Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Two issues in Zoom could have allowed code execution Researchers from Cisco Talos disclosed two critical flaws in the Zoom software that could have allowed attackers to hack into the systems via chat. Zoom is one of the most popular video-conferencing software, every day it is used by millions of users, especially during the COVID outbreak. Cybersecurity researchers from Cisco Talos have disclosed two critical vulnerabilities…
Tor Browser 9.5 is available for download, with new interesting features Tor Browser 9.5 includes important security updates to Firefox, users on desktop will be able to opt-in for using onion sites automatically whenever the website makes them available. Starting with the release of Tor Browser 9.5, new features will make accessing onion addresses easier. Now, there is also an opt-in mechanism available for websites that want Tor…
Sodinokibi ransomware gang launches auction site to sell stolen data REvil /Sodinokibi ransomware operators launch an auction site to sell data stolen from victims that have chosen to not pay the ransom. Sodinokibi ransomware operators are very active in this period, a few days after the gang has leaked the files allegedly stolen from the UK power grid middleman Elexon it has announced to launch…
Russia-linked APT exploited at least 3 Exim flaws in recent attacks Several flaws in the Exim mail transfer agent (MTA) have been exploited by Russia-linked hackers, hundreds of thousands of servers are still unpatched. Russia-linked threat actors have exploited several vulnerabilities in the Exim mail transfer agent (MTA) in their campaigns. Last week, the U.S. National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team has been…
SecurityAffairs awarded as Best European Cybersecurity Technical Blog I’m proud to announce that SecurityAffairs was awarded as Best European Cybersecurity Technical Blog at European Cybersecurity Blogger Awards. The winners of the annual European Cybersecurity Blogger Awards have been announced. With over a 1000 names put forward, the shortlists for the 12 awards were put to the public vote, and winners were announced via…
IP-in-IP flaw affects devices from Cisco and other vendors A flaw in the IP-in-IP tunneling protocol that can be exploited for DoS attacks and to bypass security controls impact devices from Cisco and other vendors. A vulnerability that affects the IP-in-IP tunneling protocol (aka IP Encapsulation within IP) implemented by Cisco and other vendors could be exploited for denial-of-service (DoS) attacks and to bypass…
There was no data breach in the cyberattack against Minneapolis Police Last week a massive distributed denial-of-service (DDoS) attack shut down the websites and systems of Minneapolis, but there is no evidence of a breach. Over the weekend, Anonymous demanded justice for George Floyd and threatened to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck…
Apple fixes CVE-2020-9859 zero-day used in recent Unc0ver jailbreak This week Apple released security patches to address the CVE-2020-9859 zero-day vulnerability that had been used to jailbreak iPhones devices. Apple released security patches to address the CVE-2020-9859 zero-day vulnerability in the iOS kernel that had been used to jailbreak iPhones. The flaw was discovered by a team of cyber-security researchers and hackers that also…
Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure Researchers disclosed a flaw in VMware Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers. Security researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers. VMware Cloud Director is a cloud service-delivery platform…
Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman The REvil/Sodinokibi ransomware operators have leaked the files allegedly stolen from the UK power grid middleman Elexon. In May Elexon, a middleman in the UK power grid network, was the victim of a cyber attack, its systems have been infected with the Sodinokibi ransomware. The incident impacted only affected the internal IT network, including the…
Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. The bug hunter Bhavuk Jain received an award of $100,000 by Apple, as part of its bug bounty program, for reporting a severe…
VMware addresses Fusion flaw introduced in the attempt to fix CVE-2020-3950 issue VMware has released an update to address a privilege escalation flaw in VMware for the macOS version of Fusion that was introduced by a previous patch. In March, VMware patched a high-severity privilege escalation vulnerability (CVE-2020-3950) in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The CVE-2020-3950 is a privilege escalation vulnerability caused by the…
The team behind the Joomla CMS discloses a data breachMaintainers at the Joomla open-source content management system (CMS) announced a security breach that took place last week. Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site (resources.joomla.org) on an unsecured Amazon Web Services S3 bucket operated by the company. The company did not…
KingNull leaks DB of Daniel’s Hosting dark web hosting providerEarlier this year a hacker breached Daniel’s Hosting, the largest free web hosting provider for dark web hidden services and now leaked its DB. A threat actor has leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider for dark web hidden services. The hacker has stolen the data in March when…
Anonymous demands justice for George Floyd and threatens attacksThe hacktivist collective group Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck for more than eight minutes.…
New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages Security researchers from Talos discovered two vulnerabilities with the popular Zoom video chatting that allows a malicious user in the conference to execute arbitrary code on victims’ machines. Zoom is a popular video conferencing software across the globe that are used by individuals across the globe to work from and to stay in touch with…
Critical VMware Cloud Director Bug Let Hackers Complete Take Over the Corporate Server Infrastructure Recently, a group of security researchers at Citadelo has revealed a new vulnerability in VMware Cloud Director, a leading cloud service-delivery platform that could potentially allow an attacker to access sensitive data and control private clouds within the infrastructure. The security researchers have marked the flaw as ‘CVE-2020-3956‘, even they have also claimed that the…
Chasing RobbinHood: Up Close with an Evolving Threat A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.
