Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Google forgot to tell customers that Nest Hub has a microphone Google on Wednesday revealed that it forgot to inform users that its Nest Secure home alarm system includes a microphone. Google announced this week that it forgot to inform users that its Nest Secure home alarm system includes a microphone. “The problem: Nest users didn’t know a microphone existed on their security device to begin…
Cisco addresses flaws in HyperFlex and Prime Infrastructure Cisco released security patches that address more than a dozen issues in its products, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix…
Expert found a DoS flaw in Windows Servers running IIS Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Microsoft revealed that Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks. Attackers can trigger a DoS condition by sending specially crafted HTTP/2 requests, the CPU usage will temporarily spike to 100%…
Adobe released second fix for the same Adobe Reader flaw Adobe released a second patch to address the CVE 2019-7089 flaw in Adobe Reader after an expert found the way to bypass the first fix. Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised…
Security experts released new GandCrab Decryptor for free Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The…
Critical bug in WINRAR affects all versions released in the last 19 years Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer Over 500 million users worldwide use the…
CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution. The CVE-2019-6340 flaw is caused by the lack…
The interface of WinPot ATM Malware looks like a slot machine Malware researchers from Kaspersky Lab have detected a new piece of malware dubbed WinPot that was designed to target automated teller machines (ATMs). Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from…
Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018. Microsoft revealed that hackers belonging to the cyber espionage group APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) launched several attacks on democratic institutions in Europe between September and December 2018. The tech giant revealed that 104 accounts belonging…
Expert released a PoC for a remote code execution flaw in mIRC App Security experts discovered a vulnerability in the mIRC application that allows attackers to execute commands remotely. Security researchers Benjamin Chetioui and Baptiste Devigne from ProofOfCalc discovered a vulnerability in the mIRC application that could be exploited by attackers to execute commands remotely. mIRC is a popular Internet Relay Chat application that allows users to chat…
North Korea’s Lazarus APT targets Russian Entities Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were…
Security breach at North Country PoS firm hits hundreds of US restaurants and Hotels North Country Business Products POS (point-of-sale) and security solutions provider announced a data breach that affected hundreds of U.S. restaurants and hotels. North Country Business Products point-of-sale and security solutions provider announced a data breach, the company is currently used by 6500 customers around the Midwest. “North Country Business Products, Inc. (“North Country”), today announced that a recent data…
Experts found a Remote Code Execution flaw in WordPress 5.0.0 Security experts disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. Security experts at RIPS Technologies GmbH disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. The experts discovered that the flaw could be exploited…
Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. Security expert discovered an exposed MongoDB that reveals facial recognition abuse for tracking the Uyghur Muslim minority in China.Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. We have debated for a long time the surveillance campaigns conducted by the Chinese government, now the news of the day is the…
The Muncy malware is on the rise Over the last few days, a phishing campaign from DHL and entitled “DHL Shipment Notification” has been targeted users worldwide distribution the Muncy malware. Muncy is the name dubbed by SI-LAB that analyzed this threat. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. Malicious actors are using SMTP servers leveraging bad…
New Legislation Builds on California Data Breach Law This bill requires businesses to notify consumers of compromised passport numbers and biometric data.
To Mitigate Advanced Threats, Put People Ahead of Tech Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
Hackers using Malware that Steal Premium Users Credentials from Pornhub, XVideos to sell it in Dark Web New Threat report revealed that Credential stealing malware were dramatically increased in 2018 that target the adult websites premium users credentials to selling it in dark web. These credentials are most wanted data in underground market place in Dark web where cybercriminals selling these stolen data for thousands. It very common that pornography website is…
Tracking Photo’s Geo-location with GPS EXIF DATA – Forensic Analysis This article is about collecting metadata from photographs. Metadata is an information which is created for every file’s format. Examples for metadata: file created date and time, last edited etc. In this article, we will take a picture from iPhone and analyze that Image to collect various metadata for collected evidence. Before starting your forensic investigation for images,…
New Hacking Tools launching Crypto-Malware by Exploit a Windows SMB Server Vulnerability Cybercriminals now leveraging new hacking tools and remote access software to drop cryptocurrency malware by exploiting a Windows SMB Server Vulnerability . There are 2 main hacking tools that are used by attackers to drop random file info to the targeted systems windows registry. First one is MIMIKATZ , a powerful post-exploitation hacking tool which is used with…
Personal Data of 458,388 Delhi Citizens Exposed Online from an Unprotected Database A database that contains highly sensitive information of about 458,388 individuals located in Delhi exposed for public access without any password protection. Security researcher Bob Diachenko discovered the publically exposed database name “GNCTD” that indexed by Shodan. The 4.1GB-sized MongoDB belongs to Government of National Capital Territory of Delhi and by analyzing contents Bob Diachenko…
Attack Campaign Experiments with Rapid Changes in Email Lure Content It's like polymorphic behavior - only the changes are in the email lures themselves, with randomized changes to headers, subject lines, and body content.
