Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Did H&M spy on its German employees? Privacy watchdog opens an investigation A German privacy watchdog is investigating into clothing retailer H&M because it was allegedly spying on its customer service representatives in Germany. Hamburg’s data protection commissioner has launched an investigation into Swedish clothing retailer H&M (Hennes & Mauritz) amid evidence that the company was spying on its customer service representatives in Germany. According to the…
Aggah: How to run a botnet without renting a Server (for more than a year) Experts from Yoroi-Cybaze ZLab have spotted new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign. Introduction During the last year, we constantly kept track of the Aggah campaigns. We started deepening inside the Roma225 Campaign and went on with the RG Campaign, contributing to the joint effort to track the…
Which was the most common threat to macOS devices in 2019? Shlayer malware Malware authors continue to show interest in macOS devices, Kaspersky experts confirmed that the Shlayer malware has been the most common threat to the macOS platform. Security experts from Kaspersky Lab revealed that the Shlayer malware was the most widespread macOS threat in 2019. In February, malware researchers at Carbon Black spotted a new strain…
Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world More details emerged from the recently disclosed Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of e-commerce. Operators of the JavaScript-sniffer family, dubbed «GetBilling» by Group-IB, were arrested in Indonesia. The arrest came as a result of a joint operation «Night Fury» initiated by INTERPOL’s ASEAN Cyber Capability Desk (ASEAN Desk) that involved Indonesian Cyber Police (BARESKRIM POLRI (Dittipidsiber)) and Group-IB’s…
Mozilla banned hundreds of malicious Firefox add-ons over the last weeks Mozilla is intensifying the efforts to protect its users, in the last couple of weeks, the security staff has banned 200 malicious Firefox add-ons. Over the past two weeks, Mozilla has reviewed and banned 197 Firefox add-ons because they were executing malicious code. The malicious Firefox add-ons were found stealing user data and for this…
A new piece of Ryuk Stealer targets government, military and finance sectors A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. Security experts from MalwareHunterTeam have discovered a new version of the Ryuk Stealer malware that has been enhanced to allow its operators to steal a greater amount of confidential files related to…
City of Potsdam offline following a cyberattack The City of Potsdam suffered a major cyberattack that took down its servers earlier this week, but emergency services were not impacted. The German City of Potsdam has suffered a major cyberattack that took down its servers earlier this week, the good news is that emergency services, including the city’s fire department fully operational and payments…
Security Affairs newsletter Round 248 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online Hackers patch Citrix servers to deploy their own backdoor Citrix releases permanent fixes for CVE-2019-19781 flaw in ADC 11.1 and 12.0 JhoneRAT uses…
Authorities arrest 3 Indonesian hackers behind many Magecart attacks The Indonesian National Police and the Interpol announced the arrest of three Indonesian hackers who carried out Magecart attacks. The Indonesian National Police in a joint press conference with Interpol announced the result of an investigation dubbed ‘Operation Night Fury’ that allowed to arrest three hackers that carried out Magecart attacks to steal payment card data. The…
Cisco Webex flaw allows unauthenticated remote attackers to join private meetings Cisco addressed a vulnerability in Cisco Webex that could be exploited by a remote, unauthenticated attacker to join a protected video conference meeting. Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform (CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting. In order…
Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. According to ZDNet, the hackers involved in the attack against the Mitsubishi Electric have exploited a zero-day vulnerability in Trend Micro OfficeScan to infect company servers. This week, Mitsubishi Electric disclosed a security breach that might have…
For the second time in a few days, Greek Government websites hit by DDoS attacks The Greek government announced that a DDoS cyber attack hit the official state websites of the prime minister, the national police and fire service and several important ministries. Yesterday the Greek government announced that the official websites of the prime minister, the national police and fire service and several important ministries were hit by a…
Expert released DOS Exploit PoC for Critical Windows RDP Gateway flawsDanish security researcher Ollypwn has released DOS exploit PoC for critical vulnerabilities in the Windows RDP Gateway. The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. A Remote Desktop Gateway server is typically…
NK CARROTBALL dropper used in attacks on U.S. Govn AgencyA US Government agency was hit with a phishing attack attempting to deliver a new malware dropper dubbed CARROTBALL. Security experts at Palo Alto Networks have uncovered a new malware dropper called CARROTBALL that was used in targeted attacks against a U.S. government agency and non-US foreign nationals. Experts attribute the attack to the Konni…
Russian operator of Cardplanet carding site pleads guilty in the USA Russian national pleaded guilty this week to running a carding website called Cardplanet that helped people commit credit-card fraud. Last year, the Russian man Aleksei Burkov (29) was accused of running an online criminal marketplace, called Cardplanet, that helped crooks to organize more than $20 million in credit card fraud. In November, the suspect…
