Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records -- including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction…
Legal Threats Make Powerful Phishing LuresSome of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days -- or else. Here's a look at a recent spam campaign that…
Account Hijacking Forum OGusers HackedOgusers[.]com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.
Feds Target $100M ‘GozNym’ Cybercrime NetworkLaw enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name.
A Tough Week for IP Address ScammersIn the early days of the Internet, there was a period when Internet Protocol 4 (IPv4) addresses (e.g. 4.4.4.4) were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out the prized digits. With the…
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. The vulnerability (CVE-2019-0709) resides…
First American Financial exposed 16 years’ worth of personal and financial documents The US real-estate insurance biz, First American Financial, accidentally leaked customers’ highly personal files online, hundreds of millions of documents. The US real-estate insurance company First American Financial Corp. accidentally leaked hundreds of millions of documents. The company has more than 18,000 employees and brought in more than $5.7 billion in 2018. Roughly 885 million insurance-related documents…
Hacker breached Perceptics, a US maker of license plate readers Perceptics, a maker of vehicle license plate scanning solutions used in the US, has been hacked, attackers stole data and offered for free on the dark web. Perceptics is a leader in license plate readers (LPRs), license plate recognition systems and vehicle identification products. The company was hacked and attackers stole data and offered business…
Sectigo says that most of certificates reported by Chronicle analysis were already revoked According to Sectigo, most of the certificates used to sign the malware submitted to VirusTotal and issued by the company were expired and were already revoked. This week experts at Chronicle published a study on signed malware registered on VirusTotal that states that most of the digital certificates used to sign malware samples found on…
Security Affairs newsletter Round 215 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” https://www.surveymonkey.com/r/EUBloggerAwards2018 Dutch intelligence investigate alleged Huawei ‘backdoor Salesforce…
Remarks on NATO and its approach to the cyber offensive This week NATO Secretary General Jens Stoltenberg explained during a conference at the Cyber Defence Pledge conference in London how the Alliance is countering cyber threats. This week during the Cyber Defence Pledge conference in London, NATO Secretary General Jens Stoltenberg explained how the Alliance is countering cyber threats. Stoltenberg declared that NATO is pushing…
Police seized Bestmixer, the mixing service washed at least $200 million in a year European law enforcement seized and shut down Bestmixer.io for reportedly laundering over $200 million in cryptocurrency. This week the Europol has dealt another blow to cybercrime, the European police along with the Dutch Fiscal Information and Investigation Service (FIOD), and Luxembourg authorities shut down Bestmixer.io, on one of the world’s leading cryptocurrency mixing services. A…
Hackers target MySQL databases to deliver the GandCrab ransomware Security experts at Sophos have detected a wave of attacks targeting Windows servers that are running MySQL databases with the intent of delivering the GandCrab ransomware Sophos researchers have observed a wave of attacks targeting Windows servers that are running MySQL databases, threat actors aim at delivering the GandCrab ransomware. This is the first time…
0patch issued a micropatch to address the BlueKeep flaw in always-on servers 0patch, released a security patch to address the BlueKeep vulnerability, that can be deployed by administrators to protect always-on servers. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS vulnerability dubbed BlueKeep that can be exploited to carry out WannaCry-like attack. The issue is a remote code execution flaw in Remote Desktop…
GitHub introduces new tools and security features to secure code GitHub announced the introduction of several new tools and security features to help developers secure their code. The popular code repository hosting service GitHub continues its efforts in helping its customers in developing and maintaining a secure code. “Ninety-nine percent of new software projects depend on open source code. This extensive code reuse helps everyone…
Snapchat staff used internal tools to spy on users Snapchat internal staff has allegedly abused their role in the company to spy on Snapchat users using and internal tools and steal data. Snapchat is a multimedia messaging app that makes pictures, videos, and messages (snaps) available for a short time before they become inaccessible to their recipients. Initially, it was only allowing person-to-person photo sharing, but now…
How Hackers Access Direct Deposit Paycheck — And What to Do About It Getting your paycheck deposited directly into your bank account seems like a handy solution but in some cases. hackers can access them. Getting your paycheck deposited directly into your bank account seems like a handy solution because you don’t have to pick up the check from your workplace and take it to the bank to…
US DoJ’s superseding indictment charges Assange with violating Espionage Act The United States Department of Justice charges WikiLeaks founder Julian Assange with 18 counts on the alleged violation of the Espionage Act. A federal grand jury returned an 18-count superseding indictment that charges WikiLeaks founder Julian Assange with counts related to illegally obtaining and disclosing classified information. British authorities arrested Assange on April 11 at the…
Chronicle’s study reveals CAs that issued most certificates to sign malware samples on VirusTotalMost of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo). Chronicle’s security researchers have analyzed…
