Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Patch Tuesday, January 2020 EditionMicrosoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of…
Cryptic Rumblings Ahead of First 2020 Patch TuesdaySources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets…
Phishing for Apples, Bobbing for LinksAnyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures has emerged as the most targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a…
Alleged Member of Neo-Nazi Swatting Group ChargedFederal investigators on Friday arrested a Virginia man accused of being part of a neo-Nazi group that targeted hundreds of people in "swatting" attacks, wherein fake bomb threats, hostage situations and other violent scenarios were phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target's…
Lawmakers Prod FCC to Act on SIM SwappingCrooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via "SIM swapping," a particularly invasive form of fraud that involves tricking a target's mobile carrier into transferring someone's wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless…
Tricky Phish Angles for Persistence, Not PasswordsLate last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user's data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.…
The Hidden Cost of Ransomware: Wholesale Password TheftOrganizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single…
Hack the Army bug bounty program paid $275,000 in rewards Hack the Army bug bounty program results: 146 valid vulnerabilities were reported by white hat hackers and more than $275,000 were paid in rewards. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform. The bug bounty program operated by the Defense Digital Service, along…
Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. The Great Firewall project already blocked access to more hundreds of the world’s 1,000 top…
Law enforcement seized WeLeakInfo.com for selling access to data from data breaches The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches.…
Expert released PoC exploits for recently disclosed Cisco DCNM flaws A researcher has publicly released some proof-of-concept (PoC) exploits and technical details for flaws in Cisco’s Data Center Network Manager (DCNM). Early this month, Cisco released security updates for its Cisco’s Data Center Network Manager (DCNM) product that address several critical and high-severity vulnerabilities. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service…
Hundreds of million users installed Android fleeceware apps from Google Play Security experts from Sophos discovered 25 Android apps on the official Google Play that were involved in financial fraud, 600 million affected. Security researchers from Sophos discovered a set of so-called fleeceware apps that have been installed by more than 600 million Android users. Fleeceware apps are malicious applications uploaded to the official Google Play…
Two PoC exploits for CVE-2020-0601 NSACrypto flaw released Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). Microsoft Patch Tuesday updates for January 2020 address a…
Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins WP Time Capsule and InfiniteWP WordPress plugins are affected by security flaws that could be exploited to take over websites running the popular CMS. Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer Revmakx. The flaws in WP Time…
5ss5c Ransomware emerges after Satan went down in the hell The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. The threat actors behind the Satan, DBGer and Lucky ransomware and likely Iron ransomware, is back with a new piece of malware named ‘5ss5c’. The Bart Blaze believes that the threat actors have…
VMware addresses flaws in VMware Tools and Workspace ONE SDK VMware has released security updates to address a local privilege escalation vulnerability in VMware Tools version 10 for Windows. VMware has released VMware Tools 11.0.0 that addresses a local privilege escalation issue in Tools 10.x.y tracked as CVE-2020-3941. The issue, classified as a race condition flaw that could be exploited by an attacker to access…
P&N Bank data breach may have impacted 100,000 West Australians P&N Bank discloses data breach, customer account information, balances exposed The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident…
Hacker offers for sale 49 million user records from US data broker LimeLeads 49 million user records from US data broker LimeLeads were available for sale on a hacking forum. 49 million user records from US data broker LimeLeads were available for sale on a hacking forum, the data were exposed on an Elasticsearch server. Exposed LimeLeads data contains full name, title, user email, employer/company name, company address,…
Iranian Threat Actors: Preliminary AnalysisNowadays Iran’s Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government. Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a…
Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSAMicrosoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products, including a serious flaw, tracked as CVE-2020-0601, in the core cryptographic component of Windows 10, Server 2016 and 2019 editions.…
January 2020 Adobe Patch Tuesday updates fix issues in Illustrator, Experience ManagerAdobe released its January 2020 Patch Tuesday updates that address several flaws in Illustrator and Experience Manager products. Adobe releases its first 2020 patch Tuesday software updates that address several vulnerabilities in Illustrator and Experience Manager products. “Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03). Adobe recommends users update their product installations to the latest…
Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. The Russian cyberspies, operating under Russia’s GRU military intelligence agency (aka Fancy Bear) carried out a spear-phishing campaign in November aimed at accessing the email of Burisma Holdings employees. The attack was detailed by…
Mobile Banking Malware Up 50% in First Half of 2019 A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
ADP Users Hit with Phishing Scam Ahead of Tax Season Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
How AI is Revolutionizing Cyber Security AI in Cyber attacks — once relegated to flashy movie scenes and TV dramas — are now becoming a part of our everyday lives. Nearly every week, news breaks out about another data breach at a major corporation, and every now and then, we receive emails from service providers about updating our information in light…
Proof-of-Concept Exploits Released for The Microsoft-NSA Crypto vulnerability – CVE-2020-0601 Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, security researchers have published PoC Exploit that explains how attackers can exploit the Windows CryptoAPI Spoofing bug with cryptographically impersonate any website or server on the Internet. Microsoft’s January Patch Tuesday security bulletin disclosed the importance – severity vulnerability. It…
With International Tensions Flaring, Cyber-Risk Is Heating Up for All Businesses Risks of nation-state attacks go beyond Iran, and the need for awareness and security don't stop at any national border.
