Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
NY Payroll Company Vanishes With $35 MillionMyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in countless people having money drained from their bank accounts and has left…
Patch Tuesday, September 2019 EditionMicrosoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on…
Secret Service Investigates Breach at U.S. Govt IT ContractorThe U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government…
‘Satori’ IoT Botnet Operator Pleads GuiltyA 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the "Satori" botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.
Spam In your Calendar? Here’s What to Do.Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application…
Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors Researchers discovered many flaws in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. Security experts have discovered multiple vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. The research is part of a project dubbed SOHOpelessly Broken 2.0 conducted Independent Security Evaluators (ISE). In…
Fraudulent purchases of digitals certificates through executive impersonation Experts at ReversingLabs spotted a threat actor buying digital certificates by impersonating legitimate entities and then selling them on the black market. Researchers at ReversingLabs have identified a new threat actor that is buying digital certificates by impersonating company executives, and then selling them on the black market. The experts discovered that digital certificates are then…
MobiHok RAT, a new Android malware based on old SpyNote RAT A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts from threat intelligence firm SenseCy spotted a new piece of Android RAT, dubbed MobiHok RAT, that used code from the old SpyNote RAT. At the beginning of July 2019, the experts…
Data leak exposes sensitive data of all Ecuador ‘citizens Experts discovered a huge data leak affecting Ecuador, maybe the largest full-country leak, that exposed data belonging to 20 million Ecuadorian Citizens. Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens. Data were left unsecured online on a misconfigured Elasticsearch server, exposed data…
A flaw in LastPass password manager leaks credentials from previous site A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes…
France and Germany will block Facebook’s Libra cryptocurrency Bad news for Facebook and its projects, France and Germany agreed to block Facebook’s Libra cryptocurrency, the French finance ministry said. France and Germany governments announced that they will block Facebook’s Libra cryptocurrency, the news was reported by French finance ministry Bruno Le Maire. “We believe that no private entity can claim monetary power, which…
Tor Project’s Bug Smash Fund raises $86K in August The Tor Project has raised $86,000 for a Bug Smash fund that it will use to pay developers that will address critical flaws in the popular anonymizing network. The Tor Project has raised $86,000 for a Bug Smash fund that was created to pay developers that will address critical security and privacy issues in the popular anonymizing…
Astaroth Trojan leverages Facebook and YouTube to avoid detection Cofense experts uncovered a new variant of the Astaroth Trojan that uses Facebook and YouTube in the infection process. Researchers at Cofense have uncovered a phishing campaign targeting Brazilian citizens with the Astaroth Trojan that uses Facebook and YouTube in the infection process. The attach chain appears to be very complex and starts with phishing…
Drone attacks hit two Saudi Arabia Aramco oil plants Drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site. Drone attacks have hit Saudi Arabia’s oil production suffered severe damage following a swarm of explosive drones that hit two major oil facilities run by the state-owned company Aramco in Saudi…
Security Affairs newsletter Round 231 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! Experts found Joker Spyware in 24…
Delaler Leads, a car dealer marketing firm exposed 198 Million records online Researcher discovered an unsecured database exposed online, belonging to car dealership marketing firm Dealer Leads, containing 198 million records. The researcher Jeremiah Fowler discovered an unsecured database exposed online that belong to car dealership marketing firm Dealer Leads. The archive containing 198 million records for a total of 413GB of data containing information of potential…
A bug in Instagram exposed user accounts and phone numbers Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information. The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name. ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional…
Expert disclosed passcode bypass bug in iOS 13 a week before its release A security researcher disclosed a passcode bypass just a week before Apple has planned to release the new iOS 13 operating system, on September 19. Apple users are thrilled for the release of the iOS 13 mobile operating system planned for September 19, but a security expert could mess up the party. The security researcher…
InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets Researchers at Zscaler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. Researchers at Zscaler have discovered a new Trojan dubbed InnfiRAT that implements many standard Trojan capabilities along with the ability to steal cryptocurrency wallet data. “As with just about every piece of malware, InnfiRAT is designed…
