Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. Experts discovered that recently patched Firefox zero-day vulnerability (CVE-2019-11707) has been exploited by threat actors to deliver Windows and Mac malware to employees of cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. Mozilla has addressed…
The Riviera Beach City pays $600,000 in ransom The Riviera Beach City, Florida, agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system. The Riviera Beach City Council voted unanimously to pay $600,000 in ransom to decrypt its records after a ransomware attack hit its systems. The council has previously agreed to spend $941,000 to…
Oregon Department of Human Services data breach impacted 645,000 clients Oregon Department of Human Services announced it was a victim of a data breach in January, roughly 645,000 potentially impacted. Oregon Department of Human Services officials confirmed that the organization has suffered a data breach that has exposed personal details and health information of 645,000 clients. The incident happened in January and the Oregon Department…
Tor Browser 8.5.2 fixes Firefox zero-day. Update it now! Developers at the Tor Project have released the Tor Browser 8.5.2 to address the recently fixed CVE-2019-11707 zero-day flaw in Mozilla Firefox. Yesterday I reported the news of a critical zero-day in Firefox that was addressed by Mozilla with a new release. The vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed…
Bouncing Golf cyberespionage campaign targets Android users in Middle East According to security researchers at Trend Micro, a cyberespionage campaign is targeting Android users in Middle Eastern countries. Security researchers at Trend Micro have spotted a cyberespionage campaign, dubbed ‘Bouncing Golf, that is targeting Android users in Middle Eastern countries. Threat actors are using a piece of malware detected as GolfSpy, that implements multiple features…
AMCA files for bankruptcy following the recently disclosed security breach Retrieval-Masters Creditors Bureau, the company that operates healthcare billing services provider AMCA, has filed for Chapter 11 bankruptcy due to a recent data breach. Retrieval-Masters Creditors Bureau, the company that operates the recovery agency for patient collections American Medical Collection Agency (AMCA), has filed for Chapter 11 bankruptcy due to a recent security breach that…
Another Remote Code Execution flaw in WebLogic exploited in the wild Oracle released emergency patches for another critical remote code execution vulnerability affecting WebLogic Server. On Tuesday, Oracle released emergency patches for another critical remote code execution vulnerability affecting the WebLogic Server. The vulnerability, tracked as CVE-2019-2729, affects WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The vulnerability is a remotely exploitable deserialization vulnerability via XMLDecoder in Oracle WebLogic…
Mozilla fixed a Firefox Zero-Day flaw exploited in targeted attacks Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild. Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild. The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed…
Eatstreet, the online food ordering service disclosed a security breach Eatstreet, the online food ordering service, disclosed a security breach that exposed customer payment card data and details of partners EatStreet, an online and mobile food ordering service, disclosed a security breach that exposed customer payment card data and details of delivery and restaurant partners Attackers breached the company network on May 3 stole data…
Modular Plurox backdoor can spread over local network Kaspersky experts recently discovered a backdoor dubbed Plurox that can spread itself over a local network and can allow installing additional malware. Kaspersky experts discovered the Plurox backdoor in February, it can spread itself over a local network and could be used by attackers to install additional malware. The Plurox backdoor is written in C…
Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. On Tuesday, the chief executive of London’s Serpentine Galleries, Yana Peel, resigned following the revelation of the Guardian newspaper about her links to the Israeli surveillance firm NSO Group. According to the newspaper, Yana…
Android Apps uses a novel technique to by-pass 2FA and steal Bitcoin Expert discovered a new technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions The popular security expert Lukas Stefanko from ESET discovered some apps (namedBTCTurk Pro Beta and BtcTurk Pro Beta) impersonating the Turkish cryptocurrency exchange, BtcTurk, in the attempt of stealing login credentials. In order to steal the 2FA OTPs the…
Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders A zero-day vulnerability affects multiple models of TP-Link Wi-Fi extenders, it could be exploited to remotely execute code. Security expert Grzegorz Wypych from IBM X-Force found a zero-day flaw that affects multiple models of TP-Link Wi-Fi extenders. The Wi-Fi extenders capture the Wi-Fi signal from the main network device and rebroadcast it to areas where…
Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API Researcher leaked online a dataset containing over 7,000,000 transactions scraped from the Venmo public API Venmo is a digital wallet app owned by PayPal that lets you make and share payments with friends. In August 2016, security expert Martin Vigo devised a method to abuse an optional SMS-based feature that allowed users to authorize payments…
DHS also issued an alert for the Windows BlueKeep flaw The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). After Microsoft and the US NSA, the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). Experts at the CISA Agency successfully…
Small Businesses May Not Be Security's Weak Link Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.
