Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Alleged Child Porn Lord Faces US ExtraditionIn 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring - 33-year-old Freedom Hosting operator Eric Eoin Marques - was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This…
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for YearsHundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
Why Phone Numbers Stink As Identity ProofPhone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on…
Ad Network Sizmek Probes Account BreachOnline advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access…
Patch Tuesday, March 2019 EditionMicrosoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws…
Operation ShadowHammer – Supply-Chain attack hit ASUS users Operation ShadowHammer – ASUS is the last victim of a clamorous supply chain attack that delivered a backdoor to more than one million users, Kaspersky Lab reported. Over 1 million ASUS users may have been impacted by a supply chain attack that leveraged the ASUS Live Update utility to inject a backdoor in ASUS systems.…
Anubis II – malware and afterlife Due to the growing demand for Android banking malware, threat actors continue using Anubis even is the creator has vanished. Introduction Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Anubis II is…
Free Tools: spotting APTs through Malware streams Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (Advanced Persistent Threats) through Malware streams. There are many ways to spot Advanced Persistent Threats, for example during a forensic analysis on “high rate incident” or having sandbox systems on critical infrastructures or again working as…
Hackers raised fake tornado alarms in two Texas towns Hackers took control of the emergency tornado alarms in Texas causing the panic, it has happened on March 12th, at around 2:30 a.m., On March 12th, at around 2:30 a.m. in two towns in Texas (the DeSoto and Lancaster areas) hackers took control of the emergency tornado alarms causing the panic among residents. The alarms…
PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel It is a battle with no holds barred between T-Series and PewDiePie, their fans are spreading the PewDiePie ransomware to force users to subscribe to PewDiePie Youtube channel. The story I’m going to tell you is another chapter of the battle between the most followed Youtuber T-Series and PewDiePie. T-Series is an Indian music company,…
Telegram allows users to delete any sent/received message from both sides with no time limit Telegram development team implemented a new feature that allows users to delete any received message from the sender’s device. Telegram announced a new feature to improve user privacy, the development team implemented a functionality that allows users to delete any received message from the sender’s device. Two years ago, Telegram introduced the “unsend” feature that…
Microsoft Defender ATP now protects also macOS Microsoft has announced the availability of Defender ATP Endpoint Security for Apple macOS Microsoft has announced the availability of Microsoft 365 advanced endpoint security solution across platforms, with the support of Apple Mac it added to Microsoft Defender Advanced Threat Protection (ATP). Microsoft Windows Defender ATP was first introduced in 2016 as a defensive solution…
Federal Emergency Management Agency’s (FEMA) data leak exposes data of 2.3M survivors The Federal Emergency Management Agency’s (FEMA) has disclosed a data leak that exposed banking details and other personal information of 2.3 million survivors. In case of national disasters, the Federal Emergency Management Agency’s (FEMA) offers a program called Transitional Sheltering Assistance (TSA) that provides shelter to survivors. News of the day is that FEMA has…
Security Affairs newsletter Round 206 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Experts uncovered a malspam campaign using Boeing 737 Max crashes gnosticplayers offers 26 Million new accounts for sale on the Dark Web Massive attacks bypass MFA on Office 365…
WordPress Social Warfare plugin zero-day exploited in attacks A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects. The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin…
Malware Static Analysis Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform massive Malware analysis research. The following interface stands in front of a live engine which takes binary files and runs them against a plethora of hundreds of YARA rules. Some of them are publicly available…
Pwn2Own 2019 Day 3: Experts hacked Tesla 3 browser Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser. Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal. The security experts Amat Cama and Richard Zhu of team…
Russian APT groups target European governments ahead of May ElectionsRussian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. According to experts from FireEye, Russia-linked APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) and Sandworm Team (also TeleBots) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The activity of the Russia-linked groups is…
Medtronic’s implantable heart defibrillators vulnerable to hackThe U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators. Multiple vulnerabilities in the heart defibrillators could be exploited by attackers to remotely control the devices, potentially putting the lives of patients at risk. An implantable cardioverter-defibrillator (ICD) is a device implantable inside the human…
Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 seriesCisco released security updates to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco released security patches to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco IP Phone 8800 series are business desk phones…
SilkETW – New Free Threat Intelligence Tool to Capture and Analyze Windows Events Logs SilkETW is a flexible tool aimed to reduce the complexities of ETW(Event Tracing for Windows) and to put actionable data in the hands of researches on both the defensive and offensive side. ETW is a kernel-level tracing facility that allows tracing the kernel logs or application-defined events logs. SilkETW makes the job straightforward by providing…