NY Fed Reveals Implications of Cyberattack on US Financial System A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.
17 Malicious Android Apps Discovered in Google Play Store that Infects 550,000 Android Devices Researchers discovered 17 malicious Android apps from the Google play store that infects nearly 550,000 Android devices around the world. These malicious app developers added features to hide their presence on the user’s device, and constantly display aggressive ads once the app gets installed on the victims android devices. The adware programs will tend to…
4 Most Important Security Features Your Web Hosting Provider Must Have to Know Did you realize that a hack occurs every 39 seconds? One of the most common targets for cyber-criminals attempting to gain access to sensitive information is a business website. The only way to keep your website functional and safe is by getting the best possible web hosting on the market. There are so many different…
Security Information and Event Management (SIEM) – A Detailed Explanation SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications. Vendors sell SIEM as software, as appliances or as managed services; these products are also used to log security data and generate reports for compliance purposes. Although…
How to Comprehend the Buzz About Honeypots Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization.
New Report Spotlights Changes in Phishing Techniques Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
ISACs Join Forces to Secure the Travel Industry Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
Malicious Fleeceware apps on the Google Play Found Installed More than 600 Million DownloadsFleeceware apps continue to be a problem on Google Play, these app publishers overcharge users for basic functionality if they don’t cancel the subscription before the trial ends. The app publishers take advantage of the business model in which user downloads and use the app for a short trial period for no charge. If the…
10 Best Free Password Manager to Secure Your Password For 2020Free Password Manager always helps to make Strong passwords to protect your devices, online banking accounts and other data sources from unauthorized access. In this article, we highlight the Best open source Password Manager for Android, Mac and iPhone. Do I really need a password manager? Manage different password for so many accounts in online…
- Hack the Army bug bounty program paid $275,000 in rewards Hack the Army bug bounty program results: 146 valid vulnerabilities were reported by white hat hackers and more than $275,000 were paid in rewards. The second Hack the Army bug bounty program ran between October 9 and November 15, 2019 through the HackerOne platform. The bug bounty program operated by the Defense Digital Service, along…
- Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. The Great Firewall project already blocked access to more hundreds of the world’s 1,000 top…
- Law enforcement seized WeLeakInfo.com for selling access to data from data breaches The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches.…
- Expert released PoC exploits for recently disclosed Cisco DCNM flaws A researcher has publicly released some proof-of-concept (PoC) exploits and technical details for flaws in Cisco’s Data Center Network Manager (DCNM). Early this month, Cisco released security updates for its Cisco’s Data Center Network Manager (DCNM) product that address several critical and high-severity vulnerabilities. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service…
- Hundreds of million users installed Android fleeceware apps from Google Play Security experts from Sophos discovered 25 Android apps on the official Google Play that were involved in financial fraud, 600 million affected. Security researchers from Sophos discovered a set of so-called fleeceware apps that have been installed by more than 600 million Android users. Fleeceware apps are malicious applications uploaded to the official Google Play…
- Two PoC exploits for CVE-2020-0601 NSACrypto flaw released Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). Microsoft Patch Tuesday updates for January 2020 address a…
- Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins WP Time Capsule and InfiniteWP WordPress plugins are affected by security flaws that could be exploited to take over websites running the popular CMS. Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer Revmakx. The flaws in WP Time…
- 5ss5c Ransomware emerges after Satan went down in the hell The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. The threat actors behind the Satan, DBGer and Lucky ransomware and likely Iron ransomware, is back with a new piece of malware named ‘5ss5c’. The Bart Blaze believes that the threat actors have…
- VMware addresses flaws in VMware Tools and Workspace ONE SDK VMware has released security updates to address a local privilege escalation vulnerability in VMware Tools version 10 for Windows. VMware has released VMware Tools 11.0.0 that addresses a local privilege escalation issue in Tools 10.x.y tracked as CVE-2020-3941. The issue, classified as a race condition flaw that could be exploited by an attacker to access…
- P&N Bank data breach may have impacted 100,000 West Australians P&N Bank discloses data breach, customer account information, balances exposed The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident…
- Hacker offers for sale 49 million user records from US data broker LimeLeads 49 million user records from US data broker LimeLeads were available for sale on a hacking forum. 49 million user records from US data broker LimeLeads were available for sale on a hacking forum, the data were exposed on an Elasticsearch server. Exposed LimeLeads data contains full name, title, user email, employer/company name, company address,…
- Iranian Threat Actors: Preliminary AnalysisNowadays Iran’s Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government. Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a…
- Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSAMicrosoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products, including a serious flaw, tracked as CVE-2020-0601, in the core cryptographic component of Windows 10, Server 2016 and 2019 editions.…
- January 2020 Adobe Patch Tuesday updates fix issues in Illustrator, Experience ManagerAdobe released its January 2020 Patch Tuesday updates that address several flaws in Illustrator and Experience Manager products. Adobe releases its first 2020 patch Tuesday software updates that address several vulnerabilities in Illustrator and Experience Manager products. “Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03). Adobe recommends users update their product installations to the latest…
- Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. The Russian cyberspies, operating under Russia’s GRU military intelligence agency (aka Fancy Bear) carried out a spear-phishing campaign in November aimed at accessing the email of Burisma Holdings employees. The attack was detailed by…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...