Machine Learning Boosts Defenses, but Security Pros Worry Over Attack Potential As defenders increasingly use machine learning to remove spam, catch fraud, and block malware, concerns persist that attackers will find ways to use AI technology to their advantage.
OWASP Top 10 Proactive Security Controls For Software Developers to Build Secure Software Proactive Controls for Software developers describing the more critical areas that software developers must focus to develop a secure application. The OWASP Top 10 Proactive Controls 2018 contains a list of security techniques that every developer should consider for every software project development. “OWASP Top Ten Proactive Controls similar to OWASP Top 10 but it…
Samba Vulnerability Leads to DoS in DNServer and Can Crash Active Directory Services Samba released security updates for a couple of vulnerabilities that could cause Denial of Service in dnsserver and LDAP server crash. Denial of Service in DNS Server The vulnerability allows an authenticated user to crash the RPC server via a NULLpointer de-reference. The DNS server RPC provides admin access to manager DNS records and zones.…
Microsoft Released New Chromium Based Edge Browser for Windows 7, Windows 8, and Windows 8.1 Finally, Microsoft released a new Chromium-based Edge browser for Windows 7, Windows 8 and Windows 8.1. The features and experience are pretty much the same as on Windows 10. Microsoft initially begins to roll out the new channel release in April for the first Dev and Canary channel builds of the next version of Microsoft Edge which…
Tor Browser 8.5.2 Released With Fixes for Critical Zero-day Security Update in Firefox Tor Browser 8.5.2 released with a fix for critical security updates in that allows an attacker to run malicious code on the vulnerable machine without user interaction. Also, we update NoScript to 10.6.3, fixing a few issues. Tor Users with the safer and safest security levels were not affected by this security issue, reads the…
WINSpect – Powershell Based Windows Security Auditing Toolbox WINSpect is the PowerShell based windows auditing tool to enumerate and identify security weaknesses with windows platform and results of this audit can be useful for further hardening. Download the WINSpect Tool Here. Installation Open the Powershell with admin privileges and run the script Features of this script – Windows Auditing Tool WINSpect script provides audit checks and enumeration Installed security products…
Oracle Patched Another Zero-Day Vulnerability that Can be Exploited Without Authentication Oracle released an emergency security update for another critical remote code execution vulnerability that can be exploited by the remote attacker to gain control over the system. The vulnerability can be tracked as CVE-2019-2729 and has a CVSS Base Score of 9.8. It affects WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The security update addresses the…
6 Security Tips That'll Keep the Summer Fun Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.
Android Application Penetration Testing Part 2 With my last article(Android Application Penetration testing Part 1) we had look at the basic architecture of the Android device. Now Let’s collect some Android Application Pentesting tools and build setup for hacking: There are many tools for an android application penetration test, But which tools are used for which purpose and which details we…
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
Plurox Modular Malware Spreads Over Local Network and Provide Access to Attackers for Installing Additional Malware A new malware dubbed Plurox spread itself over the local network using EternalBlue exploit and let attackers gain access to the network to install miners and other malware on the victim’s machine. The malware is modular, which means; attackers can expand its functionality by adding additional plugins, as required. Kaspersky researchers discovered the malware in…
OnePlus Phone Critical Security Vulnerability in Default Wallpapers app Leaks Users Email Address A critical security flaw with OnePlus device wallpaper app Shot on OnePlus leaks hundreds of user’s email address. The flaw resides in the API that used to host the photos. The Shot on OnePlus is an application used to access photos uploaded by OnePlus users, allowing them to set wallpaper and to upload photos from…
5 Significant Reasons Why You Should Use a VPN for Your Business VPN or virtual private network is a way to connect various networks using the internet. It uses security protocols which allows authenticity and confidentiality. There are a lot of reasons why some people want to use a private network and to have privacy is one of them. Nowadays, a lot of companies prioritize their security…
Emergency!! Zero-day Flaw in FireFox Let Hackers Take Full Control of Your Computer – Update Your FireFox Now Mozilla released a security update for Critical Zero-day vulnerability that fixed in a new version of Firefox 67.0.3 and Firefox ESR 60.7. The critical vulnerability can be exploited by an attacker to run malicious code and to install the application on the vulnerable machine, without requiring no user interaction beyond normal browsing. Cybercriminals are actively…
Aptible Raises $12 Million to Launch Compliance Platform San Francisco, CA-based Aptible has raised $12 million in a Series A funding round led by Maverick Capital, with additional investors Thrive Capital and Western Technology Investment.
