Your Business and Cyber Threat Daily
Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
The iPhone 11 Pro’s Location Data Puzzler One of the more curious behaviors of Apple's new iPhone 11 Pro is that it intermittently seeks the user's location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company's own…
It’s Way Too Easy to Get a .gov Domain NameMany readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and…
Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant ChainsOn Nov. 23, one of the cybercrime underground's largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and…
Hidden Cam Above Bluetooth Pump SkimmerTiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I'd never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I'm not alone. "I believe…
110 Nursing Homes Cut Off from Health Records in Ransomware AttackA ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company's owner says she fears this incident could soon…
China used the Great Cannon DDoS Tool against forum used by Hong Kong protestors China is accused to have used the “Great Cannon” DDoS tool to launch attacks against LIHKG, a forum used by Hong Kong residents to organize protests. The Great Cannon Distributed Denial of Service (DDoS) tool was used again by the Chinese government, this time it was used to target the LIHKG forum used by Hong Kong protesters to…
CyrusOne, one of the major US data center provider, hit by ransomware attack Ransomware attacks continue to threaten organizations worldwide, CyrusOne, one of the biggest data center providers in the US, is facing with an infection. A new ransomware attack made the headlines, systems at CyrusOne, one of the biggest data center providers in the US, were infected by the malware. The company reported the incident to law…
The evolutions of APT28 attacks Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International…
Iran-Linked APT groups target energy, industrial sectors with ZeroCleare Wiper Experts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file) that has been used in highly targeted…
Two malicious Python libraries were stealing SSH and GPG keys The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two tainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers.…
Mozilla removed 4 Avast and AVG extensions for spying on Firefox users Mozilla has removed four extensions from Avast and AVG from the Firefox site that are suspected to track user activity online. Four Avast and AVG Firefox extensions have been removed from Mozilla Addons Site over concerns of spying of users. “This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained…
Talos experts found a critical RCE in GoAhead Web Server Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and…
A flaw in Microsoft OAuth authentication could lead Azure account takeover A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365…
Website of gunmaker Smith & Wesson hit by a Magecart attack The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal…
Experts discovered DLL hijacking issues in Kaspersky and Trend Micro solutions Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. Researchers from SafeBreach discovered several vulnerabilities in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application products that could be exploited by hackers for DLL preloading, code execution, and privilege escalation. The first issue in…
Ohio Election Day cyber attack attempt traced Russian-Owned Company Ohio detected and neutralized a cyber attack against its election systems earlier this month, it was traced to a Russian-owned company. Ohio officials thwarted a cyber attack against its election infrastructure earlier this month, the state’s elections chief announced. According to the Republican Secretary of State Frank LaRose, the cyber attack was “relatively unsophisticated” and…
StrandHogg Vulnerability exploited by tens of rogue Android Apps Security experts disclosed a vulnerability dubbed StrandHogg that has been exploited by tens of malicious Android apps. Security experts at Promon disclosed a vulnerability, dubbed StrandHogg, that has been exploited by tens of malicious Android apps. The name StrandHogg comes from an old Norse term that refers to a tactic adopted by the Vikings that…
Europol seized 30,506 Internet domain names for IP InfringementEuropol announced another success in the fight against cybercrime, the agency shut down 30,506 Internet domain names for distributing counterfeit and pirated items. Europol announced the shutdown of 30,506 Internet domain names for distributing counterfeit and pirated items as part of the ‘In Our Sites’ (IOS) operation launched in 2014. The success is the result…
Clop Ransomware attempts to disable Windows Defender and MalwarebytesExperts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. The malicious code executes a small program, just before starting the encryption…
TrueDialog database leaked online tens of millions of SMS text messagesMillions of SMS messages have been leaked by a database run by TrueDialog, a business SMS provider for businesses and higher education providers. Security experts at vpnMentor discovered a database belonging to the US communications company, TrueDialog that was leaking millions of SMS messages. Most of the SMS included in the database were sent by…
Microsoft Defender ATP Brings EDR Capabilities to macOS Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
Two Malicious Python Packages Steal SSH and GPG Keys Exists in the Python Package Index for a Year The python security team has removed two malicious python packages that introduced with the Python Package Index (PyPI) aimed to steal SSH and GPG keys from the infected developer projects. PyPI is a python repository that helps to locate and install the software developed and shared by the Python community. It includes Over 113,000 Python…
Wireshark 3.0.7 Released – Fixes for Security Vulnerabilities & Update for BGP, IEEE 802.11, TLS Protocols Wireshark 3.0.7 released with a number of security updates and fixed several other bugs that reside in the Wireshark components. Wireshark also updated Protocol Support for various protocols such as BGP, HomePlug AV, IEEE 802.11, and TLS. Wireshark is known as the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development,…
Iranian Hackers Launching New Disk-wiping Malware “ZeroCleare” To Bypass The Windows Controls & Crash Network Disks Researchers discovered a new wave of destructive attack by the Iranian hacker group using disk-wiping malware “ZeroCleare” to wipe the MBR and damage disk partitions on a large number of networked devices. ZeroCleare malware attacks various industries such as energy and industrial sectors mainly in the Middle East, and malware believed to be developed and…
What's in a Botnet? Researchers Spy on Geost Operators The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