Human Negligence to Blame for the Majority of Insider Threats In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web - a 20% jump from 2018.
Why Cybersecurity Burnout Is Real (and What to Do About It) The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
New Free Tool Scans for Chrome Extension Safety CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
Cyber Extortionists Can Earn $360,000 a Year Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
Security Analysts Are Only Human SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
Malicious HTTP/2 Requests on IIS Server Cause The System CPU Usage to Spike to 100% Microsoft Security advisory released a new flaw in IIS server that Microsoft the system CPU usage to spike to 100% when malicious HTTP/2 requests are sent to a Windows Server. This malicious process will remain continually affected the CPU usage until the Malicious connection killed by the IIS server. IIS is a web server created…
19-Year-Old Vulnerability in WinRAR Allows Attackers to Get Complete Control over victim’s Computer A critical old Remote Code Execution bug puts 500 million WinRAR users worldwide at risk. The vulnerability remains undetected for 19 years. Security researchers from Checkpoint published the technical details of the critical vulnerability that exists in the most popular software. Based on the crash tests researchers detected an old DLL library that compiled back…
Facebook Released New Location Privacy Control for Android Users to Stop Collecting Location Data Facebook announced new location privacy control future for Android users that allows users to control their location data that collects by Facebook. Android provides an option for its users to control their location by turn off/on that helps to control the location data whether Facebook or other apps collection users precise location. Facebook users frequently…
Liechtenstein Bank Sets up Cryptocurrency Trading Platform for Institutional Investors Bitcoin.
Cryptocurrency companies use 'backdoor' listings to ease into mainstream HONG KONG (Reuters) - Several cryptocurrency exchanges have moved closer to mainstream markets by buying listed companies, looking to raise funds and present themselves as embedded in the traditional financial services world they once spurned. In the most recent deal, U.S. crypto broker-dealer Voyager Digital on Feb. 11 achieved a “backdoor” listing on Toronto’s Venture…
Davidson County 911 Center Director Terry Bailey retiring Choose the plan that’s right for you. Digital access or digital and print delivery.
China defends Australian coal block, Parliament cyber attack calling hacking claims 'baseless' 
Huawei to boost research and development spending in Canada, even if government blocks its 5G tech Chinese telecommunications company Huawei pledged Thursday to boost investment in research and development in Canada and to add 200 high-paying jobs here amid ongoing concerns over the company’s role in the development of new high-speed 5G wireless networks. Ottawa is in the midst of a review of national and economic security around 5G technology and…
'We're watching you': Why doxxing is the new weapon of choice for cyber bullies and trolls Updated February 22, 2019 10:59:55 "The purpose of me putting your number online was so people can reach you directly." That's what far-right activist Avi Yemini told me last week when I called to ask him why he'd published my personal mobile phone number on his Facebook page. He also referred to my family as…
Cryptocurrency Exchange Exmo Opens Branch in Turkey Bitcoin.
Chhattisgarh BJP website hacked by 'Pakistani hackers' 
New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth Fraud investigators say they've uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device…
Cryptocurrency is a sophisticated pyramid scheme, Reserve Bank warns | Sunday Tribune News / 21 February 2019, 3:33pm / SIPHELELE BUTHELEZI Cape Town - The South African Reserve Bank has no plans to recognise cryptocurrencies such as Bitcoin, which has created frenzy around the world. Reserve Bank Governor Lesetja Kganyago said cryptocurrency did not meet any requirements of a currency and described it as a sophisticated pyramid scheme. Kganyago was responding…
Google Adds Bitcoin Cryptocurrency Symbol to Keyboard for iOS Devices A media outlet’s report on February 21 reveals that Google, a U.S. based search engine giant has added a Bitcoin currency symbol to its keyboard for iOS devices. The icon for the most popular cryptocurrency based on market capitalization now sits alongside others like the Yen, Dollar, Euro, and Pounds. Per the report, users of…
Gov't best source for human rights info: envoy By Gigie Arcilla February 21, 2019, 6:00 pm GENEVA, Switzerland – A Philippine ambassador to the United Nations (UN) here on Wednesday said it is always best to verify with the government matters pertaining to human rights and security amid the misinformation of some groups that have influence in countries around the world. “They constitute…
Samsung Launches Galaxy Series Preloaded With Cryptocurrency Wallet Bitcoin.
