MalwareResearchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems.Threatpost Shared .
GoDaddy DNS Attacks, New Magecart Attacks, and Ryan CoreyBuilding High Performing Security Teams - The Skills Gap vs The Talent Shortage: Cybrary CEO and Co-Founder Ryan Corey sits down with Security Weekly to chat about the trends they are seeing in Cybersecurity skill development among high performing teams.Paul's Security Weekly Shared .
Android Messenger App Still Leaking Photos, VideosThe GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.Threatpost Shared .
Ever had a bogus call from someone claiming to be the IRS? A tax scam ringleader just got sent down for 20 yearsHitesh Patel also faces $9m payback for defrauding thousands of US citizens.The Register Shared .
GO SMS Pro app still exposing millions of users' sensitve dataPreviously, it was revealed that the GO SMS Pro messaging app was exposing highly sensitive data of more than 100 million users.HackRead Shared .
How the human immune system inspired a new approach to email securityAI excels at interpreting high volume, high velocity, complex data - which is just the ticket here.The Register Shared .
Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And prCryptojacking from Hanoi. Dormant networks rise again, for no easily discernible reason. A gang is hitting German victims with the Gootkit banking Trojan, and sometimes mixing it up with a REvil ransomware payload.The CyberWire Shared .
Cayman Islands Bank Records Exposed in Open Azure BlobAn offshore Cayman Islands bank's backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.Threatpost Shared .
Talking CookiesThis week, we welcome back Tim Mackey, Principal Security Strategist at Synopsys, to talk about Security Decisions During Application Development!Paul's Security Weekly Shared .
Teslas Can Be Hacked , RCS Messages + E2EE Coming 2021 Via GoogleA severe MobileIron flaw was discovered, Google's Messages app will soon be end to end encrypted, and Teslas can be hacked!Hak5 Shared .
My Life in ShortI want to kick off this December / advent series with the oldest t-shirt I own.LiveOverflow Shared .
Zoom Impersonation Attacks Aim to Steal CredentialsThe Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.Threatpost Shared .
Electronic Medical Records Cracked Open by Unpatched OpenClinic BugsFour security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.Threatpost Shared .
As if Productivity Score wasn't creepy enough, Microsoft has patented tech for 'meeting quality monitoring devices'It all sounds innocent enough until you read about the requirement for "quality parameters" to be collected from "meeting quality monitoring devices", which might give some pause for thought.The Register Shared .
Tech in the Home: a Family AffairWe're dedicating this month on the blog to providing tips and resources to keep you and your children safer online.Ghostery Blog Shared .
Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed OnlineThe Hacker News Shared .
Bomb Threat, DDoS Purveyor Gets Eight YearsA 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service attacks, and for possessing sexually explicit images of minors.Krebs on Security Shared .
Magecart Attack Convincingly Hijacks PayPal Transactions at CheckoutNew credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.Threatpost Shared .
Supreme Court mulls whether a cop looking up a license plate for cash is equivalent to watching Instagram at workNowhere is that more clear than in a case heard in the US Supreme Court on Monday, covering a cop - former police sergeant Nathan Van Buren - who was convicted of breaking the Computer Fraud and Abuse Act in 2017 after using his access to a police database of license plate numbers to look up the owner of a specific car for a cash payment.The Register Shared .
Cayman Islands investment fund left entire filestore viewable by world+dog in unsecured Azure blobAs well as publicly exposing who its shareholders are, how many shares they hold, and the value of those holdings, the fund - which The Register is not naming after it agreed to talk in depth about its incident response process - had also saved a scanned copy of its online banking PIN to the blob.The Register Shared .
Yes, we're all going to be at home for the foreseeable future. Does that leave you feeling insecure?Webcast After more than six months, the shine is wearing off working from home - not just for the workers, but for the security teams who need to rethink pretty much everything about how to protect them and their companies.The Register Shared .
Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto MinersThe Hacker News Shared .
4 Free Online Cyber Security Testing Tools For 20214 free must-have online cyber security tools to improve your 2021 planning.The Hacker News Shared .
9 Best NGINX Monitoring Tools for 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Indian National Gets 20-Year Jail in United States for Running Scam Call CentersThe Hacker News Shared .
New study: DNS spoofing doubles in six years… albeit from the point of naff allBoffins see more interference with domain-name look-up system, wonder why DNSSEC is taking so long.The Register Shared .
Indian job portal IIMJobs hacked; database leaked onlineAccording to Alexa traffic analysis, IIMJobs is among the top 700 visited websites in India.HackRead Shared .
Forget Snow Day: Baltimore's 115,000+ public school kids get Ransomware Day, must check Win PCs for infectionStudents in Baltimore, Maryland, were on Sunday warned against connecting their Windows PCs to the county's public school IT system after it was hit by ransomware.The Register Shared .
Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School's out for ransomware. Skepticism about foreign election manipulatA school district cancels classes after a ransomware attack. Man U continues to work on recovering its systems.The CyberWire Shared .
Post-Cyberattack, UVM Health Network Still Picking Up PiecesMore than a month after the cyberattack first hit, the UVM health network is still grappling with delayed payment processing and other issues.Threatpost Shared .
Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom DemandA statement provided to Bleeping Computer on behalf of Advantech acknowledged the attack and said "the stolen data was confidential but only contained low-value documents." The statement added that the company is recovering and "functioning normally," and will not be commenting on whether the ransom was paid.Threatpost Shared .
OceanLotus hackers hit macOS users with new malwareFor now, researchers believe that the malware is targeting Vietnamese users however it is about time it hits macOS users around the world.HackRead Shared .
HackTheBox Blue WalkthroughOur videos are also available on the decentralized platform LBRY: US Patreon: : NETWORKS Twitter: : YOU CAN FIND US - Cybersecurity Training Simplified: Forum: Academy: TO THE CYBERTALK PODCAST Spotify: hope you enjoyed the video and found value in the content.HackerSploit Shared .
Digitally Signed Bandook Trojan Reemerges in Global Spy CampaignA strain of the 13-year old backdoor Bandook trojan has been spotted in an espionage campaign.Threatpost Shared .
The CEO's chuckling at their email… you better check your security defensesWith the events of 2020 giving them a raft of ideas with which to craft subject lines that just have to be clicked, it's no surprise that the threat is on the rise and is as devastatingly effective as ever when it comes to getting marks to open that crucial payload-bearing mail.The Register Shared .
MacOS Users Targeted By OceanLotus BackdoorThe new backdoor variant comes with multiple payloads and new detection evasion tactics.Threatpost Shared .
Pandemic, A Driving Force in 2021 Financial CrimeRansomware gangs with zero-days and more players overall will characterize financially motivated cyberattacks next year.Threatpost Shared .
Naked Security Live The Gift Card hackersHere's the latest Naked Security Live video - please watch and share with your friends...Naked Security Shared .
Quick Guide — How to Troubleshoot Active Directory Account LockoutsQuick Guide — How to Troubleshoot Active Directory Account Lockouts - Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.The Hacker News Shared .
Home Wi-Fi security tips 5 things to checkDays like these are a handy nudge to do a few extra security checks. With that in mind, here are some tips from the Sophos support team on how to secure your Wi-Fi network at home.Naked Security Shared .
Ransomware Attack Closes Baltimore County Public SchoolsThe attack, first discovered late Tuesday, disrupted the district's websites and remote learning programs, as well as its grading and email systems, officials said.New York Times Privacy Shared .
Authorities disrupt massive stolen credit card trading scam on dark webDubbed Carding Action 2020; the operation aimed at targeting several dark web marketplaces resulting in saving $48million/€40 million.HackRead Shared .
Camille Stewart: Technology becomes more of an equalizer.Cybersecurity attorney Camille Stewart shares how her childhood affinity for making contracts pointed to her eventual career as an attorney.The CyberWire Shared .
2021 Healthcare Cybersecurity Priorities: Experts Weigh InHackers are putting a bullseye on healthcare. Experts explore why hospitals are being singled out and what any company can do to better protect themselves.Threatpost Shared .
Encore: Using global events as lures for malicious activity.The goal of malicious activity is to compromise the system to install some unauthorized software.The CyberWire Shared .
Will Microsoft add Android support to Windows 10 next year?2021 is shaping up to be a big year for Microsoft. As per reports, the tech giant is planning to bring Android support in Windows 10 next year.HackRead Shared .
TurkeyBombing Puts New Twist on Zoom AbuseThreat actors already stole nearly 4,000 credentials before the holiday was even over, according to report.Threatpost Shared .
Vulnerability allowed bypassing 2FA in WHM and cPanel by bruteforcingKeeping this in mind, Digital Defense, a US-based cybersecurity company has recently discovered a vulnerability in their version 18.104.22.168 named CVE-2020-27641 which allowed malicious actors to bypass two-factor authentication on the software using brute-force attacks.HackRead Shared .
Manchester United email servers remain offline amid what is being called a 'ransomware' attackUK data watchdog has been told and 'forensic' probe is ongoing.The Register Shared .
197-Big Sur Update and Amazon SidewalkThis week I discuss Big Sur VPN updates, Amazon's new Sidewalk "feature", and a summary of the Black Friday deals for privacy support for this podcast comes from sales of my books and the new online OSINT video training.The Complete Privacy & Security Podcast Shared .
Leader of biggest online sextortion ring 'Nth Room' jailed for 40 yearsCho Ju-Bin was accused of forcing at least 74 females, including 16 minors, into Virtual Enslavement on Nth Room to produce and sell sexually explicit content.HackRead Shared .