Many Exchange Servers Are Still Vulnerable to Remote Exploit A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.
A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left Recently, security researchers have discovered a very distinct software bug that is marked as a very critical software bug, as it turns an airplane in the wrong way. Nav Canada firstly identified this bug in 2017 on a Bombardier CRJ-200, which makes the aircraft to switch to the wrong way, in short, this bug turns…
Joomla Team Discloses Data Breach – 2,700 Individuals Were Affected Joomla is a popular free and open-source content management system used for publishing web content. The team behind the CMS discloses the data breach last week. The incident happens after a team member left an unencrypted full backup of the JRD site on an unsecured Amazon Web Services S3 bucket. The company said that more…
Hackers Behind the TrickBot Malware Updates Their New Propagation Module “Nwrom” he hackers behind the TrickBot Malware has updated their new propagation module known as “Nwrom.” As people are very familiar with the TrickBot malware, but this time, it appears with a new propagation module. Now many of you must be thinking that what is different about this propagation module? It is a spreading module that…
Apple Pays Researcher $100,000 for Critical Vulnerability Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
$100,000 Bounty Apple Zero-day Bug in “Sign in with Apple” Let Hackers Take Takeover of Apple User AccountsIndian Security researcher found a critical Zero-day vulnerability in “Sign in with Apple” let hackers take over the third-party application accounts by just having their Email ID. Very Similar to OAuth 2.0, Apple’s “sign in with Apple” helping the user to sign in to their third-party apps and websites faster using their Apple ID without filling…
Most Important Network Penetration Testing Tools for Hackers and Security ProfessionalsNetwork Security tools for Penetration testing is more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Network Security Tools list that covers Performing Penetration testing Operation in all the Environment. Learn :Master in Ethical Hacking & Penetration Testing Online – Scratch to Advance Level…
HackerOne Paid $100 Million in Bug Bounties to Ethical HackersHackerOne declared that hackers have earned $100 million in bug bounties on the HackerOne platform. Hackers have become an essential part of the security environment. They are participating worldwide, sharing awareness, their techniques, and much more. “We started out as a couple of hackers in the Netherlands with a crazy belief that people like us…
Cyber Threat Actors Hacked Cisco Servers by Exploiting SaltStack VulnerabilitiesRecently, the attackers hacked a number of Cisco Systems servers using the Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) platform; it’s a service that allows users to create and test network topologies (the consortium of the elements of a network) without installing the device. In this attack, the cybercriminals have exploited the critical vulnerabilities…
A New York Man Charged for Hacking Credit Card Using SQL Injection AttacksA New York City man Vitalii Antonenko, 28, was charged for hacking, credit card trafficking, and money laundering. Antonenko was arrested in March 2019 and detained for money laundering charges after he returned from Ukraine with computers and other digital goods that hold thousands of stolen payment card numbers. SQL Injection to Steal Payment Card…
- Two issues in Zoom could have allowed code execution Researchers from Cisco Talos disclosed two critical flaws in the Zoom software that could have allowed attackers to hack into the systems via chat. Zoom is one of the most popular video-conferencing software, every day it is used by millions of users, especially during the COVID outbreak. Cybersecurity researchers from Cisco Talos have disclosed two critical vulnerabilities…
- Tor Browser 9.5 is available for download, with new interesting features Tor Browser 9.5 includes important security updates to Firefox, users on desktop will be able to opt-in for using onion sites automatically whenever the website makes them available. Starting with the release of Tor Browser 9.5, new features will make accessing onion addresses easier. Now, there is also an opt-in mechanism available for websites that want Tor…
