Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Encoding Stolen Credit Card Data on Barcodes Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the…
Pay Up, Or We’ll Make Google Ban Your Ads A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google's AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher's ads with so much bot and junk traffic that Google's automated anti-fraud systems suspend the user's AdSense…
A Light at the End of Liberty Reserve’s Demise?In May 2013, the U.S. Justice Department seized Liberty Reserve, alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part of the takedown, KrebsOnSecurity filed a claim…
Microsoft Patch Tuesday, February 2020 EditionMicrosoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.
U.S. Charges 4 Chinese Military Officers in 2017 Equifax HackThe U.S. Justice Department today unsealed indictments against four Chinese officers of the People's Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft…
Dangerous Domain Corp.com Goes Up for SaleAs an early domain name investor, Mike O'Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O'Connor refused to auction perhaps the most sensitive domain in his stable -- corp.com. It is sensitive because years of…
When Your Used Car is a Little Too ‘Mobile’Many modern vehicles let owners use the Internet or a mobile device to control the car's locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here's the story of one former electric vehicle owner who discovered…
Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of…
Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way! Go grab a copy of the Gerbers and 3D-printed Case STL files at https://github.com/whid-injector/Focaccia-Board and print through your favorite FAB. Prologue Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. stlink, jlink, RS23–2-2USB, etc.). It was always a PITA bringing around a device…
CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability A security expert found a flaw in SharePoint that could be exploited to remotely execute arbitrary code by sending a specially crafted SharePoint application package. Summary:A few days ago I saw a post from Alienvault which says attackers are still exploiting SharePoint vulnerability to attack Middle East government organization. Having said that I found Income Tax Department…
Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability…
FC Barcelona and the International Olympic Committee Twitter accounts hacked The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC). On Saturday, the…
Russian govn blocked Tutanota service in Russia to stop encrypted communication Tutanota, the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. Since early February, the Russian government has blocked other encrypted email and VPN services in Russia, including ProtonMail and ProtonVPN VPN service. Tutanota is listed in the registry of blocked…
Launching the First “Yomi Hunting” Challenge! About a year ago, Yoroi released the Yomi Hunter sandbox, today, they love to challenge the malware community with the first “Yomi Hunting” contest. About a year ago, we publicly released the Yomi Hunter sandbox for a few simple reasons: in Yoroi we believe in the InfoSec community value, we think it plays a central…
Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign Security experts from Yoroy-Cybaze ZLab have conducted a detailed analysis of an implant used by the Gamaredon APT group in a recent campaign. Introduction Gamaredon Group is a Cyber Espionage persistent operation attributed to Russians FSB (Federal Security Service) in a long-term military and geo-political confrontation against the Ukrainian government and more in general against…
IDF soldiers tricked into installing malicious apps by Hamas operatives posing as attractive women Israeli Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers’ phones by posing as attractive women on social media. Israeli Defence Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers’ mobile devices by posing as attractive women on social media and…
Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. During the last quarter of 2019, experts from security firm ClearSky uncovered a hacking campaign tracked…
US administration requests $9.8B for cyber 2021 budget for the Department of Defense The US administration requested $9.8 billion for cyber in next year’s budget for the Department of Defense, the amount is the same as last year. The US administration requested $9.8 billion for cyber operations in next year’s budget for the Department of Defense, a data that confirms the strategic importance of the fifth domain of…
Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak Organizers of Black Hat Asia and DEF CON China security conferences announced that they put the events on hold due to the Coronavirus outbreak. Bad news for cybersecurity passionates and experts, organizers of Black Hat Asia and DEF CON China security conferences announced last week that they have put the events on hold due to…
Security Affairs newsletter Round 251 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Maastricht University finally paid a 30 bitcoin ransom to crooks Massive DDoS attack brought down 25% Iranian Internet connectivity The number of cyber attacks on Saudi Aramco is increasing 1.2 million CPR numbers for Danish citizen leaked through…
IOTA cryptocurrency shuts down entire network after a coordinated attack on its Trinity wallet IOTA Foundation behind the IOTA cryptocurrency was forced to shut down its entire network following a cyber attack that resulted in the theft of funds. Hackers have exploited a vulnerability in the official IOTA wallet to steal funds from the users. In response to the incident, the IOTA Foundation, the nonprofit organization behind the IOTA…
NextMotion plastic surgery tech firm data leakPhotos and personal information belonging to patients of the NextMotion plastic surgery tech firm have been exposed online through an unsecured S3 bucket. Hundreds of thousands of documents containing photos and personal information belonging to patients of the plastic surgery technology company NextMotion have been exposed online through an unsecured Amazon Web Services (AWS) S3…
Lumu to Emerge from Stealth at RSAC The new company will focus on giving customers earlier indications of network and server compromise.