Telegram Now Allows You to Delete All Your Private Messages Anytime from both Sender & Receiver Telegram now landing into the peak of the privacy and let users delete their entire private messages from both sender and receiver side regardless of the time limit. Telegram is one of the most trusted platform and the one who is continuously fighting for users privacy in order to provide extreme comfortability within the platform.…
Building a Hacking Kit with Raspberry Pi and Kali Linux The Raspberry Pi has some unique features that are very powerful and easily accessible for a Hacking Kit. In particular, Pi is a joke and its components cost the price of a LEGO kit. So, Raspberry being highly discreet, small, thin and easy to hide and of course most important, runs Kali Linux natively (without…
What is Network Security Key? How to Find it in Your Network – Router, OS, Mobile A device’s network security key is a password or pass-phrase used to authenticate with a local area network (LAN). The typical modern LAN includes computers, mobile devices, smart TVs and more. The network key must be provided by any device that wants to connect to the LAN. With so many stories of cyber crimes hitting…
What is XSS (Cross Site Scripting) ? – A Detailed Understanding the Type of XSS XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable and also it is one of the important vulnerability in OWASP TOP 10. What is XSS( Cross Site Scripting )? An attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by…
Firefox 66.0.1 Released – Critical Security Vulnerabilities in Firefox Allows Hackers to Take Over the Vulnerable System Firefox 66.0.1 Released with Fix for Critical Security Vulnerabilities that discovered via Trend Micro’s Zero Day Initiative. The vulnerability affects all the versions of Firefox below 66.0.1. An attacker could exploit these vulnerabilities to take complete control over the target system of the process. CVE-2019-9810: Incorrect alias information Incorrect alias information with IonMonkey JIT compiler…
AZORult Malware Abusing RDP Protocol To Steal the Data by Establish a Remote Desktop Connection Sophisticated AZORult Malware emerges in a new form with advanced information stealing modules that capable of stealing sensitive information from infected computers. AZORult is one of the well-known malware that often sold in Russian forums for the higher price ($100) , since this malware contains a broad range of persistent functionality. It uses .bit domains…
Nmap – Penetration Testing Tool to Perform Information Gathering – A Detailed Explanation nmap is an open source network monitoring and port scanning tool to find the hosts and services in the computer by sending the packets to the target host for network discovery and security auditing. Numerous frameworks and system admins additionally think that its helpful for assignments, for example, network inventory, overseeing administration overhaul timetables, and…
Pwn2Own 2019 – Tesla Car Internet Browser Hacked – Hackers Won the Car & $545,000 in Total – Day 3 First and the second-day contest ended up with a various successful attempt to exploit the different bugs in multiple software vendors including, Microsoft, VMware, Oracle and Apple. In Pwn2Own 2019 final day, Zero Day Initiative introduced the Tesla car in automotive category and the Fluoroacetate team made an attempt to exploit the Tesla Model 3…
Zero-day Stored XSS Vulnerability in WordPress Social Share Plug-in let Hackers to Compromise 70,000 Websites Researchers discovered a critical Stored XSS Zero-day flaw in widely used social sharing plug-in called “Social Warfare” let attackers inject the malicious script and take over the vulnerable WordPress websites. Social Warfare, a social sharing plugin for WordPress powered by Warfare Plugins that help to get more social shares for WordPress based website developers which…
Malicious Payload Evasion Techniques with Advanced Exploitation Frameworks Sophisticated threats are Evolving with much more advanced capabilities and giving more pain for analysis even evade the advanced security software such as Antivirus. This comparison is made by the payload ability to bypass the default security frameworks accessible on Windows machines and antivirus systems available, searching for an approach to get a payload that…
Load Balancer – How Does it Work With Reconnaissance Phase During Penetration Testing?Load Balancer basically helps to distribute the network traffic across the multiple servers to improve the network, application performance. the Reconnaissance work on target to find out target domain has a load balancer so that penetration testing does not misdirect your probs or attacks. So Its recommended to check the domain has a Load balancer,…
Two Found Guilty in Online Dating, BEC SchemeCybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
Pwn2Own 2019 – Firefox, Edge, Windows, VMware Hacked – Ethical Hackers Earned $270,000 USD in Day 2In the second day of Pwn2Own 2019 contest, Ethical Hackers compromised Microsoft Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits. The first day, 2 teams of researchers and 2 independent researchers have been made $240,000 USD by reporting 9 zero-day bugs in Safari, VMware,…
Security Lessons from My Game ClosetIn an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
First boat of the 2019 shipping season celebrated at the Soo Locks Sinclair Broadcast Group is partnering with the Salvation Army to deliver aid to Midwestern states devastated by flooding. Eric Bolling and Liberty University hold a town hall event about the ongoing opioid epidemic at 7 pm EST/4 pm PST Wednesday Several northern Michigan communities are under run water notices. CHIPPEWA COUNTY, Mich. (WPBN/WGTU) -- The…
- PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel It is a battle with no holds barred between T-Series and PewDiePie, their fans are spreading the PewDiePie ransomware to force users to subscribe to PewDiePie Youtube channel. The story I’m going to tell you is another chapter of the battle between the most followed Youtuber T-Series and PewDiePie.
