Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
China-Linked APT15 group is using a previously undocumented backdoor ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Security researchers at ESET reported that China-linked threat actor APT15 (aka Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon) has been using a previously undocumented backdoor for more than two years. APT15 has been active…
A new ProFTPD vulnerability exposes servers to hack A flaw in the open-source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and potentially execute arbitrary code. The security researcher Tobias Mädel discovered a vulnerability in the open-source ProFTPD file transfer protocol (FTP) server that can be exploited to copy files to vulnerable servers and potentially execute arbitrary…
Comodo Antivirus is affected by several vulnerabilities Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582. The most severe flaw, tracked as CVE=2019-3969, could…
Experts spotted P2P worm spreading Crypto-Miners in the wild Malware researchers at Yoroi-Cybaze Z-Lab have discovered a P2P worm that is spreading Crypto-Miners in the wild. Introduction In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware…
CERT-Bund warns of a critical vulnerability in VLC player VLC player is still affected by a critical heap-based memory buffer over-read condition, tracked as CVE-2019-13615, that could be exploited by a remote attacker to execute arbitrary code. The VLC player is still affected by a critical remote code execution vulnerability tracked as CVE-2019-13615. The potential impact of the flaw is important because the software…
Czech public radio says Huawei Czech Unit secretly collected data New problems for Huawei, the Czech unit of telecoms giant secretly collected personal data customers, officials and business partners. Huawei made the headlines again, according to the Czech public radio the Czech unit of Chinese telecoms giant secretly collected personal data of customers, officials, and business partners. The radio cited two former Huawei managers as…
Hackers published a list of allegedly phished Discord login credentials Last week, hackers published a list of Discord credentials (email addresses/passwords) that were allegedly phished from the users of the gaming chat platform. Last week, a group of hackers published a list of Discord login credentials (email addresses and passwords) that were allegedly phished from the users of the gaming chat platform. Fortunately, the list…
WSJ says Equifax to Pay $700 million settlement for 2017 breach The Wall Street Journal revealed that Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach. According to The Wall Street Journal, Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach. The security breach suffered by Equifax in 2017 exposed…
BlackBerry Cylance addresses AI-based antivirus engine bypass BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. Experts at cybersecurity firm Skylight announced last week that they have devised a method to bypass BlackBerry Cylance’s AI-based antivirus engine, now the company addressed the issue with an update and attempted to downplay the impact of the issue.…
New APT34 campaign uses LinkedIn to deliver fresh malware The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (OilRig, and HelixKitten. Greenbug) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge…
Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens Bad news for citizens of Kazakhstan, the government is beginning to intercept all the encrypted traffic, and to do it, it is forcing them to install a certificate. The Kazakhstan government is beginning to intercept all the encrypted traffic and to do it is forcing users in the country to install a certificate. The Kazakhstan…
Emsisoft releases a second decryptor in a few days, this time for ZeroFucks ransomware Security experts at Emsisoft released a second decryptor in a few days, this time announced a free decryptor for the ZeroFucks ransomware. A few days ago, the experts at Emsisoft released a free decryptor for the Ims00rry ransomware, now the malware team announced the released of a decryptor for the ZeroFucks ransomware. Victims of the…
Security Affairs newsletter Round 223 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! For nearly a year, Brazilian users have been targeted with router attacks NCSC report warns of DNS Hijacking Attacks SAP Patch Day – July 2019 addresses a critical flaw…
Hackers breach 62 US colleges by allegedly exploiting Ellucian Banner Web flaw Hackers breached at least 62 college and university networks exploiting a flaw in Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP. US Department of Education warned that hackers have breached at least 62 college and university networks by exploiting a vulnerability in the Ellucian Banner Web Tailor module of the Ellucian Banner ERP. The module is…
WizzAir informed customers it forced a password reset on their accounts The airline company WizzAir informed its customers that it had reset the account passwords due to a technical issue in the system. The airline company WizzAir had reset the account passwords of its users due to a technical issue in its system. In an email message sent to the customers, the company explained that it…
Xerosploit – Pentesting Toolkit to Perform MITM, Spoofing, DOS, Images Sniffing/Replacement, WD Attacks Xerosploit is a penetration testing toolbox whose objective is to perform the man in the middle attacks. It brings different modules that permit to acknowledge proficient assault and furthermore permits to do DOS attacks and port filtering. We can use this tool to perform DOS, MITM attacks, also the tool has driftnet modules which capture images…
Comodo Antivirus Affected With Multiple Vulnerabilities that Includes Privilege Escalation and Denial of Service Researchers discovered five critical vulnerabilities in Comodo Antivirus / Advanced version. Out of five vulnerabilities four present in version 12.0.0.6810 and one with 11.0.0.6582. The vulnerabilities discovered at Tenable by David Wells, these vulnerabilities could be exploited by the attacker on the target system by “escaping sandbox as well as a privilege escalation to SYSTEM.”…
Russia Attempted to De-Anonymize Tor Browser: Report An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.