Online ATM-style scam puts shoppers at risk: Symantec File: "Formjacking" is essentially an online version of ATM tampering, which allows thieves to grab the PIN codes of unsuspecting customers. PARIS - Online shoppers are at growing risk from a scam which allows hackers to skim their payment details, cybersecurity firm Symantec warned on Wednesday. "Formjacking" is essentially an online version of ATM tampering, which…
China ditches 2015 cybersecurity pact with US Read More 
- Google forgot to tell customers that Nest Hub has a microphone Google on Wednesday revealed that it forgot to inform users that its Nest Secure home alarm system includes a microphone. Google announced this week that it forgot to inform users that its Nest Secure home alarm system includes a microphone. “The problem: Nest users didn’t know a microphone existed on their security device to begin…
- Cisco addresses flaws in HyperFlex and Prime Infrastructure Cisco released security patches that address more than a dozen issues in its products, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix…
- Expert found a DoS flaw in Windows Servers running IIS Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Microsoft revealed that Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks. Attackers can trigger a DoS condition by sending specially crafted HTTP/2 requests, the CPU usage will temporarily spike to 100%…
- Adobe released second fix for the same Adobe Reader flaw Adobe released a second patch to address the CVE 2019-7089 flaw in Adobe Reader after an expert found the way to bypass the first fix. Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised…
- Security experts released new GandCrab Decryptor for free Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The…
- Critical bug in WINRAR affects all versions released in the last 19 years Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer Over 500 million users worldwide use the…
- CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution. The CVE-2019-6340 flaw is caused by the lack…
- The interface of WinPot ATM Malware looks like a slot machine Malware researchers from Kaspersky Lab have detected a new piece of malware dubbed WinPot that was designed to target automated teller machines (ATMs). Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from…
- Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018. Microsoft revealed that hackers belonging to the cyber espionage group APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) launched several attacks on democratic institutions in Europe between September and December 2018. The tech giant revealed that 104 accounts belonging…
- Expert released a PoC for a remote code execution flaw in mIRC App Security experts discovered a vulnerability in the mIRC application that allows attackers to execute commands remotely. Security researchers Benjamin Chetioui and Baptiste Devigne from ProofOfCalc discovered a vulnerability in the mIRC application that could be exploited by attackers to execute commands remotely. mIRC is a popular Internet Relay Chat application that allows users to chat…
- North Korea’s Lazarus APT targets Russian Entities Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were…
- Security breach at North Country PoS firm hits hundreds of US restaurants and Hotels North Country Business Products POS (point-of-sale) and security solutions provider announced a data breach that affected hundreds of U.S. restaurants and hotels. North Country Business Products point-of-sale and security solutions provider announced a data breach, the company is currently used by 6500 customers around the Midwest. “North Country Business Products, Inc. (“North Country”), today announced that a recent data…
- Experts found a Remote Code Execution flaw in WordPress 5.0.0 Security experts disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. Security experts at RIPS Technologies GmbH disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. The experts discovered that the flaw could be exploited…
- Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. Security expert discovered an exposed MongoDB that reveals facial recognition abuse for tracking the Uyghur Muslim minority in China.Exposed MongoDB revealed facial recognition abuse for tracking the Uyghur Muslim minority in China. We have debated for a long time the surveillance campaigns conducted by the Chinese government, now the news of the day is the…
- The Muncy malware is on the rise Over the last few days, a phishing campaign from DHL and entitled “DHL Shipment Notification” has been targeted users worldwide distribution the Muncy malware. Muncy is the name dubbed by SI-LAB that analyzed this threat. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. Malicious actors are using SMTP servers leveraging bad…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