Facebook says it took down 2.19 billion accounts in Q1 2019Social network giant Facebook revealed it recently disabled billions of accounts operated by “bad actors” and that five percent of active accounts are fake. The news is disconcerting, but sincerely not so surprising, Facebook announced it recently disabled billions of accounts operated by “bad actors” and that five percent of its active accounts are fake.…
PoC Exploits for CVE-2019-0708 wormable Windows flaw released onlineSeveral security experts have developed PoC exploits for wormable Windows RDS flaw tracked as CVE-2019-0708 and dubbed BlueKeep. Experts have developed several proof-of-concept (PoC) exploits for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep. One of the PoC exploits could be used for remote code execution on vulnerable…
Pentesting OS BlackArch Linux New Version 2019.06.01 Released with 2200 Hacking Tools A Penetration Testing OS BlackArch Linux 2019.06.01 Released with new ISOs and OVA image and set of high-quality updates for Penetration testers. BlackArch Linux is one of the Powerful Arch Linux-based penetration testing distribution which contains around 2200 Hacking tools. BlackArch Linux one of the widely using Distributions by hackers, penetration testers, and security researchers…
Fancy Bear APT Hackers Owned Zebrocy Malware Opens Backdoor on Victims Machine to Control it Remotely Cybercriminals from Sednit group, also known as Fancy Bear, APT28, Sofacy launching new Zebrocy Malware that indented to open backdoor on the targeted machine to gain the remote access. The sednit hacking group operates since 2004, the threat operators from this group employed a verity of hacking tools to perform its espionage operations. Researchers from…
BlueKeep RCE Vulnerability in Remote Desktop Protocol Let Hackers Hijack Target Computers Without Login Credentials Bluekeep a wormable critical RCE vulnerability in Remote desktop services let hackers access the vulnerable machine without authentication. As vulnerability is wormable, it could rapidly compromise millions of machine in a short period. Successful exploitation of the vulnerability allows a remote attacker to run arbitrary code on the target system, and the attacker can install…
Hackers Now Using Stolen NSA Hacking Tool to Attack U.S Government Networks Cybercriminals now attack the U.S government and shut down the network systems using EternalBlue, one of the most powerful hacking Tool developed by the NSA. Baltimore, a city in Maryland, continuously struggled under a severe malware attack nearly three weeks that shut down thousands of computers, email and disrupted real estate sales, water bills, health…
Shade Ransomware Attack Enterprise Networks through Weaponized PDF Files & Malspam Emails Shade Ransomware emerged in late 2014; it includes malicious spam emails or exploits kits as their primary attack vectors. In a recent campaign, hackers abuses CMS such as WordPress and Joomla Sites to host the Shade Ransomware payload. According to Palo Alto report, the following are the top countries affected by the ransomware strain that…
Microsoft Released Final Version of Security Configuration Baseline for Windows 10 and Windows Server Microsoft published its final release of security configuration baseline settings for Windows 10 version 1903 and Windows Server version 1903. Microsoft enables various controls to Windows users by providing multiple configuration capabilities since the organization needs to implement control over their security configurations. Generally, Window security baseline applies to Windows 10, Windows Server 2016 and…
Python for Data Science – Most Important Contribution of Data Science in Cybersecurity Python for Data Science is one of the essential parts for those who all are willing to focus on Data science. There are a lot of people who do data science who understand that they need to do more tools to do their work even better. One of the tools that people choose to learn…
Hackers Attack MySQL Servers on Windows to Deliver GandCrab Ransomware GandCrab Ransomware is one of the most Prevalent Ransomware that holds about 40% of the ransomware market share. It was distributed through various form of attacks such as social media campaigns, exploit kit, weaponized office documents, and compromised websites. Sophos researchers spotted a new GandCrab Ransomware campaign that targets Internet-facing MySQL servers on Windows. The…
First American Leaked 885 Million Most Sensitive Financial Data Online First American Financial Corp, a U.S based financial services company leaked Hundreds of Million of Most sensitive records online that related to real estate and mortgage industries. First American Fin corp is one of the oldest company the U.S and the company running its operation nearly 130 years with the core services of real property…
JSRAT – Secret Command & Control Channel Backdoor to Control Victims Machine Using JavaScript JsRat is python based script developed to backdoor victim machine using JavaScript payloads and the HTTP protocol for communication between the server and the target hosts. Here I have used Kali Linux(Attacker Machine) and Victim Machine (Windows 10) Installation & Setup :- Download the JSRAT tool Here Download and give appropriate permission to execute the script.Above figure…
Shodan and Censys: Finding Hidden Parts On the Internet With Special Search Engines Our digital lives connect massive things with the Internet. Starting with Smartphones, Wi-Fi routers, Surveillance Camera, Smart TV, SCADA networks and leading to traffic light management systems are exposed to the internet. In 2016 impact of Mirai botnet attack, which was orchestrated as a distributed denial of service attack affects 300,000 vulnerable Internet of Things…
Top 10 Most Disturbing Cyber Attack Tactics in 2019 Nowadays many small and large scale industries are facing security issues due to the cyber attack. From the past few years, cyber attack tactics have increased and massive data is being grabbed and misused by many black hat people across many industries. Regardless of whether you work in the affected industries, it’s essential to understand…
Mist Computing Startup Distributes Security AI to the Network Edge MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.