Hackers stole payment data from Garmin South Africa shopping portalGarmin, the multinational company focused on GPS technology for automotive, aviation, marine, outdoor, and sport activities is victim of a data breach. Garmin is the victim of a data breach, it is warning customers in South Africa that shopped on the shop.garmin.co.za portal that their personal info and payment data were exposed. The stolen data, included…
Tracking Photo’s Geo-location to See Where the Photo Was Taken – A Forensic Analysis This article is about collecting metadata from photographs. Metadata is information which is created for every file’s format. Examples for metadata: file created date and time, last edited, etc. In this article, we will take a picture from iPhone and analyze that Image to collect various metadata for collected evidence. Before starting your forensic investigation for images, you…
Linux Malware Skidmap Uses kernel-mode Rootkits to Hide Cryptocurrency Mining Activities Skidmap is a recent sample of the Linux malware that loads malicious kernel modules to hide it’s Cryptocurrency mining activities by faking network traffic and CPU usage. The malware not only generates Cryptocurrency, but it also set’s up a secret master password on the infected system, which gives attackers complete system access. Security researchers from…
ES-File Explorer Vulnerability Let Attacker Access All Your Personal Files In Your Phone Remotely within 2 Min A high severity authentication bypass vulnerability that resides in ES-File Explorer due to insecure FTP activity let remote attackers gain access to all your files saved in your Android phone. Ealier this year, another ES File Explorer Vulnerability Puts 100 million users data at risk and allows a local attacker to exploit the vulnerability and…
5 Steps How To Protect Your Company Infrastructure From Insider Threats While most people worry about threats from hackers trying to breach their security from the outside, it’s just as, if not more, important to also protect against insider threats as they can have disastrous effects on every facet of your company. While the danger of having an employee start acting maliciously towards the company is…
Oracle Expands Cloud Security Services at OpenWorld 2019 The company broadens its portfolio with new services developed to centralize and automate cloud security.
Court Rules In Favor of Firm 'Scraping' Public Data US appeals court said a company can legally use publicly available LinkedIn account information.
Data Leak Affects Most of Ecuador's Population An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
Hackers using Facebook and YouTube Profiles to Host Astaroth Malware C2 Server Cybercriminals abusing Facebook and YouTube profiles to host the Astaroth malware that launches through sophisticated phishing campaign to target mainly Brazilian citizens. Threat actors behind the Astaroth Trojan using a various trusted source to compromise and steal the sensitive the data from the victims. Security research community motioning Astaroth Trojan activities since 2018 and the…
Threat Actor Sells Entire Source Code of Popular Android RAT in the Dark Web for $15,000 Dark web forums are the nesting grounds for threat actors to distribute hacking tools and other illicit documents. These dark web forums are known for anonymity and they can be reached only using a browser such as Tor. SenseCy observed a sales thread in a hacking forum created by Arab-speaking threat actor with handle mobeebom…
How Researchers Hacked LED Wristbands and Taken Complete Control LED wristbands to light up large shows and events, it will be provided by event organizers to attendees, the wristbands are a part of lighting systems and it can be remotely controlled by DJ. RF remote controllers are the common techniques used in these LED wristbands, security researchers from Trend Micro shows that these wristbands…
Most Important Web Server Penetration Testing Checklist Web server pen testing performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities. 1. “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web server along with this to work through all of the different application Vulnerabilities.…
How Hackers Possibly Penetrate F-35 Fighter Jet – Guide to F-35’s Tech and Cybersecurity Cybersecurity is an evolving market, and organizations are always advised to keep their network armed and secured against cybercriminals. Considering the recent sophisticated cyberattacks, Airforce is one key area to explore. US Cyber Command along with NSA does have a competitive cybersecurity advantage in the global market of cybersecurity. The United States is additionally one…
Data Governance – Best Practices for Collection and Management of Data With Data Governance Tools Data Governance: Companies today must do all they can to create advantages against the competition. This means using all available resources to their advantage and creating an internal environment that supports fast growth and an ability to adapt to and even interpret changing business conditions. One critical tool today is data. The collection and management…
U.S.Treasury Sanctions Three North Korean Hackers Group for Attacking on Critical Infrastructure U.S. Department of the Treasury’s declare sanctions targeting three North Korean state-sponsored hacker group responsible for attacking Critical Infrastructure. Office of Foreign Assets Control (OFAC) identified that three hacking groups namely “Lazarus Group,” “Bluenoroff,” and “Andariel” are controlled by North Korea’s primary intelligence bureau. These groups are known for conducting large scale attack targeting government,…
