Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Before He Spammed You, this Sly Prince Stalked Your MailboxA reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: it was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these "advance fee" or "419" scams- - so-called…
Man Who Hired Deadly Swatting Gets 15 MonthsAn Ohio teen who recruited a convicted serial swatter to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison.
NY Payroll Company Vanishes With $35 MillionMyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in countless people having money drained from their bank accounts and has left…
Patch Tuesday, September 2019 EditionMicrosoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on…
Secret Service Investigates Breach at U.S. Govt IT ContractorThe U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government…
Critical flaws affect Jira Service Desk and Jira Service Desk Data Center Atlassian released security updates for Jira Service Desk and Jira Service Desk Data Center to address a critical flaw that can lead to information disclosure Atlassian released security updates to address critical vulnerabilities in Jira Service Desk and Jira Service Desk Data Center. One of the flaw can lead to information disclosure, while another critical…
Security Affairs newsletter Round 232 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! A bug in Instagram exposed user…
0patch will provide micropatches for Windows 7 and Server 2008 after EoS With the end-of-life of Windows 7 and Server 2008, their users will no more receive security patches, the only way to remain protected is to trust in micropatches. On January 14, 2020, support for Window 7, Windows Server 2008 and 2008 R2 will end, this means that users will no longer receive security updates. In order to address security…
Facebook suspends tens of thousands of apps from hundreds of developers Facebook announced it has suspended tens of thousands of apps as a result of a review of privacy practices launched following the Cambridge Analytica scandal. In April 2018, Facebook revealed that 87 million users have been affected by the Cambridge Analytica case, much more than 50 million users initially thought. The company allowed to access to the personal data of…
Iran denies successful cyber attacks hit infrastructures of its oil sector In the last hours, some western media reported destructive cyber attacks against infrastructures in the Iranian oil sector, but Iran denied it. Last week drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site. Western Governments and Saudi Arabia blamed Iran for…
MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019) Hello, it’s unixfreaxjp here. It has been a while since I wrote our own blog, and it is good to be back. Thank you for your patience for all of this time. The background It was after September 2016 when we decided to move our blog and since then I had a lot of fun…
One of the hackers behind EtherDelta hack also involved in TalkTalk hack US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted…
5 Cybersecurity Trends in the Professional Services Sector Cybersecurity is an increasingly significant focus for many companies as cyberattacks become more frequent and more costly. Which are 5 Cybersecurity trends in the professional services sector? Professional services organizations are especially vulnerable due to the high value of the industry and the data they store — like Social Security numbers, personal financial information and classified…
Two selfie Android adware apps with 1.5M+ downloads removed from Play Store Experts at Wandera’s threat research team discovered two adware apps on the Google Play Store that were downloaded 1.5M+ times. Researchers at Wandera discovered two adware selfie filter camera apps on the Google Play that were pushing ads and that can record audio. The bad news is that the two apps were downloaded 1.5M+ times.…
U.S. taxpayers hit by a phishing campaign delivering the Amadey bot Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. The Amadey bot is a quite…
Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign Agent Tesla is a fully customizable password info-stealer offered as malware-as-a-service, many cyber criminals are choosing it as their preferred recognition tool. Introduction Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “commodity malware”. It is a fully customizable password info-stealer and many cyber…
Crooks hacked other celebrity Instagram accounts to push scams There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams. The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been…
Magecart attackers target mobile users of hotel chain booking websites Trend Micro researchers reported that a Magecart group has hacked the websites of two hotel chains to inject scripts targeting Android and iOS users. Researchers discovered a series of incidents involving software credit card skimmer used by Magecart to hit the booking websites of hotel chains. In early September, the researchers discovered a JavaScript code onto two…
At least 1,300 Harbor cloud registry installs open to attackA critical security flaw in Harbor cloud native registry for container images could be exploited to obtain admin privileges on a vulnerable hosting system. Palo Alto Networks’ Unit 42 researcher Aviv Sasson discovered a critical vulnerability in Harbor cloud native registry for container images. The flaw, tracked as CVE-2019-16097, could be exploited to take control…