Microsoft Issues Advisory for Windows Hello for Business An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
Attackers Can Circumvent Outlook Homepage Flaw FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
Attackers Continue to Exploit Outlook Home Page Flaw FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
Firefox 71 : Roll Out With New VPN Service (FPN) for $4.99 – Firefox Blocked 1 Trillion Tracking Request To Date Firefox 71 rolls out with new features that including VPN services called FPN (Firefox Private Network) beta version for $4.99/month and rolling out Picture-in-Picture available in all video sites. Firefox announced Enhanced Tracking Protection in January that blocked more than 1 Trillion tracking requests to date including third-party tracking cookies and crypto mining by default. With this…
Critical Vulnerability in Microsoft Azure Let Hackers Take Over the Complete Control of the Azure Accounts Researchers discovered a critical vulnerability in Microsoft Azure named “BlackDirect” that allows attackers to take over the Azure user’s accounts and creating the Token with the victim’s permissions. The vulnerability specifically affected Microsoft’s OAuth 2.0 applications that allow malicious attacker access and control a victim’s account “OAuth is a protocol for authorization that is commonly…
When Data Theft Is an Inside Job From the University of Nebraska in the U.S. to a leading Canadian credit union, and a dustup between Tesla Motors and China’s Alibaba, insider data theft is trending in IT security anxiety. Insider data theft isn’t new, but it’s a growing problem for organizations of all types and sizes. That’s because personal and business data…
PyXie – A Python RAT Escalate The Windows Admin Privilege to Deliver Ransomware, MITM Attack, Keylogging & Steal Cookies Researchers discovered a previously unknown fully-featured Python RAT called”PiXie” escalate the Windows admin privilege to the ransomware in the healthcare and education industries. PyXie initially observed in 2018, since then it targets various industries and now deployed in an ongoing campaign via Cobalt Strike beacons as well as a downloader. Researchers observed the strong evidence that…
TrickBot Expands in Japan Ahead of the Holidays Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.
When Rogue Insiders Go to the Dark Web Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.
Smith & Wesson Is Magecart's Latest Target Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday.
China used the Great Cannon DDoS Tool against forum used by Hong Kong protestors China is accused to have used the “Great Cannon” DDoS tool to launch attacks against LIHKG, a forum used by Hong Kong residents to organize protests. The Great Cannon Distributed Denial of Service (DDoS) tool was used again by the Chinese government, this time it was used to target the LIHKG forum used by Hong Kong protesters to…
CyrusOne, one of the major US data center provider, hit by ransomware attack Ransomware attacks continue to threaten organizations worldwide, CyrusOne, one of the biggest data center providers in the US, is facing with an infection. A new ransomware attack made the headlines, systems at CyrusOne, one of the biggest data center providers in the US, were infected by the malware. The company reported the incident to law…
The evolutions of APT28 attacks Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International…
Iran-Linked APT groups target energy, industrial sectors with ZeroCleare Wiper Experts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file) that has been used in highly targeted…
Two malicious Python libraries were stealing SSH and GPG keys The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two tainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers.…
Mozilla removed 4 Avast and AVG extensions for spying on Firefox users Mozilla has removed four extensions from Avast and AVG from the Firefox site that are suspected to track user activity online. Four Avast and AVG Firefox extensions have been removed from Mozilla Addons Site over concerns of spying of users. “This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained…
Talos experts found a critical RCE in GoAhead Web Server Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and…
A flaw in Microsoft OAuth authentication could lead Azure account takeover A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365…
Website of gunmaker Smith & Wesson hit by a Magecart attack The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal…
Experts discovered DLL hijacking issues in Kaspersky and Trend Micro solutions Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. Researchers from SafeBreach discovered several vulnerabilities in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application products that could be exploited by hackers for DLL preloading, code execution, and privilege escalation. The first issue in…
Ohio Election Day cyber attack attempt traced Russian-Owned Company Ohio detected and neutralized a cyber attack against its election systems earlier this month, it was traced to a Russian-owned company. Ohio officials thwarted a cyber attack against its election infrastructure earlier this month, the state’s elections chief announced. According to the Republican Secretary of State Frank LaRose, the cyber attack was “relatively unsophisticated” and…
StrandHogg Vulnerability exploited by tens of rogue Android Apps Security experts disclosed a vulnerability dubbed StrandHogg that has been exploited by tens of malicious Android apps. Security experts at Promon disclosed a vulnerability, dubbed StrandHogg, that has been exploited by tens of malicious Android apps. The name StrandHogg comes from an old Norse term that refers to a tactic adopted by the Vikings that…
Europol seized 30,506 Internet domain names for IP InfringementEuropol announced another success in the fight against cybercrime, the agency shut down 30,506 Internet domain names for distributing counterfeit and pirated items. Europol announced the shutdown of 30,506 Internet domain names for distributing counterfeit and pirated items as part of the ‘In Our Sites’ (IOS) operation launched in 2014. The success is the result…
Clop Ransomware attempts to disable Windows Defender and MalwarebytesExperts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. The malicious code executes a small program, just before starting the encryption…
TrueDialog database leaked online tens of millions of SMS text messagesMillions of SMS messages have been leaked by a database run by TrueDialog, a business SMS provider for businesses and higher education providers. Security experts at vpnMentor discovered a database belonging to the US communications company, TrueDialog that was leaking millions of SMS messages. Most of the SMS included in the database were sent by…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…