Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
DDoS-for-Hire Boss Gets 13 Months Jail Time A 21-year-old Illinois man was sentenced last week to 13 months in prison for running multiple DDoS-for-hire services that launched millions of attacks over several years. This individual's sentencing comes more than five years after KrebsOnSecurity interviewed both the defendant and his father and urged the latter to take a more active interest in his…
Ransomware Bites 400 Veterinary Hospitals National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient records, payment systems and practice management software. NVA says it…
Why Were the Russians So Set Against This Hacker Being Extradited?The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States. When Israeli authorities turned down requests to send him back to Russia -- supposedly to face separate hacking charges there -- the Russians then imprisoned an Israeli woman for…
Orcus RAT Author Charged in Malware SchemeIn July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.
Patch Tuesday, November 2019 EditionMicrosoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and in software that runs on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well…
Retailer Orvis.com Leaked Hundreds of Internal Passwords on PastebinOrvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and…
ENISA publishes a Threat Landscape for 5G Networks ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated…
Google will pay up to $1.5m for full chain RCE for Android on Titan M chips Google announced that it will increase bug bounty rewards for Android, it will pay up to $1.5 million for bugs that allow to hack new Titan M security chip. At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices. The…
DePriMon downloader uses a never seen installation technique ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since…
A critical flaw in Jetpack exposes millions of WordPress sites A critical flaw in the Jetpack WordPress Plugin could be exploited by threat actors to hack WordPress websites running flawed versions of the plugin. A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1. Jetpack is a…
Microsoft warns of growing DoppelPaymer Ransomware threat The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat. The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware, the tech giant provided useful information on the threat and how it spreads. “Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information…
Roboto, a new P2P botnet targets Linux Webmin servers Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. Researchers at 360Netlab discovered a new P2P botnet, tracked as Roboto, that is targeting Linux servers running unpatched installations of Webmin installs. The experts first spotted the Roboto botnet in August when they detected a suspicious…
Chicago student charged with writing code to spread ISIS propaganda US authorities arrested Thomas Osadzinski, a student at DePaul University, because he allegedly built a custom Gentoo Linux distro for ISIS. Thomas Osadzinski (20), a student at DePaul University, Chicago, was arrested because he allegedly built a custom Gentoo Linux distro for ISIS, he could now face up to 20 years in prison. The Chicago…
Monero Project website has been compromised to deliver a coin stealer The official website of the Monero Project has been compromised to deliver a coin stealer. The official website of the Monero Project has been compromised to deliver a cryptocurrency stealer on November 18. The hack was discovered after a user downloaded a Linux 64-bit command line (CLI) Monero binary that was containing a coin stealer.…
Hackers leak 2TB of Data From Cayman National Bank stolen by Phineas Fisher New data leak threatens the world of finance after the Panama Papers, hackers published 2TB of the Cayman National bank’s confidential data. The Cayman Islands are a fiscal paradise that attracts money of questionable origin from all over the world, for this reason, the content of a new data leak is scaring the global finance.…
Ransomware Revival: Troldesh becomes a leader by the number of attacks Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1 2019, detected and analyzed by Group-IB’s Computer Emergency Response Team (CERT-GIB), with Troldesh aka Shade being the most popular tool…
CTHoW v2.0 – Cyber Threat Hunting on Windows Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network. I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers…
CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance Experts found multiple flaws (CVE-2019-2234) in the Android camera apps provided by Google and Samsung that could allow attackers to spy on users. Cybersecurity experts from Checkmarx discovered multiple vulnerabilities in the Android camera apps provided by Google and Samsung could have been exploited by hackers to spy on hundreds of millions of users. The…
Alleged Magecart hackers planted a software skimmer into Macy’s Website Macy’s has started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information. Macy’s has started notifying some of its customers that discovered a software skimmer on its website used by crooks to steal their personal and financial information. The malicious software was discovered on October 15,…
Adobe announces end of support for Acrobat 2015 and Adobe Reader 2015 Adobe announces the end of support for Acrobat 2015 and Reader 2015 It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015. It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015, the company will no longer receive any security updates after the deadline. Adobe plans to…
Ransomware infected systems at state government of Louisiana Another ransomware attack made the headlines, the victim is the state government of Louisiana, numerous services have been impacted. The state government of Louisiana was hit by a ransomware attack that affected multiple state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. The incident forced…
7 Best Ways to Turn Your Cyber Security Skills Into a $100,000 Career The world is in major need of more cyber security expert with relevant cyber security skills. A recent report by Cybersecurity Ventures predicted that around 3.5 million cybersecurity positions will be unfilled by 2021. Between 2017 and 2018, demand for cybersecurity professionals grew 7% according to Indeed. Unemployment rates in the industry have remained at…
Google Increases Top Android Hacking Prize to $1M Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
The 'Department of No': Why CISOs Need to Cultivate a Middle Way A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
Roboto Botnet Exploiting Linux Webmin Server RCE Vulnerability To Perform DDoS Attack A new wave of Roboto Botnet activities being discovered that attack the Linux Webmin servers by exploiting the RCE vulnerability using vulnerability scanning and P2P control module. Roboto Botnet initially detected via 360Netlab Unknown Threat Detection System as an ELF( Executable Linkable Format) file in august, later, honeypot detects another suspicious ELF sample which acts…
Most Critical Docker Vulnerability Let Hackers To Take Complete Control Over Host & All Containers Within It Researchers discovered a critical vulnerability in Docker that allows an attacker to take complete control of the host and the containers associated with it. The Docker vulnerability resides in the copy command (cp) used in containers platforms such as Docker, Podman, and Kubernetes. This command can be used to copy files & folders between the…
Top 5 Best Universities in United States to Enhance Your Career in Cyber Security When it comes to the choice of the American university, most students feel too much pressure, especially if they are willing to study cybersecurity. As a matter of fact, most universities in the US offer decent cybersecurity courses, whereas the final choice of cybersecurity university is often the most complicated one. In case you have…
Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.