UK infoseccer launches petition asking government not to backdoor encryptionA UK infosec bod has launched a petition asking the government if it would please drop its plans to install backdoors in end-to-end encryption.The Register Shared .
Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks YesWhile 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense.Threatpost Shared .
ThreatList: Cyber Monday Looms a But Shoppers Oblivious to Top Retail ThreatsOnline shoppers are blissfully unaware of credit card skimming threats and malicious shopping apps as they head into this year's Black Friday and Cyber Monday holiday shopping events.Threatpost Shared .
OpinionIn the pursuit of surveillance as a service, Jeff Bezos is intent on recording even our moods.New York Times Privacy Shared .
1.3bn National Cyber Security Strategy? MehIn a report issued this week the Cabinet Office waffled for several tens of pages saying how much work Britain's various governmental organs had done that vaguely fits under the banner of the National Cyber Security Strategy.The Register Shared .
How to Live Stream Tyson v Jones online anywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Digitally Signed Bandook Malware Once Again Targets Multiple SectorsThe Hacker News Shared .
Researchers found another way to hack Tesla Model X Key FobThe hack occurred when researchers identified significant security flaws in the key fob of Teslaâs top-of-the-line SUV, Tesla Model X, the luxury vehicle costing $80,000 to $100,000.HackRead Shared .
Graylog vs Splunk: Full Reviews and AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Sumo Logic vs Splunk: Full Reviews and AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Sopra Steria records heavy financial loss after Ryuk ransomware attackThe company stated that it ‘rapidly' blocked the ransomware attack; however, it had to bear heavy financial losses post the attack.HackRead Shared .
Solving Nintendo HireMe! ! ! with "Basic" MathWe are going to solve the Nintendo HireMe.cpp challenge with some "basic" math. I call it basic, because linear algebra is taught pretty early in school.LiveOverflow Shared .
Bzzzzzzt! How safe is that keenly priced digital doorbell?How on earth are you supposed to figure out whether that home gadget you just ordered is full of security holes or not?Naked Security Shared .
Sophos breach: Customer data exposed due to permission access flawSophos has acknowledged the breach by sending email notifications to targeted customers. Here's what happened and what data was exposed.HackRead Shared .
Hotspot Shield Black Friday VPN Deal 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Federated Learning: A Therapeutic for what Ails Digital HealthResearchers show the promise of Federated Learning to protect patient privacy and improve healthcare outcomes across the world.Threatpost Shared .
Changing Employee Security Behavior Takes More Than Simple AwarenessDesigning a behavioral change program requires an audit of existing security practices and where the sticking points are.Threatpost Shared .
Sumo Logic SIEM: Full Review and The Best AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
AWS WAF: Full Review and The Best AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Privacy campaigner flags concerns about Microsoft's creepy Productivity ScoreThe Register had already noted the vaguely creepy-sounding technology back in May. The goal of it is to use telemetry captured by the Windows behemoth to track the productivity of an organisation through metrics such as a corporate obsession with interminable meetings or just how collaborative employees are being.The Register Shared .
Microsoft productivity score feature criticised as workplace surveillanceMicrosoft has been criticised for enabling "workplace surveillance" after privacy campaigners warned that the company's "productivity score" feature allows managers to use Microsoft 365 to track their employees' activity at an individual level.Guardian Privacy Shared .
Just Reboot Your StuffThis week in the Enterprise Security News, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry's first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs!Paul's Security Weekly Shared .
What is Trojan Horse Malware and how can you avoid it?We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Become a White Hat Hacker — Get 10 Top-Rated Courses at 97% OFFThe Ultimate 2020 White Hat Hacker Certification Bundle is the ultimate launchpad for your career.The Hacker News Shared .
Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 EntitiesThe Hacker News Shared .
Signal Sciences WAF: Full Review and The Best AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Cloudflare WAF: Full Review and The Best AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Securonix Next-gen SIEM: Full Review and Best AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Graylog: Full Review and The Best AlternativesWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
GoDaddy employees tricked in attack against cryptocurrency firmsEarlier this month, hackers targeted GoDaddy customers to modify the DNS settings of at least two cryptocurrency website.HackRead Shared .
The Magician HatThis week, we welcome Zulfikar Ramzan, Ph.D., Chief Digital Officer at RSA Security, to talk about how Zero Trust Intersects XDR in Today's Digital Era!Paul's Security Weekly Shared .
Influence the gullible, and maybe others will follow. Event site sustains a data breach. Contact tracing and privacy protection. Ransomware, again. SoObservers see a shift in Russia's influence tactics, but prank calls are not among those tactics.The CyberWire Shared .
Scan Websites for Potential Vulnerabilities Using Vega in Kali LinuxVega Vulnerability Scanner can be used by both attackers and by site administrators to detect XSS , SQL injection, and other vulnerabilities on public websites.Null Byte Shared .
Major BEC Phishing Ring Cracked Open with 3 ArrestsSome 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.Threatpost Shared .