1.7M Nedbank Customers Affected via Third-Party Breach A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
Firmware Weaknesses Can Turn Computer Subsystems into Trojans Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants.
Fox Kitten – Iranian Malware Campaign Exploiting Vulnerable VPN Servers To Hack The Organizations Internal Networks Researchers discovered a widespread Iranian malware campaign called Fox Kitten that targeting the several organization networks by exploiting the Vulnerabilities in VPN. The organization its targets are mainly related to IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world. Once the attacker successfully exploited the network, they are gaining the persistence access…
Diving Deeper to Understand the Windows Event logs for Cyber Security Operation Center (SOC) Cyber Security operations center is protecting organizations and sensitive business data of customers. It ensures active monitoring of valuable assets of business with visibility, alerting and investigating threats and a holistic approach to managing risk. Analytics service can be in-house or managed security service. Collecting event logs and analyzing logs with real-world attacks is the…
Most Important Web Application Penetration Testing Tools & Resources for Hackers and Security Professionals Web Application Pentesting Tools are more often used by security industries to test the vulnerabilities of web-based applications. Here you can find the Comprehensive Web Application Pentesting ToolsWeb Application Penetration Testing list that covers Performing Penetration testing Operation in all the Corporate Environments. You can learn best Master level Web Hacking and Penetration Testing Complete…
10 Best Free Firewall Software 2020 to Protect Your Network In this article, we have done the depth analysis and list you top 10 best Free Firewall software that provided extended security to protect your system from the bad actors. Generally, every computer is connected to the internet and is susceptible to being the victim of a hacker or an unwanted attack. The whole procedure,…
Android XHelper Malware Reinstall Itself Again & Again After Removed it Using Advanced Persistence Technique Researchers uncovered a stealthy Android malware called XHelper that has unseen reinstalling capability after the malware removed from the infected Android device. Once removed the XHelper malware from the devices, within an hour, the variants of xHelper Trojan agent was re-infecting over and over again. We have reported the same Android Trojan xHelper in last…
SweynTooth – 11 Bluetooth Bugs That Affected SoC Vendors Let Hackers to Crash The Device & Execute the Code Remotely A group of security researchers uncovered a 12 Bluetooth based vulnerabilities dubbed “SweynTooth” in BLE software development kits of seven major system-on-a-chip (SoC) vendors. BLE ( Bluetooth Low Energy) a technology developed for wireless communication with a set of many standardized protocols that provide remote connectivity and also specifically handles the battery life of the device…
These are the Top 5 Publicly Available Hacking Tools Mostly used By Hackers Cyber Criminals are using various malicious tools for cyber attacks based on the target’s strength to infiltrate the sensitive data and more often nowadays Publicly Available Hacking Tools are mainly used by threat actors for various attacks around the world. Today in the cyber worlds hacking tools are openly available with various functionalities and freely…
Surprising Differences between TLS and SSL Protocol TLS is simply a successor of SSL 3.0, TLS is a protocol which provides Data encryption and Integrity between communication channels. SSL 3.0 is served as a base for TLS 1.0. SSL OR TLS Which is good? We use to believe that TLS 1.0 is a Successor of SSL 3.0. As we know SSL3.0 are…
Palm Beach Elections Office Hit with Ransomware Pre-2016 ElectionPalm Beach County's elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida.
Ovum to Expand Cybersecurity Research Under New Omdia GroupInforma Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit research.
