Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices.
Wipro Intruders Targeted Other Major IT Firms The criminals responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India's third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant -- two other large technology consulting companies, new evidence suggests.
How Not to Acknowledge a Data BreachI'm not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally it seems necessary to publish such accounts when companies respond to a breach report in such a way that it's crystal clear that they wouldn't know what to do with a breach…
Experts: Breach at IT Outsourcing Giant WiproIndian information technology (IT) outsourcing and consulting giant Wipro [NYSE:WIT] is investigating reports from multiple security experts that Wipro's systems have been hacked and are being used to launch attacks against the company's customers, multiple sources tell KrebsOnSecurity. The company has refused to respond to questions about the alleged incident.
‘Land Lordz’ Service Powers Airbnb ScamsScammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called "Land Lordz," which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.
Android 7.0+ Phones Can Now Double as Google Security KeysGoogle this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google's various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft.
Patch Tuesday Lowdown, April 2019 EditionMicrosoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player.
A Year Later, Cybercrime Groups Still Rampant on FacebookAlmost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching turned up more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis found some…
Security Affairs newsletter Round 210 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Attackers hacked support agent to access Microsoft Outlook email accounts Major coordinated disinformation campaign hit the Lithuanian Defense Romanian duo convicted of fraud Scheme infecting 400,000 computers Security Affairs…
60 Million records of LinkedIn users exposed online Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Most of the data are publicly available, the databases also include the email addresses of the…
INPIVX hidden service, a new way to organize ransomware attacks A new service called Inpivx represents the evolution of the ransomware-as-a-service making it very easy for wannabe crooks to develop their malware and build a management panel. A new Tor hidden service called Inpivx evolves the concept of the ransomware-as-a-service making it very easy for crooks without technical skills to develop their own malware and…
Marcus Hutchins pleads guilty to two counts of banking malware creation British malware researcher Marcus Hutchins has pleaded guilty to developing and sharing the banking malware between July 2014 and July 2015. The popular British cybersecurity expert Marcus Hutchins has pleaded guilty to developing and sharing the Kronos banking malwarebetween July 2014 and July 2015. Marcus Hutchins, also known as MalwareTech, made the headlines after discovering…
Avast, Avira, Sophos and other antivirus solutions show problems after Antivirus solutions from different vendors are having malfunctions after the installation of Windows security patches released on April 9, including McAfee, Avast and Sophos. Antivirus solutions from different vendors are showing malfunctions after the installation of Windows security patches released on April 9. Antivirus solutions from Sophos, Avira, ArcaBit, Avast, and recently McAfee reported security…
Google is going to block logins from embedded browsers against MitM phishing attacks Google this week announced that it is going to block login attempts from embedded browser frameworks to prevent man-in-the-middle (MiTM) phishing attacks. Phishing attacks carried out by injecting malicious content in legitimate traffic are difficult to detect when attackers use an embedded browser framework or any other automated tool for authentication. For example, the embedded…
Hacker broke into super secure French Government’s Messaging App Tchap hours after release A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to break into Tchap, a new secure messaging app launched by the French government for encrypted communications between officials and…
Facebook admitted to have stored millions of Instagram users’ passwords in plaintext Other problems for Facebook that admitted to have stored millions of Instagram users’ passwords in plaintext Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission In March, Facebook admitted to have stored the…
Operator of Codeshop Cybercrime Marketplace Sentenced to 90 months in prison Djevair Ametovski was sentenced to 90 months in prison for operating an international cybercrime marketplace named Codeshop. Macedonian national Djevair Ametovski (32) was sentenced to 90 months in prison by US DoJ authorities for operating an international cybercrime marketplace named Codeshop. Codeshop.su was a website that specialized in selling stolen payment card data. Ametovski acquired…
Source code of tools used by OilRig APT leaked on Telegram Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. A hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig, APT34, and HelixKitten. OilRig is an Iran-linked APT group that has been…
Ransomware attack knocks Weather Channel off the Air A ransomware attack knocked the Weather Channel off the air for at least 90 minutes Thursday morning, federal law enforcement are investigating the incident.A ranomware attack knocked the Weather Channel off the air for at least 90 minutes Thursday morning, federal law enforcement are investigating the incident. A cyber attack hit the Weather Channel and…
