Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
773M Password ‘Megabreach’ is Years OldMy inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it "the largest collection ever of…
“Stole $24 Million But Still Can’t Keep a Friend”Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims. The lurid details, made public in a civil lawsuit filed this week by one of his alleged victims, paints a chilling picture of a man addicted…
Courts Hand Down Hard Jail Time for DDoSSeldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014.…
Secret Service: Theft Rings Turn to Fuze CardsStreet thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns.
Patch Tuesday, January 2019 EditionMicrosoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in…
Dirt-Cheap, Legit, Windows Software: Pick TwoBuying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.
Russian hacker Alexander Zhukov extradited by Bulgaria to US Bulgaria has extradited a Russian hacker that was indicted by a US court for mounting a sophisticated hacking scheme to the United States. According to the Russian embassy in Washington, the Russian hacker Alexander Zhukov was extradited on January 18. The Russian embassy has chosen to disclose the news on the VK social network, the…
Security Affairs newsletter Round 197 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! TA505 Group adds new ServHelper Backdoor and FlawedGrace…
DarkHydrus adds Google Drive support to its RogueRobin Trojan Security experts attributed new malicious campaigns to the DarkHydrus APT group (aka Lazy Meerkat), threat actors used a new variant of the RogueRobin Trojan and leveraged Google Drive as an alternative C2 channel. DarkHydrus was first discovered by experts at Palo Alto Networks’ Unit 42 team in July when the group carried out attacks aimed at…
“Collection #1” Data Breach Analysis – Part 1 Cybersecurity expert Marco Ramilli has analyzed the huge trove of data, called Collection #1, that was first disclosed by Troy Hunt. Few weeks ago I wrote about “How Data Breaches Happen“, where I shared some public available “pasties” within apparently (not tested) SQLi vulnerable websites. One of the most famous data breaches in the past…
6 Reasons We Need to Boost Cybersecurity Focus in 2019 Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals, too. For people who still need some convincing that cybersecurity is an essential point of focus,…
A bug in Microsoft partner portal ‘exposes ‘ support requests to all partners A bug in Microsoft partner portal ‘exposes ‘ support requests to all partners, fortunately, no customer data was exposed. The Register in exclusive reported that Microsoft partner portal ‘exposed ‘every’ support request filed worldwide.’ Tickets submitted from all over the world were exposed to all Microsoft support partners due to the glitch. “At the moment…
ES File Explorer vulnerabilities potentially impact 100 Million Users Security expert Robert Baptiste (akaElliot Alderson) discovered a vulnerability (CVE-2019-6447) in the ES File Explorer that potentially expose hundreds of million Android installs. The ES File Explorer is an Android file manager that has over 100,000,000 installs and more than 500 million users worldwide according to its developer. Baptiste discovered that the application uses a local…
Fallout Exploit Kit now includes exploit for CVE-2018-15982 Flash zero-day Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability. The Fallout Exploit kit was discovered at the end…
Android apps use the motion sensor to evade detection and deliver Anubis malware Security experts from Trend Micro have recently spotted two Android apps that use the motion sensor to evade detection and spread the Anubis banking Trojan. Malware authors continue to improve their malicious apps to avoid detection and infect the largest number of users. Security experts from Trend Micro have recently spotted two Android apps in…
Oracle critical patch advisory addresses 284 flaws, 33 critical Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload, disclosed in November…
Twitter fixed a bug in its Android App that exposed Protected Tweets A bug in the Twitter app for Android may have had exposed tweets, the social media platform revealed on Thursday. The bug in the Android Twitter app affects the “Protect my Tweets” option from the account’s “Privacy and safety” settings that allows viewing user’s posts only to approved followers. People who used the Twitter app…
Attacks in the wild leverage flaw in ThinkPHP Framework Threat actors in the wild are leveraging a recently discovered flaw in the ThinkPHP PHP framework to install cryptominers, skimmers, and other malware. Multiple threat actors are leveraging a recently discovered code execution vulnerability (CVE-2018-20062) in the ThinkPHP framework. The flaw was already addressed by the Chinese firm TopThink that designed the framework, but security expert Larry…
Collection #1 dump, 773 million emails, 21 million passwordsThe popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses…
Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way…