Emotet is back, it spreads reusing stolen email contentEmotet is back, its operators leverage a recently introduced spear-phishing technique to deliver their malware, they are hijacking legitimate email conversations. In 2019, security experts haven’t detected any activity associated with Emotet since early April, when researchers at Trend Micro have uncovered a malware campaign distributing a new Emotet Trojan variant that compromises devices and…
Protecting Big Data with Hadoop: A Cyber Security Protection Guide Big Data analytics is emerging from today’s technology as people are demanding better ways to protect their Big data. Keep reading to find out how Hadoop via cybersecurity methods in this post. What is Hadoop? Hadoop is a Java-based, open-source programming system that allows users to store and process Big Data sets in a computing environment.…
Bug Bounty Program – Why Every Organization Needs One? What Is A Bug Bounty Program? A Bug bounty program is also known as vulnerability rewards program (VRP) is the one where security researchers can disclose vulnerabilities and can receive recognition and compensation for reporting bugs. The threat to business from Cybercrime has never been greater and we see headlines almost every week pertaining to…
Beware!! Top Android VPN’s with 500 Million+ Installs Pushing Adware to Android Users The researcher discovered a four most popular VPN for Android that installed over 500 million users committing ad fraud and pushing unusual ads in users device to generate revenue. The four most popular Android VPN’s are HotSpot VPN, Free VPN Master, Secure VPN, CM SecurityApplock AntiVirus that are pushing the pop up ads even when…
Wireshark 3.0.5 Released with the fix for Several Vulnerabilities Wireshark 3.0.5 has been released with the new Qt version and fix for other vulnerabilities. The Qt is the library used in Wireshark to build the UI. The Wireshark is the famous protocol analyzer tool used for protocol analysis, troubleshooting, protocol development, and education. It is used by network administrators to troubleshoot network and by…
7 Ways VPNs Can Turn from Ally to Threat VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
Facebook Suspended More Than 10,000 Apps That Associated with 400 Developers for Abusing FB Privacy Facebook announced that they suspended “tens of thousands” of apps associated with 400 developers due to the privacy concern, and pose a threat to the Facebook community. After the Cambridge Analytica scandal that affected 87 Million Facebook Users, Facebook continuously focusing more and deploy the in-depth investigation to figure out the vulnerable apps. Facebook started…
TOP 11 Deep Web Search Engine Alternative for Google and Bing 2019 Deep Web Search Engine is an alternative search engine when we need to search something, then Google or Bing will the first choice hit in mind suddenly. But unlike the Deep Web Search Engine, Google and Bing will not give all the Hidden information which is served under the Dark web. Google has the ability…
HP Purchases Security Startup Bromium The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
Ransomware Strikes 49 School Districts & Colleges in 2019 The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
WeWork's Wi-Fi Exposed Files, Credentials, Emails For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
3 Best Antivirus Software for September 2019 Choosing an antivirus software to protect your computer might be an exhausting task. Really, we feel you – who likes reading about the unknown features and filter through all the stuff? However, we live in a technological world, and things probably won’t change in the nearest, well, century. Or two. So, cybersecurity is one of…
Critical Vulnerability in D-link DNS-320 Devices let Hackers to Execute Remote Code and to Steal Data D-link DNS-320 Devices have used as an ideal backup solution, it offers an effective way to share documents, music, videos, and photos with anyone that connected in your network. CyStack security researcher, Trung Nguyen, detected a remote code execution vulnerability in DNS-320 sharecenter devices that let the user’ s data vulnerable to remote hackers. The…
Critical Vulnerability in Harbor let Hackers to Escalate Privilege by Sending Malicious Request Harbor is a cloud-native registry that offers rich functions in container management that stores signs and scan images for vulnerabilities. It can be integrated with Docker Hub, Docker Registry, Google Container Registry, and other registries. Security researchers from the cloud division of Unit 42, detected a critical vulnerability in Harbor that allows attackers to gain…
Chrome Security Updates – Google Fixed 4 Severe Vulnerabilities – Update Now Google released a security update for Chrome with the fixes of critical and High severity vulnerabilities with Chrome 77.0.3865.90, a Stable channel update for Windows, Mac, and Linux. Google fixed 4 vulnerabilities that affected Chrome browser, in which 1 vulnerability marked as “Critical” and other 3 vulnerabilities are fixed under “High” severity. Successful exploitation of…