Former White House CIO Shares Enduring Security Strategies Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
A Security Guide to Keeping Data Secure When Designing a Website The first step for effective web design, as stated in an article by Forbes, is keeping the users in mind. This means creating a useful, fun, and engaging site, but above all, the website must keep users’ private data safe. Website security and design can sometimes seem to be pursuing distinct aims, with the ultimate aim of…
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
Fake Windows Updater Bypass Email Gateways To Launch Cyborg Ransomware On Windows PC New malspam email campaign discovered with fake windows updater and its Builder, through which hackers launching Cyborg Ransomware to encrypt the compromised systems files. A spam email claims to be from Microsoft and email body urges the victims to Install the Latest “Microsoft Windows Update” by opening the attached file. Fake update attachment appears with…
Android Camera Bug Let Hackers Spy on 100 Million+ Android Users Camera by Taking Video’s & Photo’s Researchers discovered a critical vulnerability in the Android Camera app that allows hackers to remotely control the camera to take photos and/or record video using the malicious app without app permission. This Android camera vulnerability considers being a serious concern in the Android ecosystem since the advanced camera and video capabilities are playing a massive…
Attacker Mistake Botches Cyborg Ransomware Campaign Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
DDoS Attacks Up Sharply in Third Quarter of 2019 DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
TPM-Fail: What It Means & What to Do About It Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.
- ENISA publishes a Threat Landscape for 5G Networks ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated…
- Google will pay up to $1.5m for full chain RCE for Android on Titan M chips Google announced that it will increase bug bounty rewards for Android, it will pay up to $1.5 million for bugs that allow to hack new Titan M security chip. At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices. The…
- DePriMon downloader uses a never seen installation technique ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since…
- A critical flaw in Jetpack exposes millions of WordPress sites A critical flaw in the Jetpack WordPress Plugin could be exploited by threat actors to hack WordPress websites running flawed versions of the plugin. A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1. Jetpack is a…
- Microsoft warns of growing DoppelPaymer Ransomware threat The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat. The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware, the tech giant provided useful information on the threat and how it spreads. “Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information…
- Roboto, a new P2P botnet targets Linux Webmin servers Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. Researchers at 360Netlab discovered a new P2P botnet, tracked as Roboto, that is targeting Linux servers running unpatched installations of Webmin installs. The experts first spotted the Roboto botnet in August when they detected a suspicious…
- Chicago student charged with writing code to spread ISIS propaganda US authorities arrested Thomas Osadzinski, a student at DePaul University, because he allegedly built a custom Gentoo Linux distro for ISIS. Thomas Osadzinski (20), a student at DePaul University, Chicago, was arrested because he allegedly built a custom Gentoo Linux distro for ISIS, he could now face up to 20 years in prison. The Chicago…
- Monero Project website has been compromised to deliver a coin stealer The official website of the Monero Project has been compromised to deliver a coin stealer. The official website of the Monero Project has been compromised to deliver a cryptocurrency stealer on November 18. The hack was discovered after a user downloaded a Linux 64-bit command line (CLI) Monero binary that was containing a coin stealer.…
- Hackers leak 2TB of Data From Cayman National Bank stolen by Phineas Fisher New data leak threatens the world of finance after the Panama Papers, hackers published 2TB of the Cayman National bank’s confidential data. The Cayman Islands are a fiscal paradise that attracts money of questionable origin from all over the world, for this reason, the content of a new data leak is scaring the global finance.…
- Ransomware Revival: Troldesh becomes a leader by the number of attacks Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1 2019, detected and analyzed by Group-IB’s Computer Emergency Response Team (CERT-GIB), with Troldesh aka Shade being the most popular tool…
- CTHoW v2.0 – Cyber Threat Hunting on Windows Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network. I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers…
- CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance Experts found multiple flaws (CVE-2019-2234) in the Android camera apps provided by Google and Samsung that could allow attackers to spy on users. Cybersecurity experts from Checkmarx discovered multiple vulnerabilities in the Android camera apps provided by Google and Samsung could have been exploited by hackers to spy on hundreds of millions of users. The…
- Alleged Magecart hackers planted a software skimmer into Macy’s Website Macy’s has started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information. Macy’s has started notifying some of its customers that discovered a software skimmer on its website used by crooks to steal their personal and financial information. The malicious software was discovered on October 15,…
- Adobe announces end of support for Acrobat 2015 and Adobe Reader 2015 Adobe announces the end of support for Acrobat 2015 and Reader 2015 It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015. It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015, the company will no longer receive any security updates after the deadline. Adobe plans to…
- Ransomware infected systems at state government of Louisiana Another ransomware attack made the headlines, the victim is the state government of Louisiana, numerous services have been impacted. The state government of Louisiana was hit by a ransomware attack that affected multiple state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. The incident forced…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...