Category: Fity Feeds

It’s a classic issue for BotConf attendees, the last day is always a little bit stronger due to the social event organized every Thursday night. This year, we are in the French area where good wines are produced and the event took place at the “