Smominru Botnet Hacked 90,000 Windows Computers in Last Month Using EternalBlue Exploit Threats actors behind the Smominru botnet compromised nearly 90,000 windows computers in last month using EternalBlue exploit and performing brute force attacks on MS-SQL, RDP, Telnet services. Researcher uncovered that the botnet infected more than 4000 systems, network daily, and take control of it by exploiting the vulnerabilities in the unpatched systems. Smominru botnet targeting…
- Critical flaws affect Jira Service Desk and Jira Service Desk Data Center Atlassian released security updates for Jira Service Desk and Jira Service Desk Data Center to address a critical flaw that can lead to information disclosure Atlassian released security updates to address critical vulnerabilities in Jira Service Desk and Jira Service Desk Data Center. One of the flaw can lead to information disclosure, while another critical…
- Security Affairs newsletter Round 232 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! A bug in Instagram exposed user…
- 0patch will provide micropatches for Windows 7 and Server 2008 after EoS With the end-of-life of Windows 7 and Server 2008, their users will no more receive security patches, the only way to remain protected is to trust in micropatches. On January 14, 2020, support for Window 7, Windows Server 2008 and 2008 R2 will end, this means that users will no longer receive security updates. In order to address security…
- Facebook suspends tens of thousands of apps from hundreds of developers Facebook announced it has suspended tens of thousands of apps as a result of a review of privacy practices launched following the Cambridge Analytica scandal. In April 2018, Facebook revealed that 87 million users have been affected by the Cambridge Analytica case, much more than 50 million users initially thought. The company allowed to access to the personal data of…
- Iran denies successful cyber attacks hit infrastructures of its oil sector In the last hours, some western media reported destructive cyber attacks against infrastructures in the Iranian oil sector, but Iran denied it. Last week drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site. Western Governments and Saudi Arabia blamed Iran for…
- MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019) Hello, it’s unixfreaxjp here. It has been a while since I wrote our own blog, and it is good to be back. Thank you for your patience for all of this time. The background It was after September 2016 when we decided to move our blog and since then I had a lot of fun…
- One of the hackers behind EtherDelta hack also involved in TalkTalk hack US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted…
- 5 Cybersecurity Trends in the Professional Services Sector Cybersecurity is an increasingly significant focus for many companies as cyberattacks become more frequent and more costly. Which are 5 Cybersecurity trends in the professional services sector? Professional services organizations are especially vulnerable due to the high value of the industry and the data they store — like Social Security numbers, personal financial information and classified…
- Two selfie Android adware apps with 1.5M+ downloads removed from Play Store Experts at Wandera’s threat research team discovered two adware apps on the Google Play Store that were downloaded 1.5M+ times. Researchers at Wandera discovered two adware selfie filter camera apps on the Google Play that were pushing ads and that can record audio. The bad news is that the two apps were downloaded 1.5M+ times.…
- U.S. taxpayers hit by a phishing campaign delivering the Amadey bot Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. The Amadey bot is a quite…
- Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign Agent Tesla is a fully customizable password info-stealer offered as malware-as-a-service, many cyber criminals are choosing it as their preferred recognition tool. Introduction Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “commodity malware”. It is a fully customizable password info-stealer and many cyber…
- Crooks hacked other celebrity Instagram accounts to push scams There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams. The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been…
- Magecart attackers target mobile users of hotel chain booking websites Trend Micro researchers reported that a Magecart group has hacked the websites of two hotel chains to inject scripts targeting Android and iOS users. Researchers discovered a series of incidents involving software credit card skimmer used by Magecart to hit the booking websites of hotel chains. In early September, the researchers discovered a JavaScript code onto two…
- At least 1,300 Harbor cloud registry installs open to attackA critical security flaw in Harbor cloud native registry for container images could be exploited to obtain admin privileges on a vulnerable hosting system. Palo Alto Networks’ Unit 42 researcher Aviv Sasson discovered a critical vulnerability in Harbor cloud native registry for container images. The flaw, tracked as CVE-2019-16097, could be exploited to take control…
- Emotet is back, it spreads reusing stolen email contentEmotet is back, its operators leverage a recently introduced spear-phishing technique to deliver their malware, they are hijacking legitimate email conversations. In 2019, security experts haven’t detected any activity associated with Emotet since early April, when researchers at Trend Micro have uncovered a malware campaign distributing a new Emotet Trojan variant that compromises devices and…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...