The 5 Love Languages of CybersecurityWhen it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication.
Top 6 Best Ad Blocker for Android Devices in 2020 to Stop Annoying AdsAd blocker is one of the important utility which helps to get rid of the annoying ads in your android devices. Advertisements are everywhere, thanks to the digital transformation that’s happening across the world. Ads can help or annoy users based on their interest in it. With digitalization, laptops and smartphones have become the default…
- Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of…
- Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way! Go grab a copy of the Gerbers and 3D-printed Case STL files at https://github.com/whid-injector/Focaccia-Board and print through your favorite FAB. Prologue Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. stlink, jlink, RS23–2-2USB, etc.). It was always a PITA bringing around a device…
- CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability A security expert found a flaw in SharePoint that could be exploited to remotely execute arbitrary code by sending a specially crafted SharePoint application package. Summary:A few days ago I saw a post from Alienvault which says attackers are still exploiting SharePoint vulnerability to attack Middle East government organization. Having said that I found Income Tax Department…
- Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability…
- FC Barcelona and the International Olympic Committee Twitter accounts hacked The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC). On Saturday, the…
- Russian govn blocked Tutanota service in Russia to stop encrypted communication Tutanota, the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. Since early February, the Russian government has blocked other encrypted email and VPN services in Russia, including ProtonMail and ProtonVPN VPN service. Tutanota is listed in the registry of blocked…
- Launching the First “Yomi Hunting” Challenge! About a year ago, Yoroi released the Yomi Hunter sandbox, today, they love to challenge the malware community with the first “Yomi Hunting” contest. About a year ago, we publicly released the Yomi Hunter sandbox for a few simple reasons: in Yoroi we believe in the InfoSec community value, we think it plays a central…
- Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign Security experts from Yoroy-Cybaze ZLab have conducted a detailed analysis of an implant used by the Gamaredon APT group in a recent campaign. Introduction Gamaredon Group is a Cyber Espionage persistent operation attributed to Russians FSB (Federal Security Service) in a long-term military and geo-political confrontation against the Ukrainian government and more in general against…
- IDF soldiers tricked into installing malicious apps by Hamas operatives posing as attractive women Israeli Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers’ phones by posing as attractive women on social media. Israeli Defence Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers’ mobile devices by posing as attractive women on social media and…
- Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. During the last quarter of 2019, experts from security firm ClearSky uncovered a hacking campaign tracked…
- US administration requests $9.8B for cyber 2021 budget for the Department of Defense The US administration requested $9.8 billion for cyber in next year’s budget for the Department of Defense, the amount is the same as last year. The US administration requested $9.8 billion for cyber operations in next year’s budget for the Department of Defense, a data that confirms the strategic importance of the fifth domain of…
- Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak Organizers of Black Hat Asia and DEF CON China security conferences announced that they put the events on hold due to the Coronavirus outbreak. Bad news for cybersecurity passionates and experts, organizers of Black Hat Asia and DEF CON China security conferences announced last week that they have put the events on hold due to…
- Security Affairs newsletter Round 251 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Maastricht University finally paid a 30 bitcoin ransom to crooks Massive DDoS attack brought down 25% Iranian Internet connectivity The number of cyber attacks on Saudi Aramco is increasing 1.2 million CPR numbers for Danish citizen leaked through…
- IOTA cryptocurrency shuts down entire network after a coordinated attack on its Trinity wallet IOTA Foundation behind the IOTA cryptocurrency was forced to shut down its entire network following a cyber attack that resulted in the theft of funds. Hackers have exploited a vulnerability in the official IOTA wallet to steal funds from the users. In response to the incident, the IOTA Foundation, the nonprofit organization behind the IOTA…
- NextMotion plastic surgery tech firm data leakPhotos and personal information belonging to patients of the NextMotion plastic surgery tech firm have been exposed online through an unsecured S3 bucket. Hundreds of thousands of documents containing photos and personal information belonging to patients of the plastic surgery technology company NextMotion have been exposed online through an unsecured Amazon Web Services (AWS) S3…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...