CISA Warns Public About the Risks of 5G Vulnerabilities include everything from physical risks through the supply chain to business risks.
Russian Intelligence Found Trying to Crack Tor Browser by Taking part in the Network A hacker group compromised Russia’s Secret Intelligence Agency and they gained access to terabytes of data stored by the FSB contractor that includes the secret project details. BBC learned that hackers who breached Russian intelligence contractor found that they are working towards cracking Tor browser as part of their secret project. It is still unclear…
Apple Released Security Updates for iOS, Safari, macOS with the Fixes for Several Security Vulnerabilities Apple released security updates for products and fixed several vulnerabilities with the new release of iOS 12.4, tvOS 12.4, Safari 12.1.2, macOS Mojave 10.14.6, watchOS 5.3. iOS 12.4 released with the several security fixes that affected FaceTime, core data, Foundation in apps, message profile, Siri, wallet, Webkit and other iOS components. The vulnerabilities that reside in…
File Copy Vulnerability With ProFTPD puts Over 1 Million Servers at Risk File copy vulnerability in ProFTPD server allows an anonymous remote attacker to execute the code in vulnerable machine results in remote code execution and information disclosure without authentication. By exploiting the vulnerability attacker can run any program code with the rights of the Pro-FTPd service. The vulnerability can be tracked as CVE-2019-12815 and it affects…
How Cybercriminals Break into the Microsoft Cloud Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Ex-NSA Contractor Gets 9 Years for Retaining Defense Data Law enforcement recovered two decades' worth of stolen material from the home and car of former government contractor Harold Martin.
Organization Cyber Disaster Recovery Plan Checklist Calamity occurrence in any area, arising from natural or man-made causes, or by accident or negligence which results in substantial loss of asset or business, Flood: Any unplanned event that requires immediate redeployment of limited resources is defined as cyber Disaster Recovery Plan. Types of Cyber Disaster: Natural Forces: Fire Environmental Hazards Flood / Water…
Chrome’s Incognito Mode Loophole Let Sites to Detect People’s Browsing Activities Google announced a release of Chrome 76 beta version on July 30, in which Chrome will remedy an Incognito loophole that has allowed sites to detect people’s browsing activities. Incognito Mode is an optional Chrome’s feature helps users to browse in private mode to stop sites track their activities on the web. The new loophole…
Critical Vulnerability in VLC Media Player 3.0.7.1 Let Hackers to Execute Arbitrary Code Critical Vulnerability Found in the current version of VLC Media Player let hackers execute arbitrary code on the vulnerable machine. German Cybersecurity agency, CERT-Bund, discovered the critical flaw. The vulnerability can be tracked as CVE-2019-13615, a remote attacker can exploit this vulnerability to run arbitrary code on the target machine which causes a denial of…
What is DNS Attack and How Does it Work? DNS Attack is a type of cyber attack that exploits the weakness or vulnerability in Domain name system. Today, the internet has turned into an integral part of our life. From communicating to banking to shopping to traveling, every aspect of our life is around the internet. Since the internet has been widely used, cybersecurity…
Equifax to Pay Nearly $650 Million as Fine Over 2017 Data Breach Equifax to pay a massive fine of around $650 million following to the 2017 data breach that exposes 145 million customers record. The exposed data includes names, addresses, driver license numbers, and Social Security numbers. The company is expected to pay around $650 million to settle for Federal, state investigations and customer claims that associated…
Russia’s Secret Intelligence Agency Hacked – One of the Largest Hack in the Russian Secret Service History Hackers compromised the Russian Federal Security Service (FSB) servers where they gained access to 7.5 terabytes of data from a major FSB contractor named “Sytech”. Intruders leaked the dozens of data that related to non-public Internet projects such as how Russia trying to de-anonymization of users of the Tor browser, collecting information about users of social networks,…
- China-Linked APT15 group is using a previously undocumented backdoor ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Security researchers at ESET reported that China-linked threat actor APT15 (aka Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon) has been using a previously undocumented backdoor for more than two years. APT15 has been active…
