Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Ransomware Gangs Don’t Need PR Help We've seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind…
COVID-19 ‘Breach Bubble’ Waiting to Pop? The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest…
Russian Cybercrime Boss Burkov Gets 9 YearsA well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most…
New Charges, Sentencing in Satori IoT Botnet ConspiracyThe U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build multiple botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced to drug…
‘BlueLeaks’ Exposes Files from Hundreds of Police DepartmentsHundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed "BlueLeaks" and made searchable via a new website by the same name, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement…
Turn on MFA Before Crooks Do It For YouHundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don't take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will…
FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud ConspiracyAn information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.
Netgear is releasing fixes for ten issues affecting 79 products Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI).…
The U.S. FCC considers Huawei and ZTE as national security threats The U.S. Federal Communications Commission (FCC) announced that Chinese telecommunications giants Huawei and ZTE are considered as national security threats. Last week China accused the US government of “oppressing Chinese companies” after U.S. regulators declared Huawei and ZTE to be national security threats. The Federal Communications Commission blocked the Chinese companies from receiving subsidies from a…
New EvilQuest ransomware targets macOS users Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them. Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected…
Microsoft releases emergency security updates to fix Windows codecs Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs. Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities tracked as CVE-2020-1425 & CVE-2020-1457 that impact Windows 10…
Maze Ransomware operators hacked the Xerox Corporation Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show…
APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says U.S. Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated…
Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam Group-IB discovered thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered thousands of personal records of users from the UK, Australia, South Africa, the US, Singapore, Spain, Malaysia and other countries exposed in a targeted multi-stage…
A threat actor is selling databases stolen from 14 companies A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them (HomeChef, Minted, Tokopedia, and Zoosk) were previously reported data breaches. The list of…
UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack The University of California San Francisco (UCSF) revealed that it paid roughly $1.14 million to cybercriminals to recover data after a ransomware attack. Late last week, the University of California San Francisco (UCSF) admitted having paid roughly $1.14 million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1.…
Palo Alto Networks fixes a critical flaw in firewall PAN-OS Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021, in the operating system (PAN‑OS) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. “When Security Assertion Markup Language (SAML) authentication is enabled and…
At least 31 US Businesses targeted with WastedLocker Ransomware Tens of organizations in the United States have been targeted with the recently discovered WastedLocker ransomware. The malicious code was first documented by researchers from the NCC Group’s report and later Symantec published its own analysis. Security experts from Symantec reported that at least 31 organizations in the United States have been targeted with the recently discovered…
Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdownResearchers revealed that the number of daily brute-force attacks on Windows RDP has doubled during the pandemic lockdown. Security experts from ESET revealed that the number of daily brute-force attacks on Windows RDP has doubled during the COVID-19 lockdown. The phenomenon is not surprising because during the COVID-19 lockdown employees were forced to work from…
Chinese tax software bundled with GoldenSpy backdoor targets western companiesA new malware dubbed GoldenSpy is being distributed embedded in tax payment software that some businesses operating in China are required to install. GoldenSpy is a new backdoor that is being distributed embedded in tax payment software (the Aisino Intelligent tax software) that some businesses operating in China are required to install. The campaign is…
REvil operators threaten to leak files stolen from Australian firm LionAustralian beverage company Lion announced that it has found no evidence that hackers have stolen information from its systems. The Australian brewery and dairy conglomerate Lion suffered two cyber attacks in a few days this month. Lion is a beverage and food company that operates in Australia and New Zealand, and a subsidiary of Japanese beverage…
Office 365 users that are returning to the workplace targeted with Coronavirus training resourcesExperts are warning of a new phishing campaign aimed at Office 365 users that are returning to the workplace with Coronavirus training resources. Threat actors continue to use Coronavirus lures adapting their technique to the current situation. The attack techniques adopted by the threat actors depends on the state of businesses in each region. In…
7 Best Ways to Secure Your Home Wi-Fi Network From Hackers Almost everyone at home now has a Wi-Fi router. People would probably ask you forthe network’s password to check their smartphone or show you vacation pictures stored in the cloud. Many will learn your wireless password soon so people will be able to connect to a network as they walk through your residency. Your router’s…
Critical Security Vulnerabilities Exposes Apache’s popular Remote Desktop Gateway for Hacking Two critical security vulnerabilities found with Apache’s popular open-source remote desktop gateway Apache Guacamole. It supports all standard protocols like VNC, RDP, and SSH. The tool also comes with support for MFA (Multi-Factor Authentication), compliance with BYOD, and other security controls like IPS, SOC anomaly detections, and many more. Now in this pandemic situation, most…
Microsoft Released Emergency Security Updates for Windows 10 to Fix Remote Code Execution Bugs Microsoft has released an emergency security updates for critical vulnerabilities that allow attackers to execute arbitrary code on the vulnerable machine. The vulnerability rated as critical and it resides in Microsoft Windows Codecs Library that handles objects in the memory. The out-of-band security updates fix the critical-severity flaw (CVE-2020-1425) and important-severity vulnerability (CVE-2020-1457). CVE-2020-1425 &…
Chinese Software Company Aisino Uninstalls GoldenSpy Malware Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.
DHS Shares Data on Top Cyberthreats to Federal Agencies Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.
