Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Indictment, Lawsuits Revive Trump-Alfa Bank StoryIn October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia's largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as…
Does Your Organization Have a Security.txt File?It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote access to an organization's internal network is being sold in the cybercrime underground. In a…
Trial Ends in Guilty Verdict for DDoS-for-Hire BossA jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel's conviction comes roughly two weeks after his co-conspirator pleaded guilty…
Customer Care Giant TTEC Hit By RansomwareTTEC, [NASDAQ: TTEC], a company used by some of the world's largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result of a ransomware attack, KrebsOnSecurity has learned.
Microsoft Patch Tuesday, September 2021 EditionMicrosoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on iOS products, and Google's got a new version of…
Port of Houston was hit by an alleged state-sponsored attack Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated by a nation-state actor. One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact on its systems. “The Port of…
JSC GREC Makeyev and other Russian entities under attack A cyberespionage campaign hit multiple Russian organizations, including JSC GREC Makeyev, a major defense contractor, exploiting a recently disclosed zero-day. Security researchers from Malwarebytes uncovered multiple attacks targeting many Russian organizations, including JSC GREC Makeyev, a company that develops liquid and solid fuel for Russia’s ballistic missiles and space rocket program. Threat actors behind the cyberespionage…
Security Affairs newsletter Round 333 A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GSS, one of the major European call center providers, suffered a ransomware attack Threat actors are attempting…
Google TAG spotted actors using new code signing tricks to evade detection Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. By code signing executables, it is possible to verify their integrity and provide information about the…
GSS, one of the major European call center providers, suffered a ransomware attack The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers. GSS customer care and call center provider has suffered a ransomware attack that crippled its system and paralyzed call centers serving its Spanish-speaking customers. GSS is the Spanish and Latin America division of…
Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw in VMware vCenter threat actors started using it. The CVE-2021-22005 issue is a critical arbitrary file upload vulnerability…
Google addressed the eleventh Chrome zero-day flaw this year Google released a Chrome emergency update for Windows, Mac, and Linux that addresses a high-severity zero-day flaw exploited in the wild. Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux that addresses a high-severity zero-day vulnerability (CVE-2021-37973) exploited in the wild. An attacker can exploit this flaw to execute arbitrary code on systems running vulnerable Chrome versions. This vulnerability…
European Union formally blames Russia for the GhostWriter operation European Union representatives formally accused Russia of attempting to target the elections and political systems of several EU states. European Union has formally accused Russia of meddling in the elections and political systems of several EU states. EU high representative said that Russia-linked threat actors were behind a recent operation tracked as Ghostwriter. The officials…
CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034, that impacting several Secure Mobile Access (SMA) 100 series products. The vulnerability is an improper access control vulnerability that can be…
Researcher released PoC exploit code for 3 iOS zero-day issues Researcher release PoC exploit code for three iOS zero-day flaws after Apple delayed addressing them and did not credit him. An unknown researcher publicly released on GitHub proof-of-concept exploit code for three iOS zero-day vulnerabilities and one flaw addressed by Apple in July. The experts discovered the four zero-day issues between March 10 and May…
Cisco addresses 3 critical vulnerabilities in IOS XE Software Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers. The most severe of these vulnerabilities is a Remote Code Execution Vulnerability, tracked as CVE-2021-34770,…
3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion Clubhouse and Facebook user records. Original Post @CyberNews https://cybernews.com/security/3-8-billion-allegedly-scraped-and-merged-clubhouse-and-facebook-user-records-put-for-sale-online/ A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion user records. The database was allegedly compiled by combining 3.8 billion phone numbers from…
New FamousSparrow APT group used ProxyLogon exploits in its attacks Researchers spotted a new cyberespionage group, dubbed FamousSparrow, that used ProxyLogon exploits to target hotels worldwide. Researchers from ESET discovered a new cyberespionage group, tracked as FamousSparrow, that has been targeting hotels worldwide around the world since at least 2019. The group also hit higher-profile targets such as law firms, governments, and private companies worldwide. According…
Apple addresses a new zero-day exploited to deploy the NSO Pegasus spywareApple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of…
A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentialsA flaw in the Microsoft Exchange Autodiscover feature can be exploited to harvest Windows domain and app credentials. Security researchers from Guardicore discovered a flaw in the Microsoft Exchange Autodiscover feature that can be exploited to harvest Windows domain and app credentials from users worldwide. The Microsoft Autodiscover protocol feature of Exchange email servers provides an…
Emergency Chrome Update Released to Patch Actively Exploited Zero-Day Bug Google has announced an emergency update for Chrome (94.0.4606.61), and in this update, it has addressed Chrome’s 11th ‘zero days’ exploit of the year. In this emergency update, Google has tracked the zero-day vulnerability as CVE-2021-37973 with High severity and this zero-day vulnerability attacks the users of the following platforms:- Linux macOS Windows This vulnerability…
FamousSparrow – New Hackers Group Attack Hotels, Governments by Leveraging MS Exchange Bugs The security firm, ESET has recently identified a new cyberespionage group, and it has been named “FamousSparrow” which indicates the protagonist of the Pirates of the Caribbean saga. This group would have had hotels among its priority attacks, although it could also have attacked many other private companies, which include governments in Europe, the…
What Is the Difference Between Security and Resilience? Resilience shifts the focus toward eliminating the probable impact of the full attack chain.
Consumers Share Security Fears as Risky Behaviors Persist While most US adults know they aren't sufficiently protecting their data online, many find security time-consuming or don't know the steps they should take.
TangleBot Campaign Underscores SMS Threat The attack targets Android devices and starts with a malicious SMS message that aims to bring malware onto compromised devices.