Avast Anti-Virus Spying Millions of Users Browsing Activities, Every Click, Every Buy and Selling to Its Clients – Google, Microsoft, Pepsi Anti-virus software firm Avast reportedly spying hundreds of millions of Users browsing activities including, every click, every purchase you made online, and selling the collected data into various clients that include Home Depot, Google, Microsoft, Pepsi, and McKinsey and many other companies. Avast is one of the leading security firms with more than 435 million…
WiFi Hacking Tool Aircrack-ng 1.6 Released with New Features, Speed Up & Bug Fixes Aircrack-ng 1.6 released with new features and a lot of improvements with Speed, memory usage and rate display. Aircrack-ng contains a complete set of tools to perform a Wi-Fi network security assessment. The tool focuses on multiple areas of WiFi security such as capturing packets, replay attacks, checking WiFi cards and driver capabilities for injection.…
Interpol Arrested 3 Indonesian Hackers Who have Hacked Hundreds of Ecommerce Websites With JS-Sniffer Malware 3 Indonesia Hackers has been arrested by the Interpol under coordinated cyber operation for hacking hundreds of E-commerce websites using JS-Sniffer Malware. ANF (27), K (35), and N (23) who have resided in Indonesia and running the malicious campaign, and targeting the E-Commerce websites with the malware known as JavaScript-sniffer. Malware authors developed with JavaScript-sniffer…
Top 10 Best Malware Removal Tool 2020 Malware removal tool is helps to remove the dangerous malware from your personal computer to protect from hackers and prevent future attacks. Today the most essential thing is to have security on your PC or laptop, as you never know when the cybercriminals will attack. This implies that you don’t only need Antivirus software, but…
Cisco Webex Flaw Let Unauthenticated Remote Attackers to Join Private Meetings Without Password Cisco addressed a critical security vulnerability in Cisco Webex Meetings Suite sites and Online sites that allow an unauthenticated attacker to join password protected private meetings without the meeting password. Cisco Webex technology is a platform to host online meetings anywhere, seminars anytime within organizations or outside. Cisco Webex Meetings Vulnerability The vulnerability can be…
Top 5 Best Open Source Security Projects That Promote Online Privacy & Protect Your Identity In general, the most secure software is open source. Even old, underfunded open-source security projects can still withstand the onslaught of exploits and invasions by the NSA. Open source has one main advantage over closed-source software: the code is public and can be inspected by anyone, which leaves little to no room for secret backdoors.…
Snake Ransomware That Written in Golang Language Removes Backup Shadows Copies & Encrypt Windows Files Researchers observed new snake ransomware that written in Golang targeting Windows users to encrypt the system files and remove the Volume Shadow Copies that the OS uses for backup. Snake ransomware is a targeted campaign that contains a standard ransomware feature with some of the more complex functionalities. Malware authors choose the Golang language which…
Iran Hacking Group Used Open Source Multi-platform PupyRAT to Attack Energy Sector OrganizationPupyRAT is a cross-platform (Windows, Linux, OSX, Android) is a remote administration and post-exploitation tool. It was written in python, acts as a backdoor, allows an attacker to create remote command shells, steal password credentials, log keystrokes, steal files, and to record webcams. The tool is intended for using red-team purposes, but the Iranian hacking…
Online Employment Scams on the Rise, Says FBILooking to change jobs? Watch out for fraudsters who use legitimate job services, slick websites, and an interview process to convince applicants to part with sensitive personal details.
The Biggest Cyber Threats and Trends to Look Out For 2020The Information Security Industry is on high alert because of constant cyber threats and trends than ever before in 2020. Artificial intelligence, cryptocurrency, machine learning, sophisticated cyber-attacks, phishing, malware, viruses, bots, have all caused governments, corporations, and individuals to be on their toes at all times because of constant threat. Threat Horizon’s latest study highlights…
Non-removable Android Malware Infects System Process to Remove Pre-Installed Apps & Gain The Root AccessResearchers observed a new variant of Android.Xiny malware with an improved self-defense mechanism. The malware targets only the older versions of the Android devices and gains the complete root access of the vulnerable Android device. It infects Android device version Android 5.1 and below, according to a Google report dated May 7, 2019, 25.2% of…
NIST Released Privacy Framework 2020 to Improve Enterprise Privacy Through Risk Management – Download A Free E-BookNational Institute of Standard and Technology (NIST) released a Privacy framework for 2020 to improving privacy through enterprise risk management. NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risks to build innovative products and services while protecting individuals’ privacy. It enables better privacy engineering…
NSA Offers Guidance on Mitigating Cloud FlawsA new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.
Severe Vulnerabilities Discovered in GE Medical DevicesCISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert SaysAttackers 'weaponized' Active Directory to spread the ransomware.