Critical MobileIron RCE Flaw Under Active AttackAttackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others.Threatpost Shared .
How your Mobile Phone tracks youWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Better PlaysThis week, James Gomez, CISO at Cybersec, join us to discuss Cybersecurity and Integrated Risk Management!Paul's Security Weekly Shared .
How to Update Your Remote Access Policy a And Why You Should NowReducing the risks of remote work starts with updating the access policies of yesterday.Threatpost Shared .
Laser-Based Hacking from Afar Goes Beyond Amazon AlexaThe team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.Threatpost Shared .
S3 Ep8: A conversation with Katie MoussourisHere's the latest Naked Security Podcast - listen now!Naked Security Shared .
Private Internet Access Black Friday VPN Deal 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Ticketmaster: We're not liable for credit card badness because the hack straddled GDPR dayThose dates are significant: while the ICO made clear findings that Ticketmaster's infrastructure was compromised in February, its fine only covered the period from May, when higher penalties under the EU's General Data Protection Regulation were available - and now Ticketmaster seemingly wants to use that to avoid admitting liability for its...The Register Shared .
Freedom of the Press Rankings from 2002 to 2020Each year, Reporters Without Borders releases its press freedom rankings. It scores 180 countries based on the legal framework, the level of pluralism, media environments and self-censorship, media independence, transparency, and the quality of infrastructure which supports information and news production.Comparitech Shared .
New malware fraudulently subscribes users to premium phone servicesIf you believe you may have been affected by WAPDropper malware, you should first uninstall any suspicious applications and inspect your billing records to identify any unusual patterns.HackRead Shared .
5,000+ Black Friday and Cyber Monday scam sites registered in NovemberCybercriminals are preparing to fleece shoppers around the world this Black Friday and Cyber Monday.Comparitech Shared .
2-Factor Authentication Bypass Flaw Reported in cPanel and WHM SoftwareThe Hacker News Shared .
Baidu's Android Apps Caught Collecting and Leaking Sensitive User DataThe Hacker News Shared .
Part human, part machine: is Apple turning us all into cyborgs?With its iPhones, watches and forthcoming smart glasses, Apple's gadgets are increasingly becoming extensions of our minds and bodies.Guardian Privacy Shared .
Database leak exposed mass credential stuffing against Spotify usersResearchers helped Spotify detect and address a severe credential stuffing operation affecting hundreds of millions of its users.HackRead Shared .
Hackers leak login credentials of vulnerable Fortinet SSL VPNs6.7 GB worth of sensitive details citing Fortinet SSL VPNs vulnerability have been leaked on a prominent hacker forum.HackRead Shared .
Google binned two apps by China's Baidu, which says researchers got it wrong by linking it to personal info leaksPalo Alto Networks spotted subscriber IDs and MAC addresses on the move.The Register Shared .
Post Breach, Peatix Data Reportedly Found on Instagram, TelegramEvents application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram.Threatpost Shared .
Thunderdome TechniqueThis week, in the first segment, Mike, Adrian, and John discuss Threat Modeling! We threat model every day without realizing it.Paul's Security Weekly Shared .
Mustang Panda needs to repent. Not the FBI. Dodgy consumer routers and smart doorbells. Prospective Presidential appointees and cyber. Crime and invesA quick look at the incoming US Administration, from a cybersecurity point of view. Someone's allegedly swapping iPads for concealed carry permits - say it ain't so, Santa Clara County.The CyberWire Shared .
'Minecraft Mods' Attack More Than 1 Million Android DevicesFake Minecraft Modpacks on Google Play deliver millions of abusive ads and make normal phone use impossible.Threatpost Shared .
VMware urges sysadmins to apply workarounds after critical Workspace command execution vuln foundIf you've been pwned in the past, pay special attention to this one.The Register Shared .
Gift card hack exposed you pay, they playThese crooks hacked into a network hoping to get everyone in the company to buy them gift cards.Naked Security Shared .
Baidu Mobile Apps in Google Play Leak Sensitive DataCyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls.Threatpost Shared .
Blackrota Golang Backdoor Packs Heavy Obfuscation PunchBlackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.Threatpost Shared .
Stantinko Botnet Now Targeting Linux Servers to Hide Behind ProxiesStantinko Adware Botnet Campaign is now targeting Linux servers with a new proxy malware to fly under the radar.The Hacker News Shared .
Best Practices for $afe Online ShoppingIt's almost time for our new, socially distanced Black Friday 2020! As we've mentioned in a few recent blog posts this month, online shopping in the COVID-19 era means that more of us will be shopping online than ever.Ghostery Blog Shared .
How will the National Data Strategy affect migrants and refugees?In early September the government launched its National Data Strategy which it described as âan ambitious, pro-growth strategy that aims to drive the UK in building a world-leading data economy while ensuring public trust in data use.Open Rights Group Shared .
