Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Meet Bluetana, the Scourge of Pump Skimmers"Bluetana," a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help…
Patch Tuesday, August 2019 EditionMost Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it's all going to turn out. Fortunately, this month's patch batch from Redmond is mercifully…
SEC Investigating Data Leak at First American Financial Corp.The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned.
iNSYNQ Ransom Attack Began With Phishing EmailA ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQ's internal network to properly stage things before unleashing the ransomware.…
Who Owns Your Wireless Service? Crooks Do.Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists. If you are somehow under the…
The Risk of Weak Online Banking PasswordsIf you bank online and choose weak or re-used passwords, there's a decent chance your account could be pilfered by cyberthieves -- even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to…
At least 23 Texas local governments targeted by coordinated ransomware attacks At least 23 local governments were impacted by a wave of ransomware attacks that according to the experts are the result of a coordinated effort. Texas is the victim of an ongoing wave of ransomware attacks that are targeting local governments. At least 23 local government organizations were impacted by the ransomware attacks, the Department…
Security Affairs newsletter Round 227 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 10-year-old vulnerability in Avaya VoIP Phones…
Bluetana App allows detecting Bluetooth card skimmers in just 3 seconds Bluetana App allows detecting Bluetooth card skimmers installed at the gas pumps to steal customers’ credit and debit card information in just 3 seconds on average. Bluetooth card skimmers continue to be one of the favorite tools in the arsenal of crooks that attempt to steal credit and debit card information. In recent years, law…
Intel addresses High-Severity flaws in NUC Firmware and other tools Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program. One of the flaws addressed by Intel, tracked as CVE-2019-11140, is an insufficient session validation vulnerability that…
Capital One hacker suspected to have breached other 30 companies Federal prosecutors revealed that Paige Thompson, who was arrested after the Capital One data breach, may have hacked more than 30 other organizations. In July, Capital One, one of the largest U.S. –card issuer and financial corporation suffered a data breach that exposed personal information from 106 million Capital One credit applications. A hacker that goes…
New DanaBot banking Trojan campaign targets Germany The DanaBot banking Trojan continues to evolve and spread across the continents, now moving from Australia to European countries. DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to add new functionalities by adding new plug-ins. The…
Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. Security expert Peleg Hadar from SafeBreach discovered a DLL hijacking vulnerability in the Trend Micro Password Manager that could be exploited to execute arbitrary code with the permissions of the most privileged…
Expert shows how to bypass a fix for a recently discovered Steam flaw A security researcher demonstrated how to bypass a fix released by Valve for a recently discovered Steam vulnerability re-enabling the attack. A few days ago, the security experts Matt Nelson and Vasily Kravets separately disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative…
USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$ USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. than 10$. The Video is self-explanatory. (Wanna know how to make it? Read the article below.) All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes. It had to be: Remotely Controllable…
700,000 records belonging to Choice Hotels customer leaked online. Crooks demanded ransom Security experts have discovered that hackers have stolen 700,000 records from Choice Hotels franchise and are demanding payment for their return. Experts at Comparitech with the help of the popular researcher Bob Diachenko discovered an unsecured database containing 700,000 records from the hotel franchise Chain Hotel. The experts discovered the unsecured MongoDB archive containing 5.6 million records…
Hurry Up! Update your LibreOffice because 2 patches have been bypassed The latest version of LibreOffice (6.2.6/6.3.0) addresses three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice has released a new version of the popular open-source office software that addressed three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice attempted to fix one of…
European Central Bank (ECB) discloses data breach in BIRD Newsletter The European Central Bank (ECB) announced that threat actors had access for months to the contact information of hundreds of financial industry subscribers to its newsletter The ECB was the victim of a data breach, the bank announced that hackers had access for several months to the contact information of hundreds of financial industry subscribers…