Broadcom WiFi Driver bugs expose devices to hack Experts warn of security flaws in the Broadcom WiFi chipset drivers that could allow potential attackers to remotely execute arbitrary code and to trigger DoS. According to a DHS/CISA alert and a CERT/CC vulnerability note, Broadcom WiFi chipset drivers are affected by security vulnerabilities impacting multiple operating systems. The flaws could be exploited to remotely execute arbitrary…
Analyzing OilRig’s malware that uses DNS Tunneling Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. OilRig is an Iran-linked APT group that has been…
Drupal patched security vulnerabilities in Symfony, jQueryThe developers of the Symfony PHP web application framework released updates that patch five vulnerabilities, three affecting the Drupal CMS. The development team of the Symfony PHP web application framework released security updates for five issues, three of which also affects Drupal 7 and 8. The developers of the Symfony PHP web application framework addressed…
Facebook ‘unintentionally’ collected contacts from 1.5 Million email accounts without permissionFacebook made the headlines once again for alleged violations of the privacy of its users, this time collecting contacts from 1.5 Million email accounts without permission. New problems for Facebook, the company collected contacts from 1.5 Million email accounts without user’permission. We recently read about an embarrassing incident involving the social network giant that asked…
Top 5 Best Ways to Keep Your Data Center Safe and Secure Everybody knows by now that Cloud technology has changed our lives. So much so that it isn’t even news anymore: The Cloud is just there. It puts our lives at ease, of course, to know that our data and information is stored safely in data centers all over the world. These centers are encrypted, secured…
Hackers Launching DNS Hijacking Attack to Gain Access to Telecommunication & ISP Networks Researchers discovered a new malicious campaign called “Sea Turtle,” attack public and private entities in various countries using DNS hijacking as a mechanism. State sponsored threat actors compromise at least 40 different organizations across 13 different countries during this malicious campaign in the first quarter of 2019. Attackers carried out highly persistent tactics and advanced…
Most Hacked Passwords – Top 100,000 Common Passwords that Already Known to Hackers Password plays a vital role in securing your account, a common password is easy to remember, but it will be easier for an attacker to guess the password. An analysis of most Hacked Passwords showing still people is using weak passwords. Based on the UK’s National Cyber Security Centre breach analysis, the password ‘123456’ has…
Hackers Launching Malware via Weaponized Excel File to Gain the Remote Access to the Target Computers Cyber criminals launching a new malware campaign that make use of legitimate script engine AutoHotkey with a malicious script to evade detection and also gain the remote access to the targeted system. AutoHotkey is an open source Microsoft Windows tool that allows you to create macros, scripts, and automate frequently performed tasks on your computer. Attackers…
Perform Vulnerability Scanning in Your Network using Maltego Maltego is an intelligence gathering tool, its available for windows, mac, and Linux. We will be using Kali Linux where it’s available by default. Remember to register on their website and I have it configured. There are a lot of things maltego can do not just information gathering it can also brute force a website…
The Weather Channel Under Ransomware Attack – Site Went Offline for 90 Minutes The weather channel hit with a ransomware attack on its own network stop’s the live Broadcasting and down the website about 90 minutes On Thursday morning, from 6AM to 7:39AM. The Weather Channel (TWC) is an American pay television channel owned by The Weather Group, LLC and the channel broadcasts weather forecasts and weather-related news and analysis,…
WannaCry Hero Marcus Hutchins(MalwareTech) Pleads Guilty to Developing a Banking Malware WannaCry hero, Marcus Hutchins, pleads guilty for writing banking malware UPAS Kit and Kronos, prior to years he started his career as malware analyst. He is known for registering the killswitch domain in 2017 which halted the WannaCry ransomware infection process. According to the court documents obtained by ZDNet, he pleaded guilty to two counts,…
USBStealer – Password Hacking Tool For Windows Applications to Perform Windows Penetration Testing USBStealer is a Windows Based Password Hacker Tool that helps to Extract the password from Windows-Based Applications such as Chrome Password, FireFox Password, NetPassword, Admin passwords of the Windows Computer. The vast majority of the general population realize that windows stores a large portion of its passwords on everyday schedule, Such as delegate passwords, Yahoo…
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
APT34 Toolset, Victim Data Leaked via Telegram For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
Free Princeton Application Provides IoT Traffic Insight The application developed by a research group allows users to spot possible IoT security problems.
Why We Need a 'Cleaner Internet' Introducing a 'Cleaner Internet'
Third-Party Cyber-Risk by the Numbers Recent stats show that the state of third-party cyber-risk and vendor risk management remains largely immature at most organizations.