Robotic vacuum cleaners could be hacked to spy on youIn the latest, in a paper by researchers from the University of Maryland and University of Singapore, it has been revealed that robotic vacuum cleaners can be hacked to spy on users by recording both conversations and music.HackRead Shared .
Tesla Hacked and Stolen Again Using Key FobBelgian researchers demonstrate third attack on the car manufacturer's keyless entry system, this time to break into a Model X within minutes.Threatpost Shared .
IPVanish Black Friday VPN Deal 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to Watch the Saved by the Bell 2020 Reboot Online AbroadWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Imagine things are bad enough that you need a payday loan. Then imagine flaws in systems of loan lead generators leave your records in the open… for"From there it would pre-render some information, including a form that asked you to enter the last four digits of your SSN to continue," Traver told us.The Register Shared .
How to Watch NCAA College Basketball 2020-21 Season OnlineWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to watch Harry Potter Movies online from anywhereWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Marketers for an Open Web ask UK competition watchdog to block launch of Google's anti-tracking Privacy SandboxGroup claims adtech 'has nothing to do with privacy' but is rather an attempt 'to take control of the web'The Register Shared .
Critical Unpatched VMware Flaw Affects Multiple Corporates ProductsThe Hacker News Shared .
200th Episode!Cryptocurrency is a common part of online investigations, and SpiderFoot is capable of extracting and displaying this information for investigators.Null Byte Shared .
'Antiquated process': data regulator on obtaining Cambridge Analytica warrantThe information commissioner has criticised the "antiquated process" that led to Facebook getting hold of Cambridge Analytica's servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.Guardian Privacy Shared .
Crooks social-engineer GoDaddy staff into handing over control of crypto-biz domain namesUsing social engineering tricks, the hackers were able to change the DNS settings of their victims' domain names, redirecting connections and mail to their own servers.The Register Shared .
Critical VMware Zero-Day Bug Allows Command Injection; Patch PendingVMWare explained it has no patch for a critical bug that impacts both Windows and Linux operating systems and its Workspace One.Threatpost Shared .
Apple's global security boss accused of bribing cops with 200 free iPads in exchange for concealed gun permitsInsurance broker Harpreet Chadha, 49, was also charged with bribery. It is said he promised Sung, in exchange for a CCW license, $6,000 of box suite tickets for a San Jose Sharks ice-hockey game at Silicon Valley's SAP Center on Valentine's Day last year.The Register Shared .
GoDaddy Employees Tricked into Compromising Cryptocurrency SitesVishing' attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.Threatpost Shared .
TA416 APT Rebounds With New PlugX Malware VariantThe TA416 APT has returned in spear phishing attacks against a range of victims - from the Vatican to diplomats in Africa - with a new Golang version of its PlugX malware loader.Threatpost Shared .
Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. "Take me home, United Road, to the place I bMalek Ben Salem from Accenture Labs has methods for preserving privacy when using machine learning.The CyberWire Shared .
Spotify Users Hit with Rash of Account TakeoversUsers of the music streaming service were targeted by attackers using credential-stuffing approaches.Threatpost Shared .
Ghostery Browser BetaHello All! First, thank you so much for joining the beta! We are really excited with the product and, though itâs early, we hope you are enjoying it as well!Ghostery Blog Shared .
Manchester United: IT Systems Disrupted in CyberattackMan U, of the most popular soccer teams in the world, said that it was suffering ongoing IT disruptions: "The club has taken swift actions to contain the attack and is currently working with expert advisers to investigate the incident and minimize the ongoing IT disruption," it said in a short statement issued Friday night.Threatpost Shared .
Cybersecurity Jobs Overview: Finding a career in CybersecurityWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Joe Biden Campaign Subdomain Down After Hacktivist DefacementA subdomain used by President-elect Joe Biden's official campaign website was defaced last week by a self-proclaimed Turkish hacktivist and still remains out of commission.Threatpost Shared .
CyberGhost Black Friday VPN Deal: Save 83% + 3 months free!We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Penetration testing isn't enough, you need to activate full offensive operationsSANS Institute expands course lineup to help you think like a hacker.The Register Shared .
Surfshark Black Friday VPN Deal 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
ExpressVPN Black Friday and Cyber Monday Deals 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Black Friday Deals: 68% off NordVPNWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Naked Security Live Beat the Threat!Here's the latest Naked Security Live video - how to beat the crooks! Watch now...Naked Security Shared .
Parliament must hold the ICO to accountThe Digital, Culture, Media, and Sport Committee of the House of Commons will hold a hearing with Information Commissioner soon.Open Rights Group Shared .
US Air Force deploys robot security dogs to guard base but doesn't go full TerminatorOver the past year the 325th Security Forces Squadron have been trialing the security robots via a so-called "3D Virtual Ops Center," where the hardware hounds patrol the grounds and feed back data to central command.The Register Shared .