Russia Says Victim of US Cyberattacks 'for Years' The Kremlin on Tuesday said Moscow had been the victim of US cyberattacks "for years" following a New York Times report that Washington is stepping up digital incursions into Russia's power grid.
Is AI superficial when it comes to using it for cybersecurity purposes? By TechRadar Pro an hour ago Computing Data is central to today’s digital economy and it has intrinsic value to businesses and consumers. However, organisations worldwide are facing severe challenges when it comes to protecting data from cybercrime and data leakage. Technology can of course provide many solutions to help protect data from leakage.…
Cyberwarfare escalation just took a new and dangerous turn The rhetoric surrounding cyberwarfare has ratcheted up again, potentially creating an unwelcome development in an area where misunderstanding and confusion could easily lead to escalation. Cyberwar and the Future of Cybersecurity Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when…
Analysis | The Cybersecurity 202: China is poised to lead in 5G. That's partly Washington's fault, Sen. Warner says. Please enter a valid email address. We sent this offer to john.smith@gmail.
Facebook Open Sources CTF 2019 Challenges Facebook’s first-ever global Capture the Flag (CTF) competition took place earlier this month and the company has now made the challenges available in open source.
Serious Vulnerabilities in Linux Kernel Allow Remote DoS Attacks A security researcher working for Netflix has discovered that the Linux kernel is affected by potentially serious vulnerabilities that can be exploited by a remote, unauthenticated attacker to launch denial-of-service (DoS) attacks.
Facebook releases plan for its Libra cryptocurrency to 'meet the daily financial needs of billions of people' June 18, 2019, 4:55AM EDT · 7 min read In 2004, Harvard University drop-out Mark Zuckerberg launched Facebook, a dorm-built site that would trigger and drive the social-media revolution. 15-years later Zuckerberg’s Facebook is hoping to breed a new revolution with its own cryptocurrency, finally revealing their plans in detail today. It remains to be…
- DHS also issued an alert for the Windows BlueKeep flaw The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). After Microsoft and the US NSA, the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708).
Facebook plans cryptocurrency launch in 2020 Photograph: Eric Gaillard/File Photo/Reuters Facebook is to launch a cryptocurrency next year — backed by the likes of Mastercard, Visa and PayPal — which will allow people to move money from their smartphone. The currency is known as Libra, which the social network says it has “no special role” in governing and will manage the…
End of GandCrab – New Free Decryptor Tool that let Victims to Unlock All versions of Ransomware Infection Decryptor tool released for the notorious GandCrab ransomware let’s victim’s to unlock the files infected with any version of GandCrab. The tools are available to download form Bitdefender and No More Ransom Project. Bitdefender, along with law enforcement agencies managed to offer several decryptors to help GandCrab victims get their data back for free.
Smash GandCrab: Free tools released to decrypt files scrambled by notorious ransomware Bitdefender teams up with FBI, cops to rescue Windows PC documents Victims of the latest incarnations of the GandCrab ransomware now have a way to reclaim their files without paying a penny to extortionists, thanks to the release of a decryption tool.
Researcher Scrapes and Posts 7 Million Venmo TransactionsVenmo is a peer-to-peer mobile app designed to make it easy to send and receive payments from friends. It is owned by PayPal -- and it is no stranger to security issues.
Facebook Call Options Pop Ahead of Cryptocurrency Reveal
DHS Issues Alert for Windows 'BlueKeep' VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) on Monday issued an alert for the Windows vulnerability tracked as BlueKeep and CVE-2019-0708.