Second Critical Crypto Flaw Found in Swiss E-Voting System read more
One Small Bitcoin Rival Is Up Almost 50% So Far This Year--Here's Why To consent and proceed, click "Continue to Site." Bitcoin has been flatling since taking a sharp dive late last year but the market for some minor cryptocurrencies, known as altcoins, has risen—with some digital tokens making major strides. The bitcoin price is down some 80% from its all-time highs set more than a year ago…
Cryptocurrency: Zuckerberg, Dimon, Maduro…You Are Not Welcome Here! Facebook is the latest in a raft of corporate or government entities creating their own cryptocurrencies. Within weeks of JPMorgan announcing its plans to launch the JPMorgan coin, sources leaked confirmation of the crypto landscape’s worst-kept secret–that the Zuckerberg blockchain team was working on a native cryptocurrency. The social network joins a dubious lineup of…
Interview with CEO of NSO Group – Israeli spyware-maker – on fighting terror, Khashoggi murder, and Saudi Arabia - 60 Minutes 
CBS News to air one-hour Mueller Report investigation special Washington Weather Summary: 61 degrees DOJ: Mueller report found Trump did not conspire with Russia, insufficient evidence of obstruction WASHINGTON — CBS News will air “The Mueller Report: A Turning Point,” a one-hour primetime special on the Special Counsel’s two-year investigation into the allegations that President Trump coordinated with Russia to win the White House. …
Four More Suspects Arrested in $14.5 Million Cryptocurrency Scam in India The crime branch of the Indian city of Mumbai has reportedly cracked down on another fraudulent cryptocurrency-related investment scheme. In this particular incident, Indian officials have taken four additional male suspects into custody - after uncovering what appears to be one of several new scams involving cryptocurrencies. According to the Times of India, local authorities have…
How To Protect Your Social Security Number From Data Breaches Sadly, data breaches have become so common that every few weeks, reports of another massive hack circulate, as regular as clockwork. Their reach seems to be growing, too. In 2017, 143 million Americans had their personal data compromised through the Equifax breach. In 2018, the personal data of 500 million people was compromised in Marriott's cyber breach.…
Trump Aided and Abetted Russia's Attack. That Was Treachery. Full Stop. On Sunday afternoon Attorney General William Barr sent a letter to Congress noting that Special Counsel Robert Mueller’s investigation “did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities.” The message also noted that Mueller could not exonerate President Donald Trump of obstruction of…
Russia Postpones Parliamentary Reading of Crypto Regulation Bill 
GCSB and SIS's 'hands tied behind their backs' - Simon Bridges New Zealand spy agencies' balance between privacy and security has tipped too far towards privacy, and should be revisited, National Party leader Simon Bridges says. Watch Simon Bridges speaking on Morning Report: The party is calling for the government to hold a Royal Commission of Inquiry into New Zealand's spy agencies and police after the…
- Microsoft Defender APT now protects also macOS Microsoft has announced the availability of Defender ATP Endpoint Security for Apple macOS Microsoft has announced the availability of Microsoft 365 advanced endpoint security solution across platforms, with the support of Apple Mac it added to Microsoft Defender Advanced Threat Protection (ATP).
