Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Google removes a set of 21 malicious apps from the Play Store Google has removed 21 malicious apps from the official Play Store because they were found to serve intrusive and annoying ads. Google has removed 21 new malicious apps from the official Play Store because they were found displaying intrusive ads. The following malicious apps were spotted by researchers from cybersecurity firm Avast: Shoot Them Crush…
Fragomen law firm data breach exposed Google employee’s data Immigration law firm Fragomen has disclosed a data breach that exposed current and former Google employees’ personal information. Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP, one of the most prominent US law firms covering immigration law, disclosed a data breach. The security breach exposed current and former Google employees’ personal information after…
Hacker was identified after the theft of $24 million from Harvest Finance A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance. A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield(APY) returns. The hack took place earlier today…
Over 100 irrigation systems left exposed online without protection Researchers found more than 100 smart irrigation systems running ICC PRO that were left exposed online without a password last month. Security experts from the Israeli security firm Security Joes discovered more than 100 irrigation systems running ICC PRO that were left exposed online without protection. ICC PRO is a top-shelf smart irrigation system designed by Motorola.…
Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software, Inc. develops commercial software used to create, edit, sign, and…
KashmirBlack, a new botnet in the threat landscape that rapidly grows Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. Security experts from Imperva have spotted a new sophisticated botnet, tracked as KashmirBlack is believed to have already infected hundreds of thousands of websites by exploiting vulnerabilities in their content management system (CMS) platforms.…
Finnish psychotherapy center Vastaamo suffered a shocking security breach Private Finnish psychotherapy center Vastaamo suffered a security breach, hackers are now demanding ransom to avoid the leak of sensitive data they have stolen. Finland’s interior minister summoned an emergency meeting Sunday after the private Finnish psychotherapy center Vastaamo suffered a security breach that caused the exposure of patient records. To worse the situation the…
Ransomware attack disabled Georgia County Election database A ransomware attack recently hit Georgia county government and reportedly disabled a database used to verify voter signatures. A ransomware attack hit a Georgia county government early this month and disabled a database used to verify voter signatures in the authentication of absentee ballots. It is a common process to validate absentee ballots sent by…
COVID-19 vaccine manufacturer suffers a data breach Dr. Reddy’s, the Indian contractor for Russia’s “Sputinik V” COVID-19 vaccine was hit with a cyber-attack that forced the company to close its plants. Indian COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories was hit with a cyber attack that forced it to shut down its plants in Brazil, India, Russia, the U.K., and the U.S.. According…
Is the Abaddon RAT the first malware using Discord as C&C? Abaddon is the first RAT that uses the freeware instant messaging and VoIP app and digital distribution platform Discord as a command & control server. Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The…
HPE addresses critical auth bypass issue in SSMC console HPE fixed a remote authentication bypass vulnerability in HPE StoreServ Management Console (SSMC) data center storage management solution. Hewlett Packard Enterprise (HPE) has addressed a maximum severity (rated 10/10) remote authentication bypass vulnerability, tracked as CVE-2020-7197, affecting the HPE StoreServ Management Console (SSMC) data center storage management solution. HPE SSMC is a management and reporting console for HPE Primera (data storage for…
Security Affairs newsletter Round 286 A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. FIN11 gang started deploying ransomware to monetize its operations Iran-linked Silent Librarian APT targets universities again Microsoft released out-of-band Windows fixes for 2 RCE issues QQAAZZ crime gang charged for…
New Emotet attacks use a new template urging recipients to upgrade Microsoft Word Emotet operators have started using a new template this week that pretends to be a Microsoft Office message urging a Microsoft Word update. Researchers this week observed Emotet attacks employing a new template that pretends to be a Microsoft Office message urging the recipient to update their Microsoft Word to add a new feature. Emotet…
Microsoft Teams phishing campaign targeted up to 50,000 Office 365 usersExperts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams. Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a phishing campaign that pretends to be automated message from Microsoft Teams. The bait message uses fake notifications…
Boyne Resorts ski and golf resort operator hit with WastedLocker ransomwareThe systems at the US-based ski and golf resort operator were infected with the WastedLocker ransomware, the incident impacted reservation systems. Boyne Resorts is a collection of mountain and lakeside resorts, ski areas, and attractions spanning from British Columbia to Maine. The company owns and operates eleven properties and an outdoor lifestyle equipment/apparel retail division…
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
MITRE Shield Matrix Highlights Deception & Concealment Technology The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
Akamai Acquires Asavie Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.
Employees Aware of Emailed Threats Open Suspicious Messages A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
Delete Now! – These 21 Apps With More Than 7 Million Downloads Contains Malware Researchers found 21 malicious adware apps on Google play that disguised as gaming apps. These apps have adware hidden by design and have anti-uninstall and evasion functions. The 21 gaming apps in question were found to be downloaded more than eight million. These apps come packed with adware which is a part of the HiddenAds…
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
Modern CyberSOC – A Brief Implementation Of Building a Collaborative Cyber Security Infrastructure In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM,etc.) and the prioritize in building the SOC provides security and the CIA was maintained. However, later the emerge of the attacks and the threat actors becomes more challenge and the existing SOC will not able to provide better security over the CIA. There are…
US Treasury Sanctions Russian Institution Linked to Triton MalwareTriton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
Russian Hackers Attack U.S. Government Networks To Steal Sensitive DataCISA & FBI released a joint alert detailing Russian state-sponsored advanced persistent threat (APT) targeting various U.S. government networks to steal sensitive data. Russian State-sponsored actors group such as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala are active since 2010 and targeting various U.S. state, local, territorial, and tribal (SLTT) government…
Botnet Infects Hundreds of Thousands of WebsitesKashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
Credential-Stuffing Attacks Plague Loyalty ProgramsBut that's not the only type of web attack cybercriminals have been profiting from.
