Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
773M Password ‘Megabreach’ is Years Old My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it "the largest collection ever of…
“Stole $24 Million But Still Can’t Keep a Friend” Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims. The lurid details, made public in a civil lawsuit filed this week by one of his alleged victims, paints a chilling picture of a man addicted…
Courts Hand Down Hard Jail Time for DDoSSeldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014.…
Secret Service: Theft Rings Turn to Fuze CardsStreet thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns.
Patch Tuesday, January 2019 EditionMicrosoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in…
Dirt-Cheap, Legit, Windows Software: Pick TwoBuying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.
Collection #1 dump, 773 million emails, 21 million passwords The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses…
Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6 Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way…
South Korea: hackers compromised Defense Acquisition Program Administration PCs South Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration. Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement. The news was confirmed by the South Korea Ministry of National Defense. “It has been turned out that 30 computers installed…
Unprotected server of Oklahoma Department of Securities exposes millions of government files A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. It…
Critical bug in Amadeus flight booking system affects 141 airlines A critical flaw in online flight ticket booking system developed by Amadeus could impact almost half of the fight travelers of 141 airlines around the world A critical flaw in online flight ticket booking system developed by Amadeus could be exploited by a remote attacker to access and modify travel details and claim his frequent…
GreyEnergy: Welcome to 2019 Early January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015. The Cybaze-Yoroi ZLAB researchers dissected this…
I swiped right, Viewing sensitive data cached in your Safari browser. By using multi-gesture trackpad along with Safari browser in MacBook Pro, one can view sensitive data which is cached in your Safari browser. (Note: This is not a back button browsing vulnerability) I figured out this issue while playing around with Safari browser, looks like the most recent activity of any authenticated or un-authenticated website is stored in…
Multiple Fortnite flaws allowed experts to takeover players’ accounts Security researchers at Check Point have discovered several flaws in the popular game Fortnite that could be exploited to takeover gamers’account. Security experts at Check Point discovered several issues in the popular online battle game Fortnite. One of the flaws is an OAuth account takeover vulnerability that could have allowed a remote attacker to takeover…
Experts link attack on Chilean interbank network Redbanc NK Lazarus APT Researchers from Flashpoint linked the recently disclosed attack on Chilean interbank network Redbanc to the North Korean APT group Lazarus. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware…
Cranes, drills and other industrial machines exposed to hack by RF protocols Researchers from Trend Micro have analyzed the communication protocols used by cranes and other industrial machines and discovered several flaws. Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines. The experts found vulnerabilities in products from several vendors, including Saga, Juuko, Telecrane,…
A flaw in vCard processing could allow hackers to compromise a Win PC A security expert discovered a zero-day flaw in the processing of VCard files that could be exploited by a remote attacker to compromise a Windows PC The security expert John Page (@hyp3rlinx), discovered a zero-day vulnerability in the processing of VCard files that could be exploited by a remote attacker, under certain conditions, to hack Windows…
Too many issues in Pentagon networks expose it to cybersecurity risks A new security assessment conducted by the Defense Department Inspector General revealed that the Pentagon is still exposed to many cyber risks, The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity‑related recommendations still unresolved in the Pentagon infrastructure. This means that…
Mozilla will disable Adobe Flash by default starting from Firefox 69 Starting from Firefox 69, Mozilla will disable Adobe Flash by default, a process that aims to completely remove the support for the popular plugin. Mozilla announced that the Firefox 69 will no longer support Adobe Flash due to a large number of serious flaws exploited by hackers in attacks across the years. The decision was…
German Watchdog will request Facebook changesGerman watchdog is going to ask Facebook changes to protect privacy and personal information of its users. The news was first reported by the German newspaper Bild am Sonntag, German regulators are going to request Facebook changes in its platforms aimed at protecting privacy and personal data of its users. The German watchdog want to…
Unsecured MongoDB archive exposed 202 Million private resumesSecurity expert discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. The huge trove of data belongs to job seekers in China, its records include personal…
2 Android Apps From Google Play Store Lunching Banking Malware With Sophisticated Evasion Techniques Researchers discovered 2 Malicious Android apps from Google Play Store that drops Anubis banking malware with highly obfustication techniques. The malicious apps posed as a legitimate tool with the name of Currency Converter and BatterySaverMobi and also attackers posted a fake review and boasted a score of 4.5 stars. Google Play store continuously flooding with…
Microsoft Launches New Azure DevOps Bug Bounty Program A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.
