Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Alleged Child Porn Lord Faces US Extradition In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring - 33-year-old Freedom Hosting operator Eric Eoin Marques - was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This…
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
Why Phone Numbers Stink As Identity ProofPhone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on…
Ad Network Sizmek Probes Account BreachOnline advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access…
Patch Tuesday, March 2019 EditionMicrosoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws…
Insert Skimmer + Camera Cover PIN StealerVery often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad privacy cover, or an all-in-one skimmer…
Russian APT groups target European governments ahead of May Elections Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. According to experts from FireEye, Russia-linked APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) and Sandworm Team (also TeleBots) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The activity of the Russia-linked groups is…
Medtronic’s implantable heart defibrillators vulnerable to hack The U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators. Multiple vulnerabilities in the heart defibrillators could be exploited by attackers to remotely control the devices, potentially putting the lives of patients at risk. An implantable cardioverter-defibrillator (ICD) is a device implantable inside the human…
Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 series Cisco released security updates to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco released security patches to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco IP Phone 8800 series are business desk phones…
Pwn2Own 2019 Day 2 – Hackers earned $270,000 for Firefox, Edge hacks On the second day of the Pwn2Own 2019 hacking competition, white hat hackers earned a total of $270,000 for exploits against the Mozilla Firefox and Microsoft Edge web browsers. Day 2 at Pwn2Own 2019 hacking competition – White hat hackers earned $270,000 for exploits against the Mozilla Firefox and Microsoft Edge browsers. The security duo…
FIN7 is back with a previously unseen SQLRat malware The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak) used new malware in a recent hacking campaign. The group that has been active since late 2015 targeted businesses worldwide to…
Facebook passwords stored in plain text, hundreds of millions users affected News problems for Facebook that admitted to have stored the passwords of hundreds of millions of users in plain text. Facebook revealed to have stored the passwords of hundreds of millions of users in plain text, including passwords of Facebook Lite, Facebook, and Instagram users. “As part of a routine security review in January, we…
South Korea – 1,600 guests at 30 motels secretly live streamed Four people from South Korea are accused of secretly live streaming, and selling videos made with spy-cam installed in 42 motel rooms at 30 motels in 10 cities in South Korea. According to the media, 1600 motel guests between November 24 and March 2 were spied by the indicted individuals that now face up to…
Pwn2Own 2019 Day 1 – participants hacked Apple, Oracle, VMware products Pwn2Own 2019 hacking competition is started and participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation on the first day. As you know I always cover results obtained by white hat hackers at hacking competitions, for this reason, today I’ll share with you the results of the first day of the Pwn2Own 2019. Pwn2Own…
Experts found a critical vulnerability in the NSA Ghidra tool A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is…
[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies LockerGoga is the most active ransomware, experts warns it focuses on targeting companies and bypass AV signature-based detection. LockerGoga ransomware is a crypto-malware that loads the malicious file on the system from an infected email attachment. This threat is very critical these days, and it is the most active ransomware that focuses on targeting companies. Altran and Norsk Hydro are two companies severely…
MyPillow and Amerisleep are the latest victims of Magecart gangs Security experts at riskIQ revealed today that another two organizations were victims of Magecart crime gang, the bedding retailers MyPillow and Amerisleep. Security experts at RiskIQ announced that the two bedding retailers MyPillow and Amerisleep were victims of the Magecart cybercrime gang. The Magecart umbrella includes at least 11 different hacking crews that has been active at least since…
Putty users have to download a new release that fixes 8 flaws PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws The popular SSH client program PuTTY has released an important software update to address eight high-severity security vulnerabilities. PuTTY is one of the most popular open-source software that allows users to access computers over SSH, Telnet, and Rlogin network protocols. The popular SSH client program…
SimBad malware infected million Android users through Play StoreSecurity experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store. According to experts, more than 150 million users were already impacted. SimBad disguises itself…
Google white hat hacker found new bug class in WindowsJames Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers. Google Project Zero hacker James Forshaw discovered a new class of flaws that reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges.…
The Document that Microsoft Eluded AppLocker and AMSIExperts analyzed an Office document containing a payload that is able to bypass Microsoft AppLocker and Anti-Malware Scan Interface (AMSI), Introduction Few days ago, during intel sources monitoring operation, the Cybaze-Yoroi ZLAB team encountered an interesting Office document containing some peculiarities required a deeper analysis: its payload includes techniques suitable to bypass modern Microsoft security mechanisms…
Malicious Payload Evasion Techniques with Advanced Exploitation Frameworks Sophisticated threats are Evolving with much more advanced capabilities and giving more pain for analysis even evade the advanced security software such as Antivirus. This comparison is made by the payload ability to bypass the default security frameworks accessible on Windows machines and antivirus systems available, searching for an approach to get a payload that…