Week in review: Norsk Hydro cyber attack, Android privacy, exploiting IMAP to bypass MFA Here’s an overview of some of last week’s most interesting news and articles: Norsk Hydro cyber attack: What happened? “Hydro subject to cyber-attack,” warned Oslo-headquartered Norsk Hydro ASA, one of the world’s biggest aluminum producers, on Tuesday. The company continued to keep the public appraised of the evolving situation. Attackers are exploiting IMAP to bypass…
Tor Digital Privacy Project Accepts Donations in Cryptocurrency Digital privacy project Tor is now accepting donations in cryptocurrencies.
- Operation ShadowHammer – Supply-Chain attack hit ASUS users Operation ShadowHammer – ASUS is the last victim of a clamorous supply chain attack that delivered a backdoor to more than one million users, Kaspersky Lab reported. Over 1 million ASUS users may have been impacted by a supply chain attack that leveraged the ASUS Live Update utility to inject a backdoor in ASUS systems.…
- Anubis II – malware and afterlife Due to the growing demand for Android banking malware, threat actors continue using Anubis even is the creator has vanished. Introduction Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Anubis II is…
- Free Tools: spotting APTs through Malware streams Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (Advanced Persistent Threats) through Malware streams. There are many ways to spot Advanced Persistent Threats, for example during a forensic analysis on “high rate incident” or having sandbox systems on critical infrastructures or again working as…
- Hackers raised fake tornado alarms in two Texas towns Hackers took control of the emergency tornado alarms in Texas causing the panic, it has happened on March 12th, at around 2:30 a.m., On March 12th, at around 2:30 a.m. in two towns in Texas (the DeSoto and Lancaster areas) hackers took control of the emergency tornado alarms causing the panic among residents. The alarms…
- PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel It is a battle with no holds barred between T-Series and PewDiePie, their fans are spreading the PewDiePie ransomware to force users to subscribe to PewDiePie Youtube channel. The story I’m going to tell you is another chapter of the battle between the most followed Youtuber T-Series and PewDiePie. T-Series is an Indian music company,…
- Telegram allows users to delete any sent/received message from both sides with no time limit Telegram development team implemented a new feature that allows users to delete any received message from the sender’s device. Telegram announced a new feature to improve user privacy, the development team implemented a functionality that allows users to delete any received message from the sender’s device. Two years ago, Telegram introduced the “unsend” feature that…
- Microsoft Defender ATP now protects also macOS Microsoft has announced the availability of Defender ATP Endpoint Security for Apple macOS Microsoft has announced the availability of Microsoft 365 advanced endpoint security solution across platforms, with the support of Apple Mac it added to Microsoft Defender Advanced Threat Protection (ATP). Microsoft Windows Defender ATP was first introduced in 2016 as a defensive solution…
- Federal Emergency Management Agency’s (FEMA) data leak exposes data of 2.3M survivors The Federal Emergency Management Agency’s (FEMA) has disclosed a data leak that exposed banking details and other personal information of 2.3 million survivors. In case of national disasters, the Federal Emergency Management Agency’s (FEMA) offers a program called Transitional Sheltering Assistance (TSA) that provides shelter to survivors. News of the day is that FEMA has…
- Security Affairs newsletter Round 206 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Experts uncovered a malspam campaign using Boeing 737 Max crashes gnosticplayers offers 26 Million new accounts for sale on the Dark Web Massive attacks bypass MFA on Office 365…
- WordPress Social Warfare plugin zero-day exploited in attacks A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects. The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin…
- Malware Static Analysis Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform massive Malware analysis research. The following interface stands in front of a live engine which takes binary files and runs them against a plethora of hundreds of YARA rules. Some of them are publicly available…
- Pwn2Own 2019 Day 3: Experts hacked Tesla 3 browser Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser. Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal. The security experts Amat Cama and Richard Zhu of team…
- Russian APT groups target European governments ahead of May ElectionsRussian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. According to experts from FireEye, Russia-linked APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) and Sandworm Team (also TeleBots) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The activity of the Russia-linked groups is…
- Medtronic’s implantable heart defibrillators vulnerable to hackThe U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators. Multiple vulnerabilities in the heart defibrillators could be exploited by attackers to remotely control the devices, potentially putting the lives of patients at risk. An implantable cardioverter-defibrillator (ICD) is a device implantable inside the human…
- Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 seriesCisco released security updates to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco released security patches to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers. Cisco IP Phone 8800 series are business desk phones…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...