South Korea: hackers compromised Defense Acquisition Program Administration PCsSouth Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration. Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement. The news was confirmed by the South Korea Ministry of National Defense. “It has been turned out that 30 computers installed…
Most Important Cyber Incident Response Tools List for Ethical Hackers and Penetration Testers Cyber Incident Response Tools are more often used by security industries to test the vulnerabilities and provide an emergency incident response to compromised network and applications and helps to take the appropriate mitigation steps. Here you can find the Comprehensive Cyber Incident Response Tools list that covers to use in various types of incident response…
Hackers Launching Fallout Exploit Kit with New Flash Exploits That Delivers GandCrab Ransomware One of the dangerous Fallout exploit kit now back to form with various new futures and delivering one of the widely distributed Ransomware GandCrab. Attackers using malvertising chain to ditributing the Fallout exploit kit since Jan 2015 via adult websites. Unlike past infection that discovered back to 2018, current distribution contain new futures including HTTPS…
Most Important Web Server Penetration Testing Checklist Web server pen testing performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities. 1. “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web server along with this to work through all of the different application Vulnerabilities.…
ES File Explorer Vulnerabilities Puts 100 Million Users Data at Risk The ES File Explorer is the most popular android file manager that has more than 500 million users worldwide according to the app developer. The app available on Google play since 2014, it help’s in managing your Android phone and tablet. French security researcher who goes online with online handle Elliot Alderson discovered a vulnerability…
XSSer – Automated Web Pentesting Framework Tool to Detect and Exploit XSS vulnerabilities XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable for XSS. An attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by the victim who is visiting the target site [Read More]. Cross Site “Scripter” (aka XSSer) is an automatic framework…
African Financial Institutions Targeted by Hackers With Multiple Malware and Living off the Land Tactics Attackers targeted west African financial institutions with generic malware and with living off the land tools. The attack appears to be from the mid of 2017 and the recent one was on December 2018. The hacker group behind the attacks still remain unknown and the attacks targeted organizations in Cameroon, Congo (DR), Ghana, Equatorial Guinea,…
Pirate Bay Downloaders Beware!! – Hackers Launching Dangerous Malware via Torrent Files Piratebay users are now being victimized by malware and phishing attack that hijacking the websites and steal the cryptocurrencies. A researcher who was trying to download a torrent from Piratebay, a torrent file drops .LNK shortcut file contained a CozyBear malware along with dangerous PowerShell commands. Piratebay is one of the worlds leading torrents site with…
Hackers Launching Ransomware and CryptoMiner via Love_You MalSpam Campaign The worst alliance of Ransomware and the CryptoMiner family in a spread spree, early January 2019. Malware Spam or MalSpam is the term used to designate malware that is delivered via email messages. Malicious spam (MalSpam) using zipped JavaScript (.js) files as email attachments–this is a well-established tactic used by cybercriminals to distribute malware. The…
VC Investments in Cybersecurity Hit Record Highs in 2018 But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
USBStealer – Password Hacking Tool For Windows Machine Applications to Perform Windows Penetration Testing USBStealer is a Windows Based Password Stealing Tool that helps to Extract the password from Windows Based Applications such as Chrome Password, FireFox Password, NetPassword, Admin passwords of the Windows Computer. The vast majority of the general population realize that windows stores a large portion of its passwords on everyday schedule, Such as delegate passwords,…
8 Tips for Monitoring Cloud Security Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
GCHQ-Certified Cyber Incident Planning and Response Training From experienced UK based practitioner India now has over 400 GCHQ-Certified Cyber Incident Planning and Response professionals and Cyber Management Alliance are delighted to be returning to India for three exclusive UK GCHQ-Certified Cyber Incident Planning and Response programs to be deliver in Bengaluru, Mumbai and Delhi (in partnership with Microsoft) in February 2019. For further details and information on…
Hundreds of E-commerce Websites Injected with Skimming Code That Steals Payment card Data Hundreds of E-commerce sites infected with the malicious skimming code that steals the customer payment card from checkout pages. The malicious code found inserted with number of e-commerce websites providing various services such as ticketing, touring, flight booking services and shopping cart sites. According to TrendMicro analysis report, 277 e-commerce sites found injected with the…