McAfee Raises $740M in Second IPOThe security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.
As Smartphones Become a Hot Target, Can Mobile EDR Help?Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast TargetsSeedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
Enel Group suffered the second ransomware attack this year Multinational energy company Enel Group has been hit by Netwalker ransomware operators that are asking a $14 million ransom. Systems at the multinational energy company Enel Group has been infected with Netwalker ransomware, it is the second ransomware attack suffered by the energy giant this year. Netwalker ransomware operators are asking a $14 million ransom…
- Google removes a set of 21 malicious apps from the Play Store Google has removed 21 malicious apps from the official Play Store because they were found to serve intrusive and annoying ads. Google has removed 21 new malicious apps from the official Play Store because they were found displaying intrusive ads. The following malicious apps were spotted by researchers from cybersecurity firm Avast: Shoot Them Crush…
- Fragomen law firm data breach exposed Google employee’s data Immigration law firm Fragomen has disclosed a data breach that exposed current and former Google employees’ personal information. Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP, one of the most prominent US law firms covering immigration law, disclosed a data breach. The security breach exposed current and former Google employees’ personal information after…
- Hacker was identified after the theft of $24 million from Harvest Finance A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance. A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield(APY) returns. The hack took place earlier today…
- Over 100 irrigation systems left exposed online without protection Researchers found more than 100 smart irrigation systems running ICC PRO that were left exposed online without a password last month. Security experts from the Israeli security firm Security Joes discovered more than 100 irrigation systems running ICC PRO that were left exposed online without protection. ICC PRO is a top-shelf smart irrigation system designed by Motorola.…
- Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software, Inc. develops commercial software used to create, edit, sign, and…
- KashmirBlack, a new botnet in the threat landscape that rapidly grows Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. Security experts from Imperva have spotted a new sophisticated botnet, tracked as KashmirBlack is believed to have already infected hundreds of thousands of websites by exploiting vulnerabilities in their content management system (CMS) platforms.…
- Finnish psychotherapy center Vastaamo suffered a shocking security breach Private Finnish psychotherapy center Vastaamo suffered a security breach, hackers are now demanding ransom to avoid the leak of sensitive data they have stolen. Finland’s interior minister summoned an emergency meeting Sunday after the private Finnish psychotherapy center Vastaamo suffered a security breach that caused the exposure of patient records. To worse the situation the…
- Ransomware attack disabled Georgia County Election database A ransomware attack recently hit Georgia county government and reportedly disabled a database used to verify voter signatures. A ransomware attack hit a Georgia county government early this month and disabled a database used to verify voter signatures in the authentication of absentee ballots. It is a common process to validate absentee ballots sent by…
- COVID-19 vaccine manufacturer suffers a data breach Dr. Reddy’s, the Indian contractor for Russia’s “Sputinik V” COVID-19 vaccine was hit with a cyber-attack that forced the company to close its plants. Indian COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories was hit with a cyber attack that forced it to shut down its plants in Brazil, India, Russia, the U.K., and the U.S.. According…
- Is the Abaddon RAT the first malware using Discord as C&C? Abaddon is the first RAT that uses the freeware instant messaging and VoIP app and digital distribution platform Discord as a command & control server. Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The…
- HPE addresses critical auth bypass issue in SSMC console HPE fixed a remote authentication bypass vulnerability in HPE StoreServ Management Console (SSMC) data center storage management solution. Hewlett Packard Enterprise (HPE) has addressed a maximum severity (rated 10/10) remote authentication bypass vulnerability, tracked as CVE-2020-7197, affecting the HPE StoreServ Management Console (SSMC) data center storage management solution. HPE SSMC is a management and reporting console for HPE Primera (data storage for…
- Security Affairs newsletter Round 286 A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. FIN11 gang started deploying ransomware to monetize its operations Iran-linked Silent Librarian APT targets universities again Microsoft released out-of-band Windows fixes for 2 RCE issues QQAAZZ crime gang charged for…
- New Emotet attacks use a new template urging recipients to upgrade Microsoft Word Emotet operators have started using a new template this week that pretends to be a Microsoft Office message urging a Microsoft Word update. Researchers this week observed Emotet attacks employing a new template that pretends to be a Microsoft Office message urging the recipient to update their Microsoft Word to add a new feature. Emotet…
- Microsoft Teams phishing campaign targeted up to 50,000 Office 365 usersExperts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams. Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a phishing campaign that pretends to be automated message from Microsoft Teams. The bait message uses fake notifications…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