‘NamPoHyu Virus’ Ransomware Targets Samba Servers and Encrypt Files Remotely New ransomware spotted NamPoHyu Virus or MegaLocker virus targeting the remote samba servers in a unique way. The common way of delivering ransomware is through email attachments or by compromising the victim’s network and ransomware infection are installed on the computer that to be encrypted. According to Bleeping computer analysis, the new variant searches for…
Facebook Stored Millions of Instagram Users Password in Plain Text Facebook revealed last month that they stored tens of millions of Facebook password in plain text including thousand of the Instagram password instead of masking it as a human-readable format. Now its worse than earlier report, and the number has been revised in the Facebook new update that states they discovered additional logs that contain…
- 60 Million records of LinkedIn users exposed online Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data.
- INPIVX hidden service, a new way to organize ransomware attacks A new service called Inpivx represents the evolution of the ransomware-as-a-service making it very easy for wannabe crooks to develop their malware and build a management panel.
- Most Hacked Passwords – Top 100,000 Common Passwords that Already Known to Hackers Password plays a vital role in securing your account, a common password is easy to remember, but it will be easier for an attacker to guess the password. An analysis of most Hacked Passwords showing still people is using weak passwords.
- Hackers Launching Malware via Weaponized Excel File to Gain the Remote Access to the Target Computers Cyber criminals launching a new malware campaign that make use of legitimate script engine AutoHotkey with a malicious script to evade detection and also gain the remote access to the targeted system. AutoHotkey is an open source Microsoft Windows tool that allows you to create macros, scripts, and automate frequently performed tasks on your computer.
Sirin Labs Finney Review: Does This Crypto Smartphone Stand a Chance Against the Samsung Galaxy S10? Source: Justin Sullivan / Getty Images / AFP At this point in the review, it’s time to discuss the $999 elephant in the room. That, incidentally, is the price tag for both the Sirin Labs Finney and the Samsung Galaxy S10+, which is the first flagship device from a mainstream smartphone manufacturer to feature native…
- Avast, Avira, Sophos and other antivirus solutions show problems after Antivirus solutions from different vendors are having malfunctions after the installation of Windows security patches released on April 9, including McAfee, Avast and Sophos. Antivirus solutions from different vendors are showing malfunctions after the installation of Windows security patches released on April 9.
Here’s What Will Trigger the Next Mammoth Bitcoin Rally Source: Drew Angerer / Getty Images / AFP Speaking to Fortune in late 2018 about his intent to bring bitcoin to 401(k) plans, NYSE chairman Jeff Sprecher stated that bitcoin does not have a good market structure yet. “Bitcoin does not have a good market structure. Even for Bitcoin, different markets are posting lots of…
A cyber-attack in Japan could now bring the US into war The important stories of innovation across the continent’s wide-ranging economies In-depth coverage of the world’s largest democracy for India and its far-flung diaspora Lifestyle, culture, and living well in the new global economy Management news, advice, and ideas for business leaders Create, share, and discover charts, using the same tools as the Quartz newsroom In…
Mueller report highlights scope of election security challenge Please enter a valid email address. We sent this offer to john.smith@gmail.
Our Binance Overlord’s Bitcoin SV Slaying is Frightening for Cryptocurrency Binance, the world’s largest cryptocurrency exchange, announced the delisting of Bitcoin SV (BSV) on Monday after CEO and founder Changpeng Zhao decided he’d had enough of the antics of Fake Satoshi, Craig S. Wright. Within hours, Kraken and Shapeshift followed suit. You’d have to travel far and wide to find anyone gullible enough to defend…
Thailand Is Opening Up to Crypto, One Step Closer to ICO and STO Thailand is opening up to crypto, operating an ICO portal and considering the possibility of regulating security tokens.
- WannaCry Hero Marcus Hutchins(MalwareTech) Pleads Guilty to Developing a Banking Malware WannaCry hero, Marcus Hutchins, pleads guilty for writing banking malware UPAS Kit and Kronos, prior to years he started his career as malware analyst. He is known for registering the killswitch domain in 2017 which halted the WannaCry ransomware infection process.
Mueller Ignored Findings Of Former Intel Officials On DNC Emails Special Counsel Robert Mueller’s report on an investigation into alleged Russian efforts to meddle in the 2016 presidential election does not confirm, without a doubt, that Russian intelligence agents or individuals tied to Russian intelligence agencies passed on emails from Hillary Clinton’s campaign to WikiLeaks. Mueller’s team highlighted statements from WikiLeaks on Twitter about former…
China's Theft & Espionage: What Must Be Done Chendgu J-20 fighter prototypes, considered suspiciously similar to the American F-35 Joint Strike Fighter Nick Eftimiades, a retired senior intelligence officer and now a lecturer at Penn State Harrisburg, offers a detailed prescription below for how to blunt Chinese economic and cyber espionage. No-fly lists, worldwide travel limits, restrictions on universities against sharing data or working with…
US Presidential Candidate Yang Promises 'Clear' Bitcoin Regulation 10:00 Follow Bitcoinist on social media to keep up-to-date with the latest news! We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.