Online scams: How Safe Are the Websites You Visit?Every year, millions of unsuspecting people fall victim to scams online. Fraudsters can cause irreparable damage to your bank balance, your reputation, and your life.HackRead Shared .
No Xmas office party? Missing infosec pals and colleagues? Want to listen to DJs who also happen to be cyber warriors?Cyber House Party charity event scheduled for 17 December - just bring your dosh and some ear plugs.The Register Shared .
Why Replace Traditional Web Application Firewall With New Age WAF?The Hacker News Shared .
Head thumping, heart racing? Here's how not to panic when you're under cyber attackIt will also point you to the post incident work you need to put in motion to ensure the threat has been thoroughly dealt with, that there are no payloads or unclosed entry points still lurking in your systems, and how to ensure it doesn't occur again.The Register Shared .
10 Best Dynamic DNS Providers for 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to Perform a Network Virus ScanWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
James Hadley: Spend time on what interests you.Founder and CEO of Immersive Labs James Hadley takes us through his career path from university to cybersecurity startup.The CyberWire Shared .
Malware service operators arrested; offered antivirus bypassing toolsThe malware encryption service run by a Romanian duo helped hackers embed malicious code in legit software to bypass antivirus tools.HackRead Shared .
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency ServicesFraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week.Krebs on Security Shared .
Manchester United working with infosec experts to 'minimize ongoing IT disruption' caused by 'cyber attack'The New York Stock Exchange listed football business confirmed the incident last night but didn't clarify the technical nature of it, and refused to answer questions posed by The Register.The Register Shared .
Misconfigured identity and access management is much more widespread.Identity and access are intrinsically connected when providing security to cloud platforms. But security is only effective when environments are properly configured and maintained.The CyberWire Shared .
Sometimes, Computers Just Freak OutThis week, Mimecast's very own Jamie Fernandes and Karsten Chearis join us to discuss recent Threat Actor Trends!Paul's Security Weekly Shared .
IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chipsUpdated IBM Power9 processors, intended for data centers and mainframes, are potentially vulnerable to abuse of their speculative execution capability.The Register Shared .
Google Services Weaponized to Bypass Security in Phishing, BEC CampaignsAttackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.Threatpost Shared .
Krebs Fired at CISA, 'Stone Panda', and DNS Is Not Your FriendThis week, Dr. Doug talks about IoT Legislature, Krebs is fired, DNS, Joff Thyer, Clearview, Cicada, and Funny Dream as well as the show Wrap Ups!Paul's Security Weekly Shared .
Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ranHer Majesty's Government discloses the existence of a National Cyber Force. Hanoi tells Facebook to crack down on posts critical of Vietnam's government.The CyberWire Shared .
VMware Fixes Critical Flaw in ESXi HypervisorThe critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge.Threatpost Shared .
Good Heavens! 10M Impacted in Pray.com Data ExposureThe information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists.Threatpost Shared .
Some Serious CoinThis week, we start with the Enterprise News, discussing the all new AWS Network Firewall, Zero Trust for Kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security!Paul's Security Weekly Shared .
End to end encryption? In Android's default messaging app? Don't worry, nobody else noticed eitherThe rollout seems to be a last roll of the dice for RCS, which began life as the telco industries' SMS killer - or, more prosaically, their belated response to the growth of over-the-top messaging services such as Blackberry Messenger and WhatsApp.The Register Shared .
Facebook Messenger bug allowed callers to listen unattended callsThe bug was reported by a member of the Bug Hunting Team of Google's Project Zero named Natalie Silvanovich.HackRead Shared .
New Grelos Skimmer Variants Siphon Credit Card DataDomains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.Threatpost Shared .
Facebook patches Messenger audio snooping bug update now!Do you ever make, ahem, "pointed remarks" just before answering calls from people you would rather avoid?Naked Security Shared .
196-What…A…Week…Direct support for this podcast comes from sales of my books and the new online OSINT video training.The Complete Privacy & Security Podcast Shared .
Facebook Messenger Bug Allows Spying on Android UsersThe company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them.Threatpost Shared .
Convicted SIM Swapper Gets 3 Years in JailA 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison.Krebs on Security Shared .
Pray.com exposed data of millions after database mess upPray.com had lackluster security practices potentially exposing nearly 10 million users to frauds and cyberattacks, claim VpnMentor's researchers.HackRead Shared .
Apple accuses Facebook of 'disregard for user privacy'Apple has criticised Facebook for trying to "collect as much data as possible" from users, saying it will push ahead with its planned launch of a new privacy feature despite objections from the advertising industry.Guardian Privacy Shared .
NCSC's London HQ was chosen because GCHQ spies panicked at the prospect of grubby Shoreditch officesEven though GCHQ had commissioned property consultants to scout out London's available commercial buildings, NCSC's founders knew where they wanted to set up shop - and when their consultants gave the wrong answer, the spies started moving the goalposts and calling in ministerial favours.The Register Shared .