Pentesting with Killcast Tool to Manipulate Chromecast Devices in Your Network Recently HackerGiraffe and j3ws3r hijacked more than 70,000 Chromecasts to make people aware about the security risks of devices exposed to internet and promoted Pewdiepie. They took advantage of exposed UPnP ports of home routers to hijack Chromecast devices and play their content. Inspired from this hack, thewhiteh4t has created killcast, an open source tool…
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
773 Million Credentials of Email & Password leaked in Massive Data Breach – Biggest Data Dump Ever Found on a Decade Welcome to the Massive Data breach of 2019, around 773 million datas contains email addresses and passwords were breached and circulated in hacker forums. This data breach seems to be bigger and critical than earlier breaches like “Equifax” and “Marriott International“. Let’s have a look into This Massive Data Breach The data set was first…
A Scary Evolution & Alliance of TrickBot, Emotet and Ryuk Ransomware Attack Ryuk first appeared in August 2018, and while not incredibly active across the globe, at least three organizations were hit with Ryuk infections over the course of the first two months of its operations, landing the attackers about $640,000 in ransom for their efforts. According to CrowdStrike analysis from late last week, Grim Spider has…
Chrome Extension That Steals Credit Cards Numbers Detected On Web Store A chrome extension that still available on Chrome Web Store steals the payment card information from website forms visited by the users. The extension found to be active form February 2018, and the extenstion hidden from regular searches and will be available only through the link that attackers use to spread. Malicious extension named Reader…
How to Make a Dedicated Development Center with Cyber Security Principles Are you looking for a team that can help find cyber attacks and issues in your network and eliminates them? Learn how to do so with this quick guide. Making high-quality software starts with great people, but it can be complicated finding them. Since the tech industry is a highly competitive field, it’s more important…
Oklahoma Data Leak Compromises Years of FBI Data The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
Fortnite Players Compromised Via Epic Games Vulnerability Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Fortnite Players at Risk Via Epic Games Vulnerability Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Oracle Released Biggest Security Updates – 284 Vulnerabilities are Fixed that Affected Oracle Products Oacle released one of the biggest security updates with the fixes for 284 security vulnerabilities that affected Oracle products. There are 93 different products and versions are affected with various level of vulnerabilities and released an update for users. Affected products including Enterprise Manager, Java SE, MySQL, JD Edwards, Oracle Supply Chain Products, Database, E-Business…
Cyber Security is Not an Easy Game for CISO – It’s an Absolute End Game! Let’s breakdown the little pieces and the critical dots to connect in the perspective of a CISO and a point-of-view from CyberSpace. The threats and the risks are potentially increasing in Cyber Space and no organization is 100% safe, every CISO should follow the “Zer0-Trust” model over their organization and their security team. Digital Data…
141 Airlines Worldwide Affected by Biggest Security Vulnerability – Tens of Millions of Flight Travelers Affected Researchers discovered a major security vulnerability in online flight ticket booking system that affected almost half of the fight travelers around the world. The Vulnerability was discovered by Noam Rotem , an Isreal security researcher when he was trying to book a flight in ELAL Israel Airlines. He uncovered this critical flaw in the widely…
BlackRouter Ransomware Promoted as a RaaS by Iranian Developer 
The Option To Pick Up Online Purchases In Stores Is A Boon For Scammers 
NanoCore Trojan Malware Cannot be Killed By Users - 773M Password ‘Megabreach’ is Years Old My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it "the largest collection ever of…
- Collection #1 dump, 773 million emails, 21 million passwords The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder.
Ongoing Attacks Hit West African Financial Institutions Since Mid-2017 Cyber-attacks that have been ongoing since at least mid-2017 hit financial institutions in West Africa, Symantec security researchers report.
The Hottest Cryptocurrency, Tron, Rekindles Memories of the Bitcoin Bubble 
Android Apps Steal Banking Info, Use Motion Sensor to Evade Detection Bipartisan Bill Introduced to Ban Sale of US Tech to Chinese Companies Banks in West Africa Hit with Off-The-Shelf Malware, Free Tools MageCart Skimmer Hits Hundreds of Sites In Ad Supply Chain Attack Flaw in Telegram Reveals Awful OpSec from Malware Author Microsoft Launches Azure DevOps Bounty Program Fake GPS Apps with 50M Installs Just…
Updated: Computer virus impacting HSN is not ransomware: spokesperson 
American Companies Can Now Settle Payroll Taxes In Cryptocurrency via Bitwage International cryptocurrency payroll service provider Bitwage has announced that it has partnered with Texas-based Simply Efficient HR. The move will allow companies to pay W2 employee and payroll taxes in all 50 U.S. states, plus Puerto Rico, using BTC and ETH. Also Read: Bitpay Reports Processing Over $1 Billion Transactions in 2018 With Bitwage’s solution…
Pessimism Pervades World Economic Forum Annual Survey The annual World Economic Forum (WEF) Global Risks Perception Survey this year again includes two cybersecurity risks in the top five perceived long-term (10-year) risks. It is the same five as last year, although the order has changed. 'Data fraud or theft' is still considered the fourth risk, but 'cyber-attacks' have dropped from third to…
- Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6 Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code.