DHS Shares Data on Top Cyber Threats to Federal Agencies Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.
Microsoft Issues Out-of-Band Patches for RCE Flaws Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
New Ransomware “EvilQuest” Attacking macOS Users to Encrypts Users Files A new Mac ransomware strain observed targeting macOS Users through pirated versions of popular mac software shared on popular torrent sites. Users noted the malicious version of popular software that available for download on a Russian forum that dedicated to sharing piracy software links. Mac ransomware The Mac ransomware was first spotted by malware researcher…
Deadly Mirai and Qbot-based DDoS Botnet Creator Jailed for 13 months Kenneth Currin Schuchman, who is also known as Nexus Zeta from Vancouver, Canada, is the creator of deadly Mirai and Qbot-based botnet, has sentenced to 13 months in prison for hiring and promoting the Mirai and Qbot-based DDoS botnets utilized in DDoS attacks against targets from all over the world. Rather than Mirai, Kenneth Currin…
Ripple20 Threatens Increasingly Connected Medical Devices A series of IoT vulnerabilities could put hospital networks, medical data, and patient safety at risk.
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020 The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.
3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.
Hackers Attacking Windows RDP Attack Doubled in this Pandemic – Over 100K Attacks Daily Since the lockdown huge portion of employees working remotely through personal devices to access sensitive organization computers Windows’ Remote Desktop Protocol (RDP). RDP is a proprietary protocol developed by Microsoft which helps a user to get another computer graphically over a network connection. According to ESET telemetry reports, there is a huge uptick with several…
Yuki Chan – Automated Penetration Testing and Auditing Tool Yuki Chan is an Automated Penetration Testing tool that will be auditing all standard security assessment for you. It is one of the Best Penetration testing Tool which provides many Integrated Security Tools and Performing Many Penetration testing Operation into Target Network. There are more than 15 Modules has been Integrated with Yuki chan and it is…
- Netgear is releasing fixes for ten issues affecting 79 products Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI).…
- The U.S. FCC considers Huawei and ZTE as national security threats The U.S. Federal Communications Commission (FCC) announced that Chinese telecommunications giants Huawei and ZTE are considered as national security threats. Last week China accused the US government of “oppressing Chinese companies” after U.S. regulators declared Huawei and ZTE to be national security threats. The Federal Communications Commission blocked the Chinese companies from receiving subsidies from a…
- New EvilQuest ransomware targets macOS users Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them. Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected…
- Microsoft releases emergency security updates to fix Windows codecs Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs. Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities tracked as CVE-2020-1425 & CVE-2020-1457 that impact Windows 10…
- Maze Ransomware operators hacked the Xerox Corporation Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show…
- APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says U.S. Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated…
- Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam Group-IB discovered thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered thousands of personal records of users from the UK, Australia, South Africa, the US, Singapore, Spain, Malaysia and other countries exposed in a targeted multi-stage…
- A threat actor is selling databases stolen from 14 companies A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. A threat actor is selling databases that contain user records for 14 different organizations he claimed were hacked in 2020, only for four of them (HomeChef, Minted, Tokopedia, and Zoosk) were previously reported data breaches. The list of…
- UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack The University of California San Francisco (UCSF) revealed that it paid roughly $1.14 million to cybercriminals to recover data after a ransomware attack. Late last week, the University of California San Francisco (UCSF) admitted having paid roughly $1.14 million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1.…
- Palo Alto Networks fixes a critical flaw in firewall PAN-OS Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021, in the operating system (PAN‑OS) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. “When Security Assertion Markup Language (SAML) authentication is enabled and…
- At least 31 US Businesses targeted with WastedLocker Ransomware Tens of organizations in the United States have been targeted with the recently discovered WastedLocker ransomware. The malicious code was first documented by researchers from the NCC Group’s report and later Symantec published its own analysis. Security experts from Symantec reported that at least 31 organizations in the United States have been targeted with the recently discovered…
- Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdownResearchers revealed that the number of daily brute-force attacks on Windows RDP has doubled during the pandemic lockdown. Security experts from ESET revealed that the number of daily brute-force attacks on Windows RDP has doubled during the COVID-19 lockdown. The phenomenon is not surprising because during the COVID-19 lockdown employees were forced to work from…
- Chinese tax software bundled with GoldenSpy backdoor targets western companiesA new malware dubbed GoldenSpy is being distributed embedded in tax payment software that some businesses operating in China are required to install. GoldenSpy is a new backdoor that is being distributed embedded in tax payment software (the Aisino Intelligent tax software) that some businesses operating in China are required to install. The campaign is…
- REvil operators threaten to leak files stolen from Australian firm LionAustralian beverage company Lion announced that it has found no evidence that hackers have stolen information from its systems. The Australian brewery and dairy conglomerate Lion suffered two cyber attacks in a few days this month. Lion is a beverage and food company that operates in Australia and New Zealand, and a subsidiary of Japanese beverage…
- Office 365 users that are returning to the workplace targeted with Coronavirus training resourcesExperts are warning of a new phishing campaign aimed at Office 365 users that are returning to the workplace with Coronavirus training resources. Threat actors continue to use Coronavirus lures adapting their technique to the current situation. The attack techniques adopted by the threat actors depends on the state of businesses in each region. In…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...