Elasticsearch Security GuideWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the CallA Bug in Facebook Messenger App for Android Could've Let Hackers Listen to the Person You Are Calling Before Even They Pick Up.The Hacker News Shared .
UK reveals new ‘National Cyber Force', announces Space Command and mysterious AI agencyCombined Ministry of Defence and GCHQ team has worked since April to ‘transform cyber capabilities'The Register Shared .
You can protect the company from hackers, but can you protect the company from the CEO?Spear-phishers love the executive suite. Here's how to stop them getting in.The Register Shared .
India PM calls on nation's youth to 'vaccinate digital products against cyber-attacks and viruses'Indian Prime Minister Narendra Modi has called on the nation's technology industry to start designing products for the world, and for youth to create new digital defences.The Register Shared .
WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media MessagesThe Hacker News Shared .
VMware reveals critical hypervisor bugs found at Chinese white hat hacking comp. One lets guests run code on hostsVMware has revealed and repaired the flaws in its hypervisor discovered at China's Tianfu Cup white hat hacking competition.The Register Shared .
In 2016 Australia's online census failed. Preparations for the 2021 edition have been rated ‘partly effective'Devs can make unauthorised changes, data integrity is a work in progress, security is not there yet...The Register Shared .
Robot Vacuums Suck Up Sensitive Audio in 'LidarPhone' HackResearchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.Threatpost Shared .
German COVID-19 Contact-Tracing Vulnerability Allowed RCEBug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.Threatpost Shared .
Planning for Australia's 2021 census only 'partly effective' following 2016 debacleA worrying new assessment by the Australian National Audit Office has found planning for the next census is only "partly effective" and the ABS has "not put in place arrangements to ensure that improvements to its architecture framework, change management processes and cybersecurity measures will be implemented ahead of the 2021 census".Guardian Privacy Shared .
US Senate approves deepfake bill to defend against manipulated mediaIntroduced last year by US Senators Catherine Cortez Masto and Jerry Moran , the Identifying Outputs of Generative Adversarial Networks Act aims to promote research to detect and defend against realistic-looking fakery that can be used for purposes of deception, harassment, or misinformation.The Register Shared .
List of 2020's most used passwords is here and it's appallingThe need to keep a secure and robust password was never as intense as it has become these days.HackRead Shared .
GO SMS Pro Android App Exposes Private Photos, Videos and MessagesThe vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content.Threatpost Shared .
Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. MeetCISA has a new interim director. A view of the threat landscape from Canada. Caleb Barlow from Cynergistek on reclassifying the internet as critical infrastructure.The CyberWire Shared .
Tis' the Season for Online Holiday Shopping; and PhishingMeanwhile, we already know that COVID-19-related phishing scams skyrocketed 600 percent between February and March this year, shortly after the pandemic took hold across Europe and the U.S. This year, along with the usual garden-variety holiday scams, we're likely to see more phishing attacks both directly and indirectly related to the pandemic.Threatpost Shared .
AWS includes open-source Suricata for stateful inspection with Network Firewall serviceEnhanced network security for AWS virtual private cloud - while Microsoft previews Azure Firewall Premium.The Register Shared .
Code42 Incydr Series: Protect IP with Code42 IncydrThe Code42 Incydr data risk detection and response solution focuses on giving security teams simplicity, signal and speed.Threatpost Shared .
Nintendo Hire me! ! ! ! ! ! ! !HireMe.cpp: at NERD: - Introduction 01:14 - Quick Overview 02:31 - First Lazy Strategy - Chosen Plaintext Attack 05:03 - Looking Closer at the Code 07:29 - Next Lazy Attempt - Just Reverse It 08:56 - Thinking Deeper about the Algorithm 12:06 - Talking is NOT - Attacking XOR Chain 13:51 - Visual Analysis 16:06 - Giving up...LiveOverflow Shared .
Microsoft hopes Windows PCs protection with Pluton security chipThe innovative new Pluton security processor will amplify chip security and prevent hardware flaws like Spectre and Meltdown to steal sensitive data from processors.HackRead Shared .
Food-Supply Giant Americold Admits CyberattackThe filing was brief and read in part: "As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations& Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all...Threatpost Shared .
IoT Cybersecurity Improvement Act Passed, Heads to President's DeskSecurity experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.Threatpost Shared .
Android messaging app with 100M users found exposing messagesAccording to the Play Store, the Go SMS Pro app is highly popular among Android users with more than 100 million users.HackRead Shared .
Cyberup campaign: 80% of infosec pros fear they might fall foul of UK's outdated Computer Misuse ActRuth Edwards, the Conservative MP for Rushcliffe in Nottingham, said in a new report issued today: "I know from my time in this industry that there are now real concerns among the cyber security community that this law is impeding professionals' ability to protect the nation from the ever-evolving range of cyber threats we face, and preventing...The Register Shared .