Hackers Launching large-Scale phishing-as-a-service Operation with 300,000 newly created Phishing Domains – Microsoft Large-scale well-organized phishing as a service (PhaaS) operation is uncovered recently by Microsoft. This platform helps users to customize campaigns and develop their own phishing ploys. The PhaaS platform can be used for phishing kits, email templates, and hosting services. The operation was marketed by the threat actors as Bulletprooflink when they found a high…
Contrast Application Security Platform Scales to Support OWASP Risks Contrast's platform detects and prevents against OWASP Top Ten risks from development to production with out-of-the-box policy rules and automated compliance reporting.
Our Eye Is on the SPARROW How unauthorized users can exploit wireless infrastructures for covert communication.
Endpoint Still a Prime Target for Attack A vast majority of security professionals surveyed think any exploit will start with the endpoint.
Google Spots New Technique to Sneak Malware Past Detection ToolsThe operator behind OpenSUpdater is using a new way to sneak adware and other malware past security tools.
Primer: Microsoft Active Directory Security for AD AdminsNearly all AD environments are vulnerable to identity attack paths -- a powerful, widespread, and difficult-to-detect attack technique. But we didn't say impossible. Here's how admins can stop them.
FamousSparrow APT Group Flocks to Hotels, Governments, BusinessesThe cyber espionage group has a custom backdoor and has added the ProxyLogon Microsoft Exchange flaw to its toolkit.
SAIC Appoints Kevin Brown as Chief Information Security OfficerIndustry leader with decades of information security experience manages SAIC’s security strategy and oversees critical cybersecurity operations.
Supply Chain and Ransomware Threats Drove 60% Increase in Global Cyber Intelligence Sharing Among Financial FirmsAMEX, Banco Falabella, IAG, and UBS win global award for annual cyber intelligence sharing efforts.
BlackFog ARM 64 Edition Provides Anti Data Exfiltration Across New PatformsNew BlackFog ARM 64 edition maximizes performance, battery life, and data security.
- Port of Houston was hit by an alleged state-sponsored attack Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated by a nation-state actor. One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact on its systems. “The Port of…
- JSC GREC Makeyev and other Russian entities under attack A cyberespionage campaign hit multiple Russian organizations, including JSC GREC Makeyev, a major defense contractor, exploiting a recently disclosed zero-day. Security researchers from Malwarebytes uncovered multiple attacks targeting many Russian organizations, including JSC GREC Makeyev, a company that develops liquid and solid fuel for Russia’s ballistic missiles and space rocket program. Threat actors behind the cyberespionage…
- Security Affairs newsletter Round 333 A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GSS, one of the major European call center providers, suffered a ransomware attack Threat actors are attempting…
- Google TAG spotted actors using new code signing tricks to evade detection Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. By code signing executables, it is possible to verify their integrity and provide information about the…
- GSS, one of the major European call center providers, suffered a ransomware attack The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers. GSS customer care and call center provider has suffered a ransomware attack that crippled its system and paralyzed call centers serving its Spanish-speaking customers. GSS is the Spanish and Latin America division of…
- Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw in VMware vCenter threat actors started using it. The CVE-2021-22005 issue is a critical arbitrary file upload vulnerability…
- Google addressed the eleventh Chrome zero-day flaw this year Google released a Chrome emergency update for Windows, Mac, and Linux that addresses a high-severity zero-day flaw exploited in the wild. Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux that addresses a high-severity zero-day vulnerability (CVE-2021-37973) exploited in the wild. An attacker can exploit this flaw to execute arbitrary code on systems running vulnerable Chrome versions. This vulnerability…
- European Union formally blames Russia for the GhostWriter operation European Union representatives formally accused Russia of attempting to target the elections and political systems of several EU states. European Union has formally accused Russia of meddling in the elections and political systems of several EU states. EU high representative said that Russia-linked threat actors were behind a recent operation tracked as Ghostwriter. The officials…
- CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034, that impacting several Secure Mobile Access (SMA) 100 series products. The vulnerability is an improper access control vulnerability that can be…
- Researcher released PoC exploit code for 3 iOS zero-day issues Researcher release PoC exploit code for three iOS zero-day flaws after Apple delayed addressing them and did not credit him. An unknown researcher publicly released on GitHub proof-of-concept exploit code for three iOS zero-day vulnerabilities and one flaw addressed by Apple in July. The experts discovered the four zero-day issues between March 10 and May…
- Cisco addresses 3 critical vulnerabilities in IOS XE Software Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers. The most severe of these vulnerabilities is a Remote Code Execution Vulnerability, tracked as CVE-2021-34770,…
- 3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion Clubhouse and Facebook user records. Original Post @CyberNews https://cybernews.com/security/3-8-billion-allegedly-scraped-and-merged-clubhouse-and-facebook-user-records-put-for-sale-online/ A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion user records. The database was allegedly compiled by combining 3.8 billion phone numbers from…
- New FamousSparrow APT group used ProxyLogon exploits in its attacks Researchers spotted a new cyberespionage group, dubbed FamousSparrow, that used ProxyLogon exploits to target hotels worldwide. Researchers from ESET discovered a new cyberespionage group, tracked as FamousSparrow, that has been targeting hotels worldwide around the world since at least 2019. The group also hit higher-profile targets such as law firms, governments, and private companies worldwide. According…
- Apple addresses a new zero-day exploited to deploy the NSO Pegasus spywareApple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of…
- A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentialsA flaw in the Microsoft Exchange Autodiscover feature can be exploited to harvest Windows domain and app credentials. Security researchers from Guardicore discovered a flaw in the Microsoft Exchange Autodiscover feature that can be exploited to harvest Windows domain and app credentials from users worldwide. The Microsoft Autodiscover protocol feature of Exchange email servers provides an…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...