Mozilla addresses “master password” security bypass flaw in Firefox The latest update released by Mozilla for Firefox patches a flaw in Firefox Password Manager that can be exploited to access stored passwords. The latest release for Mozilla Firefox (Firefox 68.0.2) fixes a vulnerability that can be exploited to bypass the master password in Firefox Password Manager and access stored passwords. “When a master password…
Biometric data of 1M leaked via an unsecured Suprema owned databaseResearchers discovered an unsecured database online owned by Suprema that contained the fingerprints and facial recognition information of one million people. Researchers from vpnMentor discovered the personal and biometric data (i.e. facial recognition and fingerprint information) of more than a million people exposed online on an unsecured database owned by the Suprema biometric security company.…
A flaw in Kaspersky Antivirus allowed tracking its users onlineA vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years. The…
Active Directory Penetration Testing Checklist This article covers Active directory penetration testing that can help for penetration testers and security experts who want to secure their network. “Active Directory” Called as “AD” is a directory service that Microsoft developed for the Windows domain network. Using it you can to control domain computers and services that are running on every node…
85 Malicious Photography and Gaming Adware Apps Installed Over 8 Million Times From Play Store Researchers discovered nearly 85 malicious adware apps in Google play store that intended to upload for delivering adware and monetize from affected Android devices. These Fraudulent adware apps were installed over 8 million times from the Google play store, and the malicious ads displaying in the affected phone are very difficult to close. Past two-years…
Severe Bugs in U.S.Military Fighter Jet Let Hackers Takes Sensitive Controls while Jet Flying A group of seven Ethical hackers who were exclusively allowed to test the flight system for a U.S. military fighter jet, in result, they found severe vulnerabilities in critical F-15 fighter jet systems. The flaws allowed them to take control of video cameras and sensors while the fighter jet on flying and completely shut down the Trusted Aircraft…
10 Best Free Password Manager to Secure Your Password For 2019 Free Password Manager always helps to make Strong passwords to protect your devices, online banking accounts and other data sources from unauthorized access. In this article, we highlight the Best open source Password Manager for Android, Mac and iPhone. Do I really need a password manager? Manage different password for so many accounts in online…
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
Behind the Scenes at ICS Village ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.
Newly Discovered Hacking Tools Remotely control the Hacked Computers via a GUI & Command-Line Interface Researchers discovered two new malicious hacking tools (BalkanRAT, BalkanDoor) from the ongoing campaign Balkans that act as a remote access trojan and backdoor. Malware authors developed these Tools with two different features. BalkanRAT, a remote access trojan that controls the compromised computer remotely via a graphical interface and the BalkanDoor performing the same operation using…
Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security ProfessionalsThreat Intelligence & Endpoint Security Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Endpoint Security list that covers Performing Penetration testing Operation in all the Corporate Environments. Also Read: Take Best Cyber security and Ethical Hacking Online courses Endpoint Security Tools…
NSA Researchers Talk Development, Release of Ghidra SRE ToolNSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.
Adware, Trojans Hit Education Sector HardStudents continue to be weak links for schools and universities, according to data from security firm Malwarebytes.
The Threat Hacking Poses To Your Business’s ReputationCyber-criminals are increasingly aggressive about targeting businesses of every size. Even if your own company is a small one, hacking can cause serious reputation damage if you don’t take steps to protect it. The real cost of hacking was made clear in a 2015 BBC report. Using data assembled by antivirus software company McAfee and…
Hackers use Backdoor and Trojan to Attack Financial Departments of OrganizationsHackers use backdoor and remote access trojan that let attackers gain complete remote control over the compromised computer. The campaign particularly targets the financial departments of the organization in the Balkans region. The campaign is financially motivated, it includes two tools dubbed BalkanDoor and BalkanRAT and distributed through tax themed malicious emails. Active for a…