- The Riviera Beach City pays $600,000 in ransom The Riviera Beach City, Florida, agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system. The Riviera Beach City Council voted unanimously to pay $600,000 in ransom to decrypt its records after a ransomware attack hit its systems. The council has previously agreed to spend $941,000 to…
- Oregon Department of Human Services data breach impacted 645,000 clients Oregon Department of Human Services announced it was a victim of a data breach in January, roughly 645,000 potentially impacted. Oregon Department of Human Services officials confirmed that the organization has suffered a data breach that has exposed personal details and health information of 645,000 clients. The incident happened in January and the Oregon Department…
- Tor Browser 8.5.2 fixes Firefox zero-day. Update it now! Developers at the Tor Project have released the Tor Browser 8.5.2 to address the recently fixed CVE-2019-11707 zero-day flaw in Mozilla Firefox. Yesterday I reported the news of a critical zero-day in Firefox that was addressed by Mozilla with a new release. The vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed…
- Bouncing Golf cyberespionage campaign targets Android users in Middle East According to security researchers at Trend Micro, a cyberespionage campaign is targeting Android users in Middle Eastern countries. Security researchers at Trend Micro have spotted a cyberespionage campaign, dubbed ‘Bouncing Golf, that is targeting Android users in Middle Eastern countries. Threat actors are using a piece of malware detected as GolfSpy, that implements multiple features…
- AMCA files for bankruptcy following the recently disclosed security breach Retrieval-Masters Creditors Bureau, the company that operates healthcare billing services provider AMCA, has filed for Chapter 11 bankruptcy due to a recent data breach. Retrieval-Masters Creditors Bureau, the company that operates the recovery agency for patient collections American Medical Collection Agency (AMCA), has filed for Chapter 11 bankruptcy due to a recent security breach that…
- Another Remote Code Execution flaw in WebLogic exploited in the wild Oracle released emergency patches for another critical remote code execution vulnerability affecting WebLogic Server. On Tuesday, Oracle released emergency patches for another critical remote code execution vulnerability affecting the WebLogic Server. The vulnerability, tracked as CVE-2019-2729, affects WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The vulnerability is a remotely exploitable deserialization vulnerability via XMLDecoder in Oracle WebLogic…
- Mozilla fixed a Firefox Zero-Day flaw exploited in targeted attacks Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild. Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild. The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed…
- Eatstreet, the online food ordering service disclosed a security breach Eatstreet, the online food ordering service, disclosed a security breach that exposed customer payment card data and details of partners EatStreet, an online and mobile food ordering service, disclosed a security breach that exposed customer payment card data and details of delivery and restaurant partners Attackers breached the company network on May 3 stole data…
- Modular Plurox backdoor can spread over local network Kaspersky experts recently discovered a backdoor dubbed Plurox that can spread itself over a local network and can allow installing additional malware. Kaspersky experts discovered the Plurox backdoor in February, it can spread itself over a local network and could be used by attackers to install additional malware. The Plurox backdoor is written in C…
- Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. On Tuesday, the chief executive of London’s Serpentine Galleries, Yana Peel, resigned following the revelation of the Guardian newspaper about her links to the Israeli surveillance firm NSO Group. According to the newspaper, Yana…
- Android Apps uses a novel technique to by-pass 2FA and steal Bitcoin Expert discovered a new technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions The popular security expert Lukas Stefanko from ESET discovered some apps (namedBTCTurk Pro Beta and BtcTurk Pro Beta) impersonating the Turkish cryptocurrency exchange, BtcTurk, in the attempt of stealing login credentials. In order to steal the 2FA OTPs the…
- Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders A zero-day vulnerability affects multiple models of TP-Link Wi-Fi extenders, it could be exploited to remotely execute code. Security expert Grzegorz Wypych from IBM X-Force found a zero-day flaw that affects multiple models of TP-Link Wi-Fi extenders. The Wi-Fi extenders capture the Wi-Fi signal from the main network device and rebroadcast it to areas where…
- Researcher leaked a dataset of over 7,000,000 transactions scraped from the Venmo public API Researcher leaked online a dataset containing over 7,000,000 transactions scraped from the Venmo public API Venmo is a digital wallet app owned by PayPal that lets you make and share payments with friends. In August 2016, security expert Martin Vigo devised a method to abuse an optional SMS-based feature that allowed users to authorize payments…
- DHS also issued an alert for the Windows BlueKeep flaw The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). After Microsoft and the US NSA, the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). Experts at the CISA Agency successfully…
Multiple DoS vulnerabilities affect Linux and FreeBSD Netflix researcher has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels that could trigger a DoS condition. Jonathan Looney, a security expert at Netflix, found three Linux DoS vulnerabilities, two of them related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities, and one related only to MSS. The most severe…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