Hacker Bypass iPhone Lockscreen to Access the Contact list by Exploit a Bug in iOS 13A security researcher discovered a flaw in iOS 13 that allows bypassing the iPhone lock screen and access the victims to contact information without unlocking the device. Apple announced a release of iOS 13 during the company’s iPhone 11 event at its Cupertino, California, headquarters on Tuesday. Meanwhile, Jose Rodrigue, a Spanish security researcher discovered two security…
- Fraudulent purchases of digitals certificates through executive impersonation Experts at ReversingLabs spotted a threat actor buying digital certificates by impersonating legitimate entities and then selling them on the black market. Researchers at ReversingLabs have identified a new threat actor that is buying digital certificates by impersonating company executives, and then selling them on the black market. The experts discovered that digital certificates are then…
- MobiHok RAT, a new Android malware based on old SpyNote RAT A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts from threat intelligence firm SenseCy spotted a new piece of Android RAT, dubbed MobiHok RAT, that used code from the old SpyNote RAT. At the beginning of July 2019, the experts…
- Data leak exposes sensitive data of all Ecuador ‘citizens Experts discovered a huge data leak affecting Ecuador, maybe the largest full-country leak, that exposed data belonging to 20 million Ecuadorian Citizens. Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens. Data were left unsecured online on a misconfigured Elasticsearch server, exposed data…
- A flaw in LastPass password manager leaks credentials from previous site A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes…
- France and Germany will block Facebook’s Libra cryptocurrency Bad news for Facebook and its projects, France and Germany agreed to block Facebook’s Libra cryptocurrency, the French finance ministry said. France and Germany governments announced that they will block Facebook’s Libra cryptocurrency, the news was reported by French finance ministry Bruno Le Maire. “We believe that no private entity can claim monetary power, which…
- Tor Project’s Bug Smash Fund raises $86K in August The Tor Project has raised $86,000 for a Bug Smash fund that it will use to pay developers that will address critical flaws in the popular anonymizing network. The Tor Project has raised $86,000 for a Bug Smash fund that was created to pay developers that will address critical security and privacy issues in the popular anonymizing…
- Astaroth Trojan leverages Facebook and YouTube to avoid detection Cofense experts uncovered a new variant of the Astaroth Trojan that uses Facebook and YouTube in the infection process. Researchers at Cofense have uncovered a phishing campaign targeting Brazilian citizens with the Astaroth Trojan that uses Facebook and YouTube in the infection process. The attach chain appears to be very complex and starts with phishing…
- Drone attacks hit two Saudi Arabia Aramco oil plants Drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site. Drone attacks have hit Saudi Arabia’s oil production suffered severe damage following a swarm of explosive drones that hit two major oil facilities run by the state-owned company Aramco in Saudi…
- Security Affairs newsletter Round 231 A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! Experts found Joker Spyware in 24…
- Delaler Leads, a car dealer marketing firm exposed 198 Million records online Researcher discovered an unsecured database exposed online, belonging to car dealership marketing firm Dealer Leads, containing 198 million records. The researcher Jeremiah Fowler discovered an unsecured database exposed online that belong to car dealership marketing firm Dealer Leads. The archive containing 198 million records for a total of 413GB of data containing information of potential…
- A bug in Instagram exposed user accounts and phone numbers Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information. The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name. ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional…
- Expert disclosed passcode bypass bug in iOS 13 a week before its release A security researcher disclosed a passcode bypass just a week before Apple has planned to release the new iOS 13 operating system, on September 19. Apple users are thrilled for the release of the iOS 13 mobile operating system planned for September 19, but a security expert could mess up the party. The security researcher…
- InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets Researchers at Zscaler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. Researchers at Zscaler have discovered a new Trojan dubbed InnfiRAT that implements many standard Trojan capabilities along with the ability to steal cryptocurrency wallet data. “As with just about every piece of malware, InnfiRAT is designed…
- Hackers stole payment data from Garmin South Africa shopping portalGarmin, the multinational company focused on GPS technology for automotive, aviation, marine, outdoor, and sport activities is victim of a data breach. Garmin is the victim of a data breach, it is warning customers in South Africa that shopped on the shop.garmin.co.za portal that their personal info and payment data were exposed. The stolen data, included…
The US Treasury placed sanctions on North Korea linked APT GroupsThe US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The groups are behind several hacking operations that resulted in the theft of hundreds of millions of dollars from financial institutions and cryptocurrency exchanges…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...