7 Biggest Cloud Security Blind SpotsCloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
5 Things to Know About Cyber InsuranceMore businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy.
Biometric Security Platform Data Breach Leaked Millions of Users Facial Recognition & Fingerprinting DataSecurity researchers discovered the biggest data breach in Biometric Security Platform BioStar 2 that leaks millions of users facial recognition records, fingerprints, log data, and other personal information. BioStar 2, a web-based biometric security smart lock platform by world’s biggest bio-access B2B company Suprema, and the platform used by UK Metropolitan police, defense contractors and…
- At least 23 Texas local governments targeted by coordinated ransomware attacks At least 23 local governments were impacted by a wave of ransomware attacks that according to the experts are the result of a coordinated effort. Texas is the victim of an ongoing wave of ransomware attacks that are targeting local governments. At least 23 local government organizations were impacted by the ransomware attacks, the Department…
- Security Affairs newsletter Round 227 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 10-year-old vulnerability in Avaya VoIP Phones…
- Bluetana App allows detecting Bluetooth card skimmers in just 3 seconds Bluetana App allows detecting Bluetooth card skimmers installed at the gas pumps to steal customers’ credit and debit card information in just 3 seconds on average. Bluetooth card skimmers continue to be one of the favorite tools in the arsenal of crooks that attempt to steal credit and debit card information. In recent years, law…
- Intel addresses High-Severity flaws in NUC Firmware and other tools Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program. One of the flaws addressed by Intel, tracked as CVE-2019-11140, is an insufficient session validation vulnerability that…
- Capital One hacker suspected to have breached other 30 companies Federal prosecutors revealed that Paige Thompson, who was arrested after the Capital One data breach, may have hacked more than 30 other organizations. In July, Capital One, one of the largest U.S. –card issuer and financial corporation suffered a data breach that exposed personal information from 106 million Capital One credit applications. A hacker that goes…
- New DanaBot banking Trojan campaign targets Germany The DanaBot banking Trojan continues to evolve and spread across the continents, now moving from Australia to European countries. DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to add new functionalities by adding new plug-ins. The…
- Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. Security expert Peleg Hadar from SafeBreach discovered a DLL hijacking vulnerability in the Trend Micro Password Manager that could be exploited to execute arbitrary code with the permissions of the most privileged…
- Expert shows how to bypass a fix for a recently discovered Steam flaw A security researcher demonstrated how to bypass a fix released by Valve for a recently discovered Steam vulnerability re-enabling the attack. A few days ago, the security experts Matt Nelson and Vasily Kravets separately disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative…
- USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$ USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. than 10$. The Video is self-explanatory. (Wanna know how to make it? Read the article below.) All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes. It had to be: Remotely Controllable…
- 700,000 records belonging to Choice Hotels customer leaked online. Crooks demanded ransom Security experts have discovered that hackers have stolen 700,000 records from Choice Hotels franchise and are demanding payment for their return. Experts at Comparitech with the help of the popular researcher Bob Diachenko discovered an unsecured database containing 700,000 records from the hotel franchise Chain Hotel. The experts discovered the unsecured MongoDB archive containing 5.6 million records…
- Hurry Up! Update your LibreOffice because 2 patches have been bypassed The latest version of LibreOffice (6.2.6/6.3.0) addresses three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice has released a new version of the popular open-source office software that addressed three vulnerabilities that could be exploited by attackers to bypass patches for two previously addressed issues. LibreOffice attempted to fix one of…
- European Central Bank (ECB) discloses data breach in BIRD Newsletter The European Central Bank (ECB) announced that threat actors had access for months to the contact information of hundreds of financial industry subscribers to its newsletter The ECB was the victim of a data breach, the bank announced that hackers had access for several months to the contact information of hundreds of financial industry subscribers…
- Mozilla addresses “master password” security bypass flaw in Firefox The latest update released by Mozilla for Firefox patches a flaw in Firefox Password Manager that can be exploited to access stored passwords. The latest release for Mozilla Firefox (Firefox 68.0.2) fixes a vulnerability that can be exploited to bypass the master password in Firefox Password Manager and access stored passwords. “When a master password…
- Biometric data of 1M leaked via an unsecured Suprema owned databaseResearchers discovered an unsecured database online owned by Suprema that contained the fingerprints and facial recognition information of one million people. Researchers from vpnMentor discovered the personal and biometric data (i.e. facial recognition and fingerprint information) of more than a million people exposed online on an unsecured database owned by the Suprema biometric security company.…
- A flaw in Kaspersky Antivirus allowed tracking its users onlineA vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years. The…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...