Two Hackers Arrested Linked to DDoS Attacks Face Jail up to Six Years Two young hackers arrested for launching DDoS attacks on several critical Ukraine sources including the city of Mariupol and several other educational institutions. The DDoS attacks aims in exhausting the resource of a network, application or service that leads an organization to face the various technical impacts. Ukraine police arrested two young hackers 21- and…
2 Android Apps From Google Play Store Launching Banking Malware With Sophisticated Evasion TechniquesResearchers discovered 2 Malicious Android apps from Google Play Store that drops Anubis banking malware with highly obfustication techniques. The malicious apps posed as a legitimate tool with the name of Currency Converter and BatterySaverMobi and also attackers posted a fake review and boasted a score of 4.5 stars. Google Play store continuously flooding with…
Cryptocurrency GIFs: Animations That Capture the Mood of the Markets The cryptocurrency ecosystem is filled with unique individuals with a penchant for sharing dank memes. Besides an arsenal of killer graphics that depict the current mood of the markets, they’re also equipped with a wide variety of animated GIFs to virally share across social media and messaging platforms like Telegram. Also read: Cryptocurrency Memes: The Only…
The Six Ways To Make Money Mining Cryptocurrency Are Equally Surprising Fear not: this is the second of a two-part article. In this part, I discuss the most popular crypto mining business models – that is, ways to make money mining. Crypto like Bitcoin are intentionally set up with an automatic, decentralized mechanism that creates Bitcoin out of thin air to provide rewards to miners for…
- Russian hacker Alexander Zhukov extradited by Bulgaria to US Bulgaria has extradited a Russian hacker that was indicted by a US court for mounting a sophisticated hacking scheme to the United States. According to the Russian embassy in Washington, the Russian hacker Alexander Zhukov was extradited on January 18.
Top Cryptocurrency Debit Cards of 2019: Best Bitcoin Payment Provider Options to Use The list of merchants that accept crypto coins is still expanding slowly, but there are already various pleasant possibilities where you can buy stuff with Bitcoins. And more so, the Blockchain ecosystem is proving to be trustworthy which pursued some companies to produce Bitcoin debit cards. The card costs $20 to produce and has no…
Army Chief General Bipin Rawat slams Pakistan for waging proxy war, says ‘don't see peace on the horizon’ New Delhi: Army Chief General Bipin Rawat attacked Pakistan promoting cross border terrorism and said the neighbour on the western sector has been indulging in a proxy war for the past 30 years. General Rawat further said there is no scope for peace anywhere in the near future and therefore the armed forces have to…
How Bitcoin Blockchain’s Social Layer and Users Improve the Cryptocurrency World During the last year, cryptocurrencies have been in a bear trend that affected the whole industry. Several companies were not able to keep operating while others were just scams. Meanwhile, the number of active users in crypto exchanges experienced a decline during the last year. Cryptocurrencies expanded in the market as digital assets that do…
Macon-Bibb Co., sheriff's website hacked Macon Weather Summary: 41 degrees Macon-Bibb County posted a statement on their Facebook page explaining what happened and their efforts to better secure the websites affected. The post says their main passwords have been changed, and they are in the process of changing all user passwords. The county says they 'have not found evidence that…
How to hack Indian EVMs? US cyber expert set to demonstrate to a live London audience The Indian Journalists’ Association (Europe) is organising the event and says the unnamed expert is an EVM designer. Election Commission sticks to its stand. New Delhi: Less than three months before the parliamentary elections, the Europe chapter of the Indian Journalists’ Association (IJA) is set to demonstrate how electronic voting machines (EVMs) can be hacked.…
Hacked Customer Data From World Leading Cryptocurrency Exchanges For Sale On The Dark Web? On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.
Bank Bot Anubis Found Again in Google Play Store The BankBot trojan, Anubis has once again affected users of the Google Play Store. This occurred when users downloaded a battery power saving app, BatterySaverMobi and currency converter app, Currency Converter. It affected users worldwide, with Japan impacted the most. Anubis is a trojan that moves within a users device undetected, stealing data relating to the user. It hides…
United Arab Emirates and Saudi Arabia Collaborate on New Cryptocurrency The United Arab Emirates and Saudi Arabia announced an agreement to cooperate on the creation of a cryptocurrency.
- ES File Explorer Vulnerabilities Puts 100 Million Users Data at Risk The ES File Explorer is the most popular android file manager that has more than 500 million users worldwide according to the app developer. The app available on Google play since 2014, it help’s in managing your Android phone and tablet.