- A new ProFTPD vulnerability exposes servers to hack A flaw in the open-source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and potentially execute arbitrary code. The security researcher Tobias Mädel discovered a vulnerability in the open-source ProFTPD file transfer protocol (FTP) server that can be exploited to copy files to vulnerable servers and potentially execute arbitrary…
- Comodo Antivirus is affected by several vulnerabilities Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582. The most severe flaw, tracked as CVE=2019-3969, could…
- Experts spotted P2P worm spreading Crypto-Miners in the wild Malware researchers at Yoroi-Cybaze Z-Lab have discovered a P2P worm that is spreading Crypto-Miners in the wild. Introduction In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware…
- CERT-Bund warns of a critical vulnerability in VLC player VLC player is still affected by a critical heap-based memory buffer over-read condition, tracked as CVE-2019-13615, that could be exploited by a remote attacker to execute arbitrary code. The VLC player is still affected by a critical remote code execution vulnerability tracked as CVE-2019-13615. The potential impact of the flaw is important because the software…
- Czech public radio says Huawei Czech Unit secretly collected data New problems for Huawei, the Czech unit of telecoms giant secretly collected personal data customers, officials and business partners. Huawei made the headlines again, according to the Czech public radio the Czech unit of Chinese telecoms giant secretly collected personal data of customers, officials, and business partners. The radio cited two former Huawei managers as…
- Hackers published a list of allegedly phished Discord login credentials Last week, hackers published a list of Discord credentials (email addresses/passwords) that were allegedly phished from the users of the gaming chat platform. Last week, a group of hackers published a list of Discord login credentials (email addresses and passwords) that were allegedly phished from the users of the gaming chat platform. Fortunately, the list…
- WSJ says Equifax to Pay $700 million settlement for 2017 breach The Wall Street Journal revealed that Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach. According to The Wall Street Journal, Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach. The security breach suffered by Equifax in 2017 exposed…
- BlackBerry Cylance addresses AI-based antivirus engine bypass BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. Experts at cybersecurity firm Skylight announced last week that they have devised a method to bypass BlackBerry Cylance’s AI-based antivirus engine, now the company addressed the issue with an update and attempted to downplay the impact of the issue.…
- New APT34 campaign uses LinkedIn to deliver fresh malware The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (OilRig, and HelixKitten. Greenbug) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge…
- Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens Bad news for citizens of Kazakhstan, the government is beginning to intercept all the encrypted traffic, and to do it, it is forcing them to install a certificate. The Kazakhstan government is beginning to intercept all the encrypted traffic and to do it is forcing users in the country to install a certificate. The Kazakhstan…
- Emsisoft releases a second decryptor in a few days, this time for ZeroFucks ransomware Security experts at Emsisoft released a second decryptor in a few days, this time announced a free decryptor for the ZeroFucks ransomware. A few days ago, the experts at Emsisoft released a free decryptor for the Ims00rry ransomware, now the malware team announced the released of a decryptor for the ZeroFucks ransomware. Victims of the…
- Security Affairs newsletter Round 223 – News of the week A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! For nearly a year, Brazilian users have been targeted with router attacks NCSC report warns of DNS Hijacking Attacks SAP Patch Day – July 2019 addresses a critical flaw…
- Hackers breach 62 US colleges by allegedly exploiting Ellucian Banner Web flaw Hackers breached at least 62 college and university networks exploiting a flaw in Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP. US Department of Education warned that hackers have breached at least 62 college and university networks by exploiting a vulnerability in the Ellucian Banner Web Tailor module of the Ellucian Banner ERP. The module is…
- WizzAir informed customers it forced a password reset on their accounts The airline company WizzAir informed its customers that it had reset the account passwords due to a technical issue in the system. The airline company WizzAir had reset the account passwords of its users due to a technical issue in its system. In an email message sent to the customers, the company explained that it…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