7 Recent Wins Against CybercrimeThe increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.
Mobile Exploit Fingerprints Devices with Sensor Calibration DataData from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
- First American Financial exposed 16 years’ worth of personal and financial documents The US real-estate insurance biz, First American Financial, accidentally leaked customers’ highly personal files online, hundreds of millions of documents. The US real-estate insurance company First American Financial Corp. accidentally leaked hundreds of millions of documents. The company has more than 18,000 employees and brought in more than $5.7 billion in 2018. Roughly 885 million insurance-related documents…
- Hacker breached Perceptics, a US maker of license plate readers Perceptics, a maker of vehicle license plate scanning solutions used in the US, has been hacked, attackers stole data and offered for free on the dark web. Perceptics is a leader in license plate readers (LPRs), license plate recognition systems and vehicle identification products. The company was hacked and attackers stole data and offered business…
- Sectigo says that most of certificates reported by Chronicle analysis were already revoked According to Sectigo, most of the certificates used to sign the malware submitted to VirusTotal and issued by the company were expired and were already revoked. This week experts at Chronicle published a study on signed malware registered on VirusTotal that states that most of the digital certificates used to sign malware samples found on…
- Security Affairs newsletter Round 215 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” https://www.surveymonkey.com/r/EUBloggerAwards2018 Dutch intelligence investigate alleged Huawei ‘backdoor Salesforce…
- Remarks on NATO and its approach to the cyber offensive This week NATO Secretary General Jens Stoltenberg explained during a conference at the Cyber Defence Pledge conference in London how the Alliance is countering cyber threats. This week during the Cyber Defence Pledge conference in London, NATO Secretary General Jens Stoltenberg explained how the Alliance is countering cyber threats. Stoltenberg declared that NATO is pushing…
- Police seized Bestmixer, the mixing service washed at least $200 million in a year European law enforcement seized and shut down Bestmixer.io for reportedly laundering over $200 million in cryptocurrency. This week the Europol has dealt another blow to cybercrime, the European police along with the Dutch Fiscal Information and Investigation Service (FIOD), and Luxembourg authorities shut down Bestmixer.io, on one of the world’s leading cryptocurrency mixing services. A…
- Hackers target MySQL databases to deliver the GandCrab ransomware Security experts at Sophos have detected a wave of attacks targeting Windows servers that are running MySQL databases with the intent of delivering the GandCrab ransomware Sophos researchers have observed a wave of attacks targeting Windows servers that are running MySQL databases, threat actors aim at delivering the GandCrab ransomware. This is the first time…
- 0patch issued a micropatch to address the BlueKeep flaw in always-on servers 0patch, released a security patch to address the BlueKeep vulnerability, that can be deployed by administrators to protect always-on servers. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS vulnerability dubbed BlueKeep that can be exploited to carry out WannaCry-like attack. The issue is a remote code execution flaw in Remote Desktop…
- GitHub introduces new tools and security features to secure code GitHub announced the introduction of several new tools and security features to help developers secure their code. The popular code repository hosting service GitHub continues its efforts in helping its customers in developing and maintaining a secure code. “Ninety-nine percent of new software projects depend on open source code. This extensive code reuse helps everyone…
- Snapchat staff used internal tools to spy on users Snapchat internal staff has allegedly abused their role in the company to spy on Snapchat users using and internal tools and steal data. Snapchat is a multimedia messaging app that makes pictures, videos, and messages (snaps) available for a short time before they become inaccessible to their recipients. Initially, it was only allowing person-to-person photo sharing, but now…
- How Hackers Access Direct Deposit Paycheck — And What to Do About It Getting your paycheck deposited directly into your bank account seems like a handy solution but in some cases. hackers can access them. Getting your paycheck deposited directly into your bank account seems like a handy solution because you don’t have to pick up the check from your workplace and take it to the bank to…
- US DoJ’s superseding indictment charges Assange with violating Espionage Act The United States Department of Justice charges WikiLeaks founder Julian Assange with 18 counts on the alleged violation of the Espionage Act. A federal grand jury returned an 18-count superseding indictment that charges WikiLeaks founder Julian Assange with counts related to illegally obtaining and disclosing classified information. British authorities arrested Assange on April 11 at the…
- Chronicle’s study reveals CAs that issued most certificates to sign malware samples on VirusTotalMost of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo). Chronicle’s security researchers have analyzed…
- Facebook says it took down 2.19 billion accounts in Q1 2019Social network giant Facebook revealed it recently disabled billions of accounts operated by “bad actors” and that five percent of active accounts are fake. The news is disconcerting, but sincerely not so surprising, Facebook announced it recently disabled billions of accounts operated by “bad actors” and that five percent of its active accounts are fake.…
- PoC Exploits for CVE-2019-0708 wormable Windows flaw released onlineSeveral security experts have developed PoC exploits for wormable Windows RDS flaw tracked as CVE-2019-0708 and dubbed BlueKeep. Experts have developed several proof-of-concept (PoC) exploits for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep. One of the PoC exploits could be used for remote code execution on vulnerable…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