APT Exploits Microsoft Zerologon Bug: Targets Japanese CompaniesThreat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims' networks.Threatpost Shared .
Top 50 vendors and products by security vulnerabilitiesWith the help of CVE Details security vulnerability database, we've tracked the number of distinct vulnerabilities across the top 50 vendors and products from 1999 to 2019.Comparitech Shared .
Best VPNs for California in 2020: Get a California IP AddressWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
S3 Ep7: When ransomware crooks get a big fat zero!In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver.Naked Security Shared .
Evolution of Emotet: From Banking Trojan to Malware DistributorThe Hacker News Shared .
Commons Committee spells out Japan deal digital risksThe Commons International Trade Select Committee today has politely and clearly signalled that the shift in data protection provisions put forward in the Japan-UK Trade Deal is meaningful.Open Rights Group Shared .
How to watch Grey's Anatomy on Netflix in 2020We are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Researchers Warn of Critical Flaws Affecting Industrial Automation SystemsThe Hacker News Shared .
Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keysDKIM 'makes us all more vulnerable to extortion, blackmail,' argues Green.The Register Shared .
9 Best Next-Gen FirewallsWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to Secure MS Azure Step-by-Step and Best Azure Monitoring ToolsWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
How to Secure MongoDB Step-by-step and Best MongoDB Monitoring ToolsWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
China-linked hacking gang ‘APT10' named as probable actor behind extended attacks on Japanese companiesCampaign even targeted branch offices inside China and sought secrets of automotive and engineering companies.The Register Shared .
Create a Reverse Shell Using a Fake MP4 FileIn our latest video, we're showing how hackers can take advantage of flaws in common Linux file system managers to modify a video to run malicious code, phoning back to a hacker's server and running commands.Null Byte Shared .
Widespread Scans Underway for RCE Bugs in WordPress WebsitesEpsilon serves as the foundation for multiple third-party WordPress themes. Multiple recently patched security bugs in the framework could be chained together to allow remote code-execution and site takeovers, researchers said.Threatpost Shared .
Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passworNo, it's real: a cyberespionage crew operating against Southeast Asian governments. President Trump fires US CISA Director Krebs.The CyberWire Shared .
LAPD Bans Facial Recognition, Citing Privacy ConcernsThe department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.Threatpost Shared .
The SledgehammerThis week, we have the pleasure of welcoming the newest member of the CRA/Security Weekly family, Adrian Sanabria!Paul's Security Weekly Shared .
Cisco Webex 'Ghost' Flaw Opens Meetings to SnoopingCisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.Threatpost Shared .
Heads up: A new strain of card-skimming Grelos malware is on the looseMagecart variant has changed and you should be alert, warns RiskIQ.The Register Shared .
How AI Is powering a new generation of cyber-attacksIntelligence agencies have already clued into AI's potential as a hacking tool. The Defense Advanced Research Projects Agency held an AI-powered hacking challenge in 2016 to explore how the technology could automate both attack and defence techniques.The Register Shared .
How to Watch the Fresh Prince of Bel-Air Reunion Online FreeWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Google Chrome 87 Closes High-Severity 'NAT Slipstreaming' HoleOverall Google's Chrome 87 release fixed 33 security vulnerabilities.Threatpost Shared .
How to Optimize Your App Settings for PrivacyIn order to protect users' privacy, developers must keep their apps' security in mind and put their apps through regression testing.HackRead Shared .
Vulnerability in Bumble dating app risked data of 100 million usersIt took Bumble 255 days to respond and fix some of the vulnerabilities reported by the researcher.HackRead Shared .
Trump Fires Security Chief Christopher KrebsPresident Trump on Tuesday fired his top election security official Christopher Krebs. The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud.Krebs on Security Shared .
The ones who brought you Let's Encrypt, bring you: Tools for gathering anonymized app usage metrics from netizensTech tackles two things: 'Aggregate statistics to improve an application, maintain the privacy of the people'The Register Shared .
Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain worldHere's the latest Sophos Threat Report - learn what cybercriminals are up to on Windows, Linux, Android and more.Naked Security Shared .
Firing of CISA Chief Christopher Krebs Widely CondemnedPresident Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.Threatpost Shared .
How to set up an OpenVPN client in pfSenseWe are reader supported and may earn a commission when you buy through links on our site.Comparitech Shared .
Test and Trace chief Dido Harding prompted to self-isolate by NHS COVID-19 appThreatens plenty of Zoom sessions in the days ahead... just as well they've updated security in recent weeks.The Register Shared .
Use This Ultimate Template to Plan and Monitor Your Cybersecurity BudgetsThe Ultimate Security Budget Excel Template - The Easiest Way to Plan and Monitor your Security Spending.The Hacker News Shared .