Daily Cyber Threats for Businesses and You
Safe Harbor on Cyber Daily News: A Must Read on Cybersecurity to meet your needs.
Welcome to the and enjoy reading our amazing and comprehensive Safe Harbor on the
Cyber news alert RSS feeds for your reading and gain the latest insight
Collection of Cyber News Alert Feeds
Click title link below for rendering original Articles on:
Hackers are scanning the web for vulnerable Citrix systems Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch…
Evilnum Group targets European and British fintech companies A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden…
Juniper Networks addressed many issues in its products Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Juniper Networks addressed several vulnerabilities in its products, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Half a dozen of the flaws are DoS issues that have been rated high severity.…
Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data. The CDATA OLTs are sold under different brands, including Cdata, OptiLink, V-SOL CN, and BLIY. Some of the…
KingComposer fixes a reflected XSS impacting 100,000 WordPress sites An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin. Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and…
Pre-Installed malware spotted on other Android phones sold in US Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the…
Zoom is working on a patch for a zero-day in Windows client Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the video conferencing software Zoom. The vulnerability is a remote code execution issue, which could allow the…
Joker malware apps bypassed Google’s Play Store security checks Check Point research discovered that the Joker (aka Bread) Android malware once again has bypassed protections implemented by Google for its Play Store. Researchers from security firm Check Point discovered samples of the Joker (aka Bread) malware were uploaded on the official Play Store bypassing protections implemented by Google for its users. “Check Point’s researchers…
15 billion credentials available in the cybercrime marketplaces More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. Over the past few…
Palo Alto Networks addresses another high severity issue in PAN-OS devices Palo Alto Networks addressed a new severe vulnerability in the PAN-OS GlobalProtect portal that impacts PAN next-generation firewalls. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has been rated as critical severity and received a…
Google Tsunami vulnerability scanner is now open-source Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’…
DOJ indicts Fxmsp hacker for selling access to hacked businesses The US Department of Justice has indicted a hacker named Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. The US Department of Justice has indicted a hacker that goes online with the moniker Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. According to…
Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before…
Malicious app in Google Play used to deliver Cerberus Banking Trojan Experts found a tainted app in the Google Play store that was downloaded by more than 10,000 users and that was delivering the Cerberus banking Trojan. Researchers from AVAST have discovered a currency converter application in the Google Play store that was downloaded by more than 10,000 users and that was designed to deliver the…
SentinelOne released free decryptor for ThiefQuest ransomwareGood news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. Early July, security expert K7 Lab malware researcher Dinesh Devadoss…
Biden Campaign Hires 2 Top Cybersecurity Executives The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
Zoom Patches Zero-Day Vulnerability in Windows 7 The flaw also affects older versions of the operating system, even if they're fully patched.
As Offices Reopen, Hardware from Home Threatens Security Devices out of sight for the past several months could spell trouble when employees bring them back to work.
100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw KingComposer, a WordPress plugin found installed with over 100,000 WordPress sites found vulnerable to Reflected Cross-Site Scripting. The vulnerability was found by the Wordfence security team with KingComposer Drag and Drop page building plugin. The vulnerability can be exploited by the attacker tricking the victim into clicking a malicious link, which sends the victim to…
Zoom 0day Vulnerability Let Remote Attacker to Execute Arbitrary Code on Victim’s Computer A new remote code execution “0day” flaw with Zoom Client for Windows allows remote attackers to execute arbitrary code on Windows computer where the vulnerable version of Zoom client installed. The vulnerability was found by a researcher who wants to keep their identity private, the vulnerability can be exploited by an attacker by making the…
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
Up Close with Evilnum, the APT Group Behind the Malware The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
Omdia Research Launches Page on Dark Reading Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
When WAFs Go Wrong Web application firewalls are increasingly disappointing enterprises today. Here's why.