- Security Affairs newsletter Round 210 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Attackers hacked support agent to access Microsoft Outlook email accounts Major coordinated disinformation campaign hit the Lithuanian Defense Romanian duo convicted of fraud Scheme infecting 400,000 computers Security Affairs…
- 60 Million records of LinkedIn users exposed online Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Most of the data are publicly available, the databases also include the email addresses of the…
- INPIVX hidden service, a new way to organize ransomware attacks A new service called Inpivx represents the evolution of the ransomware-as-a-service making it very easy for wannabe crooks to develop their malware and build a management panel. A new Tor hidden service called Inpivx evolves the concept of the ransomware-as-a-service making it very easy for crooks without technical skills to develop their own malware and…
- Marcus Hutchins pleads guilty to two counts of banking malware creation British malware researcher Marcus Hutchins has pleaded guilty to developing and sharing the banking malware between July 2014 and July 2015. The popular British cybersecurity expert Marcus Hutchins has pleaded guilty to developing and sharing the Kronos banking malwarebetween July 2014 and July 2015. Marcus Hutchins, also known as MalwareTech, made the headlines after discovering…
- Avast, Avira, Sophos and other antivirus solutions show problems after Antivirus solutions from different vendors are having malfunctions after the installation of Windows security patches released on April 9, including McAfee, Avast and Sophos. Antivirus solutions from different vendors are showing malfunctions after the installation of Windows security patches released on April 9. Antivirus solutions from Sophos, Avira, ArcaBit, Avast, and recently McAfee reported security…
- Google is going to block logins from embedded browsers against MitM phishing attacks Google this week announced that it is going to block login attempts from embedded browser frameworks to prevent man-in-the-middle (MiTM) phishing attacks. Phishing attacks carried out by injecting malicious content in legitimate traffic are difficult to detect when attackers use an embedded browser framework or any other automated tool for authentication. For example, the embedded…
- Hacker broke into super secure French Government’s Messaging App Tchap hours after release A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to break into Tchap, a new secure messaging app launched by the French government for encrypted communications between officials and…
- Facebook admitted to have stored millions of Instagram users’ passwords in plaintext Other problems for Facebook that admitted to have stored millions of Instagram users’ passwords in plaintext Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission In March, Facebook admitted to have stored the…
- Operator of Codeshop Cybercrime Marketplace Sentenced to 90 months in prison Djevair Ametovski was sentenced to 90 months in prison for operating an international cybercrime marketplace named Codeshop. Macedonian national Djevair Ametovski (32) was sentenced to 90 months in prison by US DoJ authorities for operating an international cybercrime marketplace named Codeshop. Codeshop.su was a website that specialized in selling stolen payment card data. Ametovski acquired…
- Source code of tools used by OilRig APT leaked on Telegram Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. A hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig, APT34, and HelixKitten. OilRig is an Iran-linked APT group that has been…
- Ransomware attack knocks Weather Channel off the Air A ransomware attack knocked the Weather Channel off the air for at least 90 minutes Thursday morning, federal law enforcement are investigating the incident.A ranomware attack knocked the Weather Channel off the air for at least 90 minutes Thursday morning, federal law enforcement are investigating the incident. A cyber attack hit the Weather Channel and…
- Broadcom WiFi Driver bugs expose devices to hack Experts warn of security flaws in the Broadcom WiFi chipset drivers that could allow potential attackers to remotely execute arbitrary code and to trigger DoS. According to a DHS/CISA alert and a CERT/CC vulnerability note, Broadcom WiFi chipset drivers are affected by security vulnerabilities impacting multiple operating systems. The flaws could be exploited to remotely execute arbitrary…
- Analyzing OilRig’s malware that uses DNS Tunneling Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. OilRig is an Iran-linked APT group that has been…
- Drupal patched security vulnerabilities in Symfony, jQueryThe developers of the Symfony PHP web application framework released updates that patch five vulnerabilities, three affecting the Drupal CMS. The development team of the Symfony PHP web application framework released security updates for five issues, three of which also affects Drupal 7 and 8. The developers of the Symfony PHP web application framework addressed…
- Facebook ‘unintentionally’ collected contacts from 1.5 Million email accounts without permissionFacebook made the headlines once again for alleged violations of the privacy of its users, this time collecting contacts from 1.5 Million email accounts without permission. New problems for Facebook, the company collected contacts from 1.5 Million email accounts without user’permission. We recently read about an embarrassing incident involving the social network giant that asked…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...