- Sodinokibi ransomware gang launches auction site to sell stolen data REvil /Sodinokibi ransomware operators launch an auction site to sell data stolen from victims that have chosen to not pay the ransom. Sodinokibi ransomware operators are very active in this period, a few days after the gang has leaked the files allegedly stolen from the UK power grid middleman Elexon it has announced to launch…
- Russia-linked APT exploited at least 3 Exim flaws in recent attacks Several flaws in the Exim mail transfer agent (MTA) have been exploited by Russia-linked hackers, hundreds of thousands of servers are still unpatched. Russia-linked threat actors have exploited several vulnerabilities in the Exim mail transfer agent (MTA) in their campaigns. Last week, the U.S. National Security Agency (NSA) warned that Russia-linked APT group tracked Sandworm Team has been…
- SecurityAffairs awarded as Best European Cybersecurity Technical Blog I’m proud to announce that SecurityAffairs was awarded as Best European Cybersecurity Technical Blog at European Cybersecurity Blogger Awards. The winners of the annual European Cybersecurity Blogger Awards have been announced. With over a 1000 names put forward, the shortlists for the 12 awards were put to the public vote, and winners were announced via…
- IP-in-IP flaw affects devices from Cisco and other vendors A flaw in the IP-in-IP tunneling protocol that can be exploited for DoS attacks and to bypass security controls impact devices from Cisco and other vendors. A vulnerability that affects the IP-in-IP tunneling protocol (aka IP Encapsulation within IP) implemented by Cisco and other vendors could be exploited for denial-of-service (DoS) attacks and to bypass…
- There was no data breach in the cyberattack against Minneapolis Police Last week a massive distributed denial-of-service (DDoS) attack shut down the websites and systems of Minneapolis, but there is no evidence of a breach. Over the weekend, Anonymous demanded justice for George Floyd and threatened to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck…
- Apple fixes CVE-2020-9859 zero-day used in recent Unc0ver jailbreak This week Apple released security patches to address the CVE-2020-9859 zero-day vulnerability that had been used to jailbreak iPhones devices. Apple released security patches to address the CVE-2020-9859 zero-day vulnerability in the iOS kernel that had been used to jailbreak iPhones. The flaw was discovered by a team of cyber-security researchers and hackers that also…
- Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure Researchers disclosed a flaw in VMware Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers. Security researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers. VMware Cloud Director is a cloud service-delivery platform…
- Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman The REvil/Sodinokibi ransomware operators have leaked the files allegedly stolen from the UK power grid middleman Elexon. In May Elexon, a middleman in the UK power grid network, was the victim of a cyber attack, its systems have been infected with the Sodinokibi ransomware. The incident impacted only affected the internal IT network, including the…
- Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. The bug hunter Bhavuk Jain received an award of $100,000 by Apple, as part of its bug bounty program, for reporting a severe…
- VMware addresses Fusion flaw introduced in the attempt to fix CVE-2020-3950 issue VMware has released an update to address a privilege escalation flaw in VMware for the macOS version of Fusion that was introduced by a previous patch. In March, VMware patched a high-severity privilege escalation vulnerability (CVE-2020-3950) in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The CVE-2020-3950 is a privilege escalation vulnerability caused by the…
- The team behind the Joomla CMS discloses a data breachMaintainers at the Joomla open-source content management system (CMS) announced a security breach that took place last week. Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site (resources.joomla.org) on an unsecured Amazon Web Services S3 bucket operated by the company. The company did not…
- KingNull leaks DB of Daniel’s Hosting dark web hosting providerEarlier this year a hacker breached Daniel’s Hosting, the largest free web hosting provider for dark web hidden services and now leaked its DB. A threat actor has leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider for dark web hidden services. The hacker has stolen the data in March when…
- Anonymous demands justice for George Floyd and threatens attacksThe hacktivist collective group Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck for more than eight minutes.…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