Your online life can be sold for less than Dh138 to cybercriminals Residents in the UAE are being urged not to post too much personal data on social media as it can attract cybercriminals, who could sell this information for less than $50(Dh138). The study, carried out by the cybersecurity firm Kaspersky Lab, shows that cybercriminals could sell a person's entire digital life, including stolen data from…
Your digital life can be sold for less than Dh138 to cybercriminals Residents in the UAE are being urged not to post too much personal data on social media as it can attract cybercriminals, who could sell this information for less than $50(Dh138). The study, carried out by the cybersecurity firm Kaspersky Lab, shows that cybercriminals could sell a person's entire digital life, including stolen data from…
Wyoming Looks Determined to Legalize Bitcoin as Money 00:00 Follow Bitcoinist on social media to keep up-to-date with the latest news! We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.
- Russian hacker Alexander Zhukov extradited by Bulgaria to US Bulgaria has extradited a Russian hacker that was indicted by a US court for mounting a sophisticated hacking scheme to the United States. According to the Russian embassy in Washington, the Russian hacker Alexander Zhukov was extradited on January 18. The Russian embassy has chosen to disclose the news on the VK social network, the…
- Security Affairs newsletter Round 197 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! TA505 Group adds new ServHelper Backdoor and FlawedGrace…
- DarkHydrus adds Google Drive support to its RogueRobin Trojan Security experts attributed new malicious campaigns to the DarkHydrus APT group (aka Lazy Meerkat), threat actors used a new variant of the RogueRobin Trojan and leveraged Google Drive as an alternative C2 channel. DarkHydrus was first discovered by experts at Palo Alto Networks’ Unit 42 team in July when the group carried out attacks aimed at…
- “Collection #1” Data Breach Analysis – Part 1 Cybersecurity expert Marco Ramilli has analyzed the huge trove of data, called Collection #1, that was first disclosed by Troy Hunt. Few weeks ago I wrote about “How Data Breaches Happen“, where I shared some public available “pasties” within apparently (not tested) SQLi vulnerable websites. One of the most famous data breaches in the past…
- 6 Reasons We Need to Boost Cybersecurity Focus in 2019 Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals, too. For people who still need some convincing that cybersecurity is an essential point of focus,…
- A bug in Microsoft partner portal ‘exposes ‘ support requests to all partners A bug in Microsoft partner portal ‘exposes ‘ support requests to all partners, fortunately, no customer data was exposed. The Register in exclusive reported that Microsoft partner portal ‘exposed ‘every’ support request filed worldwide.’ Tickets submitted from all over the world were exposed to all Microsoft support partners due to the glitch. “At the moment…
- ES File Explorer vulnerabilities potentially impact 100 Million Users Security expert Robert Baptiste (akaElliot Alderson) discovered a vulnerability (CVE-2019-6447) in the ES File Explorer that potentially expose hundreds of million Android installs. The ES File Explorer is an Android file manager that has over 100,000,000 installs and more than 500 million users worldwide according to its developer. Baptiste discovered that the application uses a local…
- Fallout Exploit Kit now includes exploit for CVE-2018-15982 Flash zero-day Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability. The Fallout Exploit kit was discovered at the end…
- Android apps use the motion sensor to evade detection and deliver Anubis malware Security experts from Trend Micro have recently spotted two Android apps that use the motion sensor to evade detection and spread the Anubis banking Trojan. Malware authors continue to improve their malicious apps to avoid detection and infect the largest number of users. Security experts from Trend Micro have recently spotted two Android apps in…
- Oracle critical patch advisory addresses 284 flaws, 33 critical Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload, disclosed in November…
- Twitter fixed a bug in its Android App that exposed Protected Tweets A bug in the Twitter app for Android may have had exposed tweets, the social media platform revealed on Thursday. The bug in the Android Twitter app affects the “Protect my Tweets” option from the account’s “Privacy and safety” settings that allows viewing user’s posts only to approved followers. People who used the Twitter app…
- Attacks in the wild leverage flaw in ThinkPHP Framework Threat actors in the wild are leveraging a recently discovered flaw in the ThinkPHP PHP framework to install cryptominers, skimmers, and other malware. Multiple threat actors are leveraging a recently discovered code execution vulnerability (CVE-2018-20062) in the ThinkPHP framework. The flaw was already addressed by the Chinese firm TopThink that designed the framework, but security expert Larry…
- Collection #1 dump, 773 million emails, 21 million passwordsThe popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses…
- Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way…
- South Korea: hackers compromised Defense Acquisition Program Administration PCsSouth Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration. Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement. The news was confirmed by the South Korea Ministry of National Defense. “It has been turned out that 30 computers installed…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...