- Did H&M spy on its German employees? Privacy watchdog opens an investigation A German privacy watchdog is investigating into clothing retailer H&M because it was allegedly spying on its customer service representatives in Germany. Hamburg’s data protection commissioner has launched an investigation into Swedish clothing retailer H&M (Hennes & Mauritz) amid evidence that the company was spying on its customer service representatives in Germany. According to the…
- Aggah: How to run a botnet without renting a Server (for more than a year) Experts from Yoroi-Cybaze ZLab have spotted new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign. Introduction During the last year, we constantly kept track of the Aggah campaigns. We started deepening inside the Roma225 Campaign and went on with the RG Campaign, contributing to the joint effort to track the…
- Which was the most common threat to macOS devices in 2019? Shlayer malware Malware authors continue to show interest in macOS devices, Kaspersky experts confirmed that the Shlayer malware has been the most common threat to the macOS platform. Security experts from Kaspersky Lab revealed that the Shlayer malware was the most widespread macOS threat in 2019. In February, malware researchers at Carbon Black spotted a new strain…
- Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world More details emerged from the recently disclosed Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of e-commerce. Operators of the JavaScript-sniffer family, dubbed «GetBilling» by Group-IB, were arrested in Indonesia. The arrest came as a result of a joint operation «Night Fury» initiated by INTERPOL’s ASEAN Cyber Capability Desk (ASEAN Desk) that involved Indonesian Cyber Police (BARESKRIM POLRI (Dittipidsiber)) and Group-IB’s…
- Mozilla banned hundreds of malicious Firefox add-ons over the last weeks Mozilla is intensifying the efforts to protect its users, in the last couple of weeks, the security staff has banned 200 malicious Firefox add-ons. Over the past two weeks, Mozilla has reviewed and banned 197 Firefox add-ons because they were executing malicious code. The malicious Firefox add-ons were found stealing user data and for this…
- A new piece of Ryuk Stealer targets government, military and finance sectors A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. Security experts from MalwareHunterTeam have discovered a new version of the Ryuk Stealer malware that has been enhanced to allow its operators to steal a greater amount of confidential files related to…
- City of Potsdam offline following a cyberattack The City of Potsdam suffered a major cyberattack that took down its servers earlier this week, but emergency services were not impacted. The German City of Potsdam has suffered a major cyberattack that took down its servers earlier this week, the good news is that emergency services, including the city’s fire department fully operational and payments…
- Security Affairs newsletter Round 248 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online Hackers patch Citrix servers to deploy their own backdoor Citrix releases permanent fixes for CVE-2019-19781 flaw in ADC 11.1 and 12.0 JhoneRAT uses…
- Authorities arrest 3 Indonesian hackers behind many Magecart attacks The Indonesian National Police and the Interpol announced the arrest of three Indonesian hackers who carried out Magecart attacks. The Indonesian National Police in a joint press conference with Interpol announced the result of an investigation dubbed ‘Operation Night Fury’ that allowed to arrest three hackers that carried out Magecart attacks to steal payment card data. The…
- Cisco Webex flaw allows unauthenticated remote attackers to join private meetings Cisco addressed a vulnerability in Cisco Webex that could be exploited by a remote, unauthenticated attacker to join a protected video conference meeting. Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform (CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting. In order…
- Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. According to ZDNet, the hackers involved in the attack against the Mitsubishi Electric have exploited a zero-day vulnerability in Trend Micro OfficeScan to infect company servers. This week, Mitsubishi Electric disclosed a security breach that might have…
- For the second time in a few days, Greek Government websites hit by DDoS attacks The Greek government announced that a DDoS cyber attack hit the official state websites of the prime minister, the national police and fire service and several important ministries. Yesterday the Greek government announced that the official websites of the prime minister, the national police and fire service and several important ministries were hit by a…
- Expert released DOS Exploit PoC for Critical Windows RDP Gateway flawsDanish security researcher Ollypwn has released DOS exploit PoC for critical vulnerabilities in the Windows RDP Gateway. The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. A Remote Desktop Gateway server is typically…
- NK CARROTBALL dropper used in attacks on U.S. Govn AgencyA US Government agency was hit with a phishing attack attempting to deliver a new malware dropper dubbed CARROTBALL. Security experts at Palo Alto Networks have uncovered a new malware dropper called CARROTBALL that was used in targeted attacks against a U.S. government agency and non-US foreign nationals. Experts attribute the attack to the Konni…
- Russian operator of Cardplanet carding site pleads guilty in the USA Russian national pleaded guilty this week to running a carding website called Cardplanet that helped people commit credit-card fraud. Last year, the Russian man Aleksei Burkov (29) was accused of running an online criminal marketplace, called Cardplanet, that helped crooks to organize more than $20 million in credit card fraud. In November, the suspect…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