Security in an IoT World: Your Big Data Problem is Getting Bigger It’s that time of year for prediction articles and the number has become almost overwhelming. This year, one of the trending topics I’ve noticed is the growth in Internet of Things (IoT) and connected devices and an expected surge in cyber risks. Technology vendors, industry analysts and government experts are all pointing to the need…
The record-breaking government shutdown is putting the US at risk of a major cyber attack The ongoing US government shutdown is putting the nation at serious risk of cyber attack, since as thousands of employees that monitor the nation's defense systems are not at work. Experts warn that the country is at greater risk of falling victim to a major attack and falling behind in the cyber arms race, as…
MIT, Stanford Academics Design Cryptocurrency to Better Bitcoin
- Collection #1 dump, 773 million emails, 21 million passwords The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses…
- Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6 Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way…
- South Korea: hackers compromised Defense Acquisition Program Administration PCs South Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration. Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement. The news was confirmed by the South Korea Ministry of National Defense. “It has been turned out that 30 computers installed…
- Unprotected server of Oklahoma Department of Securities exposes millions of government files A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. It…
- Critical bug in Amadeus flight booking system affects 141 airlines A critical flaw in online flight ticket booking system developed by Amadeus could impact almost half of the fight travelers of 141 airlines around the world A critical flaw in online flight ticket booking system developed by Amadeus could be exploited by a remote attacker to access and modify travel details and claim his frequent…
- GreyEnergy: Welcome to 2019 Early January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015. The Cybaze-Yoroi ZLAB researchers dissected this…
- I swiped right, Viewing sensitive data cached in your Safari browser. By using multi-gesture trackpad along with Safari browser in MacBook Pro, one can view sensitive data which is cached in your Safari browser. (Note: This is not a back button browsing vulnerability) I figured out this issue while playing around with Safari browser, looks like the most recent activity of any authenticated or un-authenticated website is stored in…
- Multiple Fortnite flaws allowed experts to takeover players’ accounts Security researchers at Check Point have discovered several flaws in the popular game Fortnite that could be exploited to takeover gamers’account. Security experts at Check Point discovered several issues in the popular online battle game Fortnite. One of the flaws is an OAuth account takeover vulnerability that could have allowed a remote attacker to takeover…
- Experts link attack on Chilean interbank network Redbanc NK Lazarus APT Researchers from Flashpoint linked the recently disclosed attack on Chilean interbank network Redbanc to the North Korean APT group Lazarus. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware…
- Cranes, drills and other industrial machines exposed to hack by RF protocols Researchers from Trend Micro have analyzed the communication protocols used by cranes and other industrial machines and discovered several flaws. Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines. The experts found vulnerabilities in products from several vendors, including Saga, Juuko, Telecrane,…
- A flaw in vCard processing could allow hackers to compromise a Win PC A security expert discovered a zero-day flaw in the processing of VCard files that could be exploited by a remote attacker to compromise a Windows PC The security expert John Page (@hyp3rlinx), discovered a zero-day vulnerability in the processing of VCard files that could be exploited by a remote attacker, under certain conditions, to hack Windows…
- Too many issues in Pentagon networks expose it to cybersecurity risks A new security assessment conducted by the Defense Department Inspector General revealed that the Pentagon is still exposed to many cyber risks, The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity‑related recommendations still unresolved in the Pentagon infrastructure. This means that…
- Mozilla will disable Adobe Flash by default starting from Firefox 69 Starting from Firefox 69, Mozilla will disable Adobe Flash by default, a process that aims to completely remove the support for the popular plugin. Mozilla announced that the Firefox 69 will no longer support Adobe Flash due to a large number of serious flaws exploited by hackers in attacks across the years. The decision was…
- German Watchdog will request Facebook changesGerman watchdog is going to ask Facebook changes to protect privacy and personal information of its users. The news was first reported by the German newspaper Bild am Sonntag, German regulators are going to request Facebook changes in its platforms aimed at protecting privacy and personal data of its users. The German watchdog want to…
- Unsecured MongoDB archive exposed 202 Million private resumesSecurity expert discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. The huge trove of data belongs to job seekers in China, its records include personal…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...