How to Protect Your Smart Home from IoT Threats? Our world is increasingly becoming digital as we are moving towards a society that is interconnected through a web of internet-enabled devices. We call this network or technology IoT (Internet of Things) which is also understood as ‘smart homes’. But is this technology safe? Well, just like other technologies, it is safe if you take…
Top 5 Best Dedicated Academy to Learn Ethical Hacking & Cyber Security Training Online 2020 Nowadays, hacking becomes known to everyone, as this term has been around for a great time now. Well, the very first reported case of hacking dates back to the early 1960s at MIT, where both the terms, ‘Hacking’ and ‘Hacker’ was stamped. Since then, hacking has developed broadly comprehended discipline for the computing society. In…
New Variant of Infamous Android Joker Malware Bypasses Google Play Security to Attack Users The Joker malware detected in early June 2019, it employs several tactics to bypass GooglePlay protection and to perform several malicious activities. The malware used to hide inside different apps and once users downloaded to the phone they got infected with the Joker malware. It aims to steal money from the user by signing for…
Beware!! 15 Billion Stolen Username & Passwords for Sale On the Dark Web New research indicates that more than 15 billion username and passwords are circulated on the dark web. This exposed credentials would result in account compromise. Account Takeover (known as ATO) is a malicious activity in which attackers take over legitimate user’s online accounts. We rely on passwords to safeguard our online sensitive data such as…
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
As More People Return to Travel Sites, So Do Malicious Bots Attacks against travel-related websites are on the rise as the industry begins to slowly recover from COVID-19, new data shows.
- Hackers are scanning the web for vulnerable Citrix systems Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch…
- Evilnum Group targets European and British fintech companies A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden…
- Juniper Networks addressed many issues in its products Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Juniper Networks addressed several vulnerabilities in its products, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Half a dozen of the flaws are DoS issues that have been rated high severity.…
- Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data. The CDATA OLTs are sold under different brands, including Cdata, OptiLink, V-SOL CN, and BLIY. Some of the…
- KingComposer fixes a reflected XSS impacting 100,000 WordPress sites An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin. Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and…
- Pre-Installed malware spotted on other Android phones sold in US Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the…
- Zoom is working on a patch for a zero-day in Windows client Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the video conferencing software Zoom. The vulnerability is a remote code execution issue, which could allow the…
- Joker malware apps bypassed Google’s Play Store security checks Check Point research discovered that the Joker (aka Bread) Android malware once again has bypassed protections implemented by Google for its Play Store. Researchers from security firm Check Point discovered samples of the Joker (aka Bread) malware were uploaded on the official Play Store bypassing protections implemented by Google for its users. “Check Point’s researchers…
- 15 billion credentials available in the cybercrime marketplaces More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. Over the past few…
- Palo Alto Networks addresses another high severity issue in PAN-OS devices Palo Alto Networks addressed a new severe vulnerability in the PAN-OS GlobalProtect portal that impacts PAN next-generation firewalls. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has been rated as critical severity and received a…
- Google Tsunami vulnerability scanner is now open-source Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’…
- DOJ indicts Fxmsp hacker for selling access to hacked businesses The US Department of Justice has indicted a hacker named Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. The US Department of Justice has indicted a hacker that goes online with the moniker Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. According to…
- Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before…
- Malicious app in Google Play used to deliver Cerberus Banking Trojan Experts found a tainted app in the Google Play store that was downloaded by more than 10,000 users and that was delivering the Cerberus banking Trojan. Researchers from AVAST have discovered a currency converter application in the Google Play store that was downloaded by more than 10,000 users and that was designed to deliver the…
- SentinelOne released free decryptor for ThiefQuest ransomwareGood news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. Early July, security expert K7 Lab malware researcher Dinesh Devadoss…
Safe Harbor on Cyber is a ‘safe harbor’ blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
This website offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. We provide
- Curated Cyber Security Information and News Feeds and Articles on Targeted Alerting
- Hints and Best Practices
- How To’s and DIYs
- Secure, Trusted Collaboration
- Cyber Threat and Defense News
- Cyber Resource Links for further learning experiences.
So that we the greater community to be better protected for you, your family, and business.
Under CyberWisdom, we deliver value curated new commentaties for your awareness in prevention and protection in cybersecurity, identity thefts, and cyber threats
:
- A consolidated, edited view of the latest cyber developments in order to help you perform your professional responsibilities (in the form of personalized dashboards and alerts).
- Valuable, unique physical + logical security advice, trends, and incidents.
- A rich library of personal cybersecurity best practices. Open source data feeds top cyber blogs and news.
- Relevant information feeds from US Federal agencies, leading security vendors and authentic cybersecurity experts.
- The ability to automatically report critical cyber incidents to the right corporate groups or government agency.
- Ability to integrate with corporate compliance and governance initiatives to help ensure incidents are appropriately managed and documented.
- Provide news feed commentaries to our sister sites cyberexpertize and wetalkeng.
- And much, much more…
Like this:
Like Loading...