Load Balancer – How Does it Work With Reconnaissance Phase During Penetration Testing? Load Balancer basically helps to distribute the network traffic across the multiple servers to improve the network, application performance. the Reconnaissance work on target to find out target domain has a load balancer so that penetration testing does not misdirect your probs or attacks. So Its recommended to check the domain has a Load balancer,…
Two Found Guilty in Online Dating, BEC Scheme Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
Pwn2Own 2019 – Firefox, Edge, Windows, VMware Hacked – Ethical Hackers Earned $270,000 USD in Day 2 In the second day of Pwn2Own 2019 contest, Ethical Hackers compromised Microsoft Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits. The first day, 2 teams of researchers and 2 independent researchers have been made $240,000 USD by reporting 9 zero-day bugs in Safari, VMware,…
Security Lessons from My Game Closet In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
Organized Cybercrime – Hacker Groups Work Together To Distribute Banking Malware Globally The banking malware considered a top threat, it allows a malware developer an easy way to gain access to someone and cause serious damage. According to the reports, the cybercrime costs more than $600 billion in 2017 and for 2018 predicted $1.5 trillion in losses. Hacker groups continue to exchange their scripts, tactics, and techniques…
Cisco Released Security Updates – Vulnerable Cisco Devices Let Hackers Execute an Arbitrary Code Cisco released security updates with the fixes for several vulnerabilities that affected Cisco products that allow attackers to execute arbitrary code in vulnerable Cisco devices. It consists of 10 vulnerabilities that affected different Cisco products in which, all the vulnerabilities are categorized under “High” severity. A remote code execution CVE-2019-1716 vulnerability that exists in the…
13-year-old School Student Hacked the Teachers Account To Steal Students Data A 13-year-old student accused of using his teacher’s credentials to get into his district school system to steal the fellow student’s personal details and created a site with a “hit-list” of names, school ID numbers, and dates of births. He posted the students personal information of his fellow students in a website, saying that he…
Facebook Stored Hundreds of Millions of Users Password in Plain Text Facebook Stored their hundreds of millions of users password in plain text instead of masking it as a human-readable format. These millions of unencrypted plain text passwords are accessible by thousands of internal Facebook employees. But the further investigation conducted by Facebook reveals there is no indication that any of the Facebook employees are abused…
Businesses Manage 9.7PB of Data but Struggle to Protect It What's more, their attempts to secure it may be putting information at risk, a new report finds.
Facebook Employees for Years Could See Millions of User Passwords in Plain Text 
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
Microsoft Brings Defender Security Tools to Mac Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
DNS Security: How to Reduce the Risk of a DNS Attack Domain Name System or DNS is one of the foundational elements of the entire internet; however, unless you specialize in networking, you probably don’t realize how important it is. DNS is essentially like a phone book of numbers that computers use for communication. Specifically, these numbers are IP addresses. This directory is stored on domain…
Pwn2Own 2019 – Apple Safari, VirtualBox, VMware Hacked – Ethical Hackers Earned $240,000 by Submitting Zero-day’s Trend Micro’s Zero Day Initiative (ZDI) vulnerability research contest Pwn2Own 2019 Successfully started its first-day contest and the team of researchers earned $240,000 in the first day alone for the successful zero-day Submissions. Trend Micro announced $1 million in cash and prizes through the contest for the researchers who submit the zero days the specific…
The Week in Ransomware - March 22nd 2019 - LOCKERGOGA! 
Under Trump, America increasingly loses its global lead The United States is no longer driving the conversation on some of the biggest issues facing the world, both short- and long-term. Instead, foreign nations are making the decisions. Why it matters: America is losing its position as the global arbiter for international norms — from airline safety to online privacy to the response to…
Majority of bitcoin trading is a hoax, new study finds New research is casting even more doubt on the legitimacy of bitcoin trading. An analysis published by Bitwise this week shows that 95 percent of bitcoin spot trading is faked by unregulated exchanges. The survey, first reported by The Wall Street Journal, echoes concerns by regulators that cryptocurrency markets are still ripe for manipulation. Bitwise,…
Bitcoin Price @ $10,000: BitMEX CEO Predicts Strong Gains in Q4 2019 On BitMEX Crypto Trader Digest, BitMEX CEO Arthur Hayes reaffirmed his prediction for bitcoin, foreseeing the dominant cryptocurrency achieving $10,000 in price by the end of 2019. Previously, in mid-2018, when the sentiment around bitcoin was still generally optimistic, Hayes said that the asset had not found its bottom and is likely to fall below…
New Zealanders honor attack victims with "headscarves for harmony" 
High-wind warning issued at Mackinac Bridge 
Jared Kushner's Using WhatsApp for White House Business Is 'Far More Egregious' Than Hillary Clinton's Emails, Cybersecurity Expert Says Jared Kushner’s alleged use of WhatsApp to talk about White House business with foreign governments is dangerous, a cyber-security and intelligence expert warned, because it leaves him exposed to spies. Kushner is President Donald Trump’s son-in-law and a White House adviser on foreign policy, influencing key decisions particularly on Middle East policy and speaking with…
The Tor Project Enables Cryptocurrency Donation Support Regardless of how one wants to look at things, it has become apparent Tor plays a growing role of importance in the cryptocurrency world. A lot of privacy-oriented projects tend to rely on Tor in terms of maintaining privacy and anonymity. In a somewhat surprising turn of events, the Tor project now accepts various cryptocurrencies…
Racist meme subcultures under fresh scrutiny after the Christchurch terror attack 
8 Useful Browser Extensions for Cryptocurrency Users Bitcoin.
How the world's longest-serving leaders keep power, and hand it over The only president Kazakhstan has known since independence is stepping aside, though not really down. The big picture: With Nazarbayev’s surprise announcement, Algeria’s Abdelaziz Bouteflika ending his re-election bid, and Sudan’s Omar al-Bashir wobbling in the face of mass protests, the time feels ripe to take a look at the current world leaders who’ve held power…
- Facebook passwords stored in plain text, hundreds of millions users affected News problems for Facebook that admitted to have stored the passwords of hundreds of millions of users in plain text. Facebook revealed to have stored the passwords of hundreds of millions of users in plain text, including passwords of Facebook Lite, Facebook, and Instagram users.
Switzerland Moves Forward to Fit Cryptocurrency Into Traditional Regulations 
Democrat Presidential Candidates Aren't Taking Even A Basic Step To Ensure Their Emails Aren't Hacked Again Democrats believe that hacked emails from Hillary Clinton’s 2016 campaign led to her losing the election (it certainly couldn’t have been that she ignored warning signs in Blue states like Michigan and Wisconsin). But as 2020 approaches, the Party isn’t even taking rudimentary steps to ensure their emails aren’t hacked again. While Russians are considered…
- Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
Pwn2Own 2019 Day 3: Experts hacked Tesla 3 browser Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser. Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal. The security experts Amat Cama and Richard Zhu of team…- Russian APT groups target European governments ahead of May Elections Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. According to experts from FireEye, Russia-linked APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) and Sandworm Team (also TeleBots) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The activity of the Russia-linked groups is…
- Medtronic’s implantable heart defibrillators vulnerable to hack The U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators. Multiple vulnerabilities in the heart defibrillators could be exploited by attackers to remotely control the devices, potentially putting the lives of patients at risk. An implantable cardioverter-defibrillator (ICD) is a device implantable inside the human…
- Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 series Cisco released security updates to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco released security patches to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco IP Phone 8800 series are business desk phones…
- Pwn2Own 2019 Day 2 – Hackers earned $270,000 for Firefox, Edge hacks On the second day of the Pwn2Own 2019 hacking competition, white hat hackers earned a total of $270,000 for exploits against the Mozilla Firefox and Microsoft Edge web browsers. Day 2 at Pwn2Own 2019 hacking competition – White hat hackers earned $270,000 for exploits against the Mozilla Firefox and Microsoft Edge browsers. The security duo…
- FIN7 is back with a previously unseen SQLRat malware The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak) used new malware in a recent hacking campaign. The group that has been active since late 2015 targeted businesses worldwide to…
- Facebook passwords stored in plain text, hundreds of millions users affected News problems for Facebook that admitted to have stored the passwords of hundreds of millions of users in plain text. Facebook revealed to have stored the passwords of hundreds of millions of users in plain text, including passwords of Facebook Lite, Facebook, and Instagram users. “As part of a routine security review in January, we…
- South Korea – 1,600 guests at 30 motels secretly live streamed Four people from South Korea are accused of secretly live streaming, and selling videos made with spy-cam installed in 42 motel rooms at 30 motels in 10 cities in South Korea. According to the media, 1600 motel guests between November 24 and March 2 were spied by the indicted individuals that now face up to…
- Pwn2Own 2019 Day 1 – participants hacked Apple, Oracle, VMware products Pwn2Own 2019 hacking competition is started and participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation on the first day. As you know I always cover results obtained by white hat hackers at hacking competitions, for this reason, today I’ll share with you the results of the first day of the Pwn2Own 2019. Pwn2Own…
- Experts found a critical vulnerability in the NSA Ghidra tool A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is…
- [SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies LockerGoga is the most active ransomware, experts warns it focuses on targeting companies and bypass AV signature-based detection. LockerGoga ransomware is a crypto-malware that loads the malicious file on the system from an infected email attachment. This threat is very critical these days, and it is the most active ransomware that focuses on targeting companies. Altran and Norsk Hydro are two companies severely…
- MyPillow and Amerisleep are the latest victims of Magecart gangs Security experts at riskIQ revealed today that another two organizations were victims of Magecart crime gang, the bedding retailers MyPillow and Amerisleep. Security experts at RiskIQ announced that the two bedding retailers MyPillow and Amerisleep were victims of the Magecart cybercrime gang. The Magecart umbrella includes at least 11 different hacking crews that has been active at least since…
- Putty users have to download a new release that fixes 8 flaws PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws The popular SSH client program PuTTY has released an important software update to address eight high-severity security vulnerabilities. PuTTY is one of the most popular open-source software that allows users to access computers over SSH, Telnet, and Rlogin network protocols. The popular SSH client program…
- SimBad malware infected million Android users through Play StoreSecurity experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store. According to experts, more than 150 million users were already impacted. SimBad disguises itself…
- Google white hat hacker found new bug class in WindowsJames Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers. Google Project Zero hacker James Forshaw discovered a new class of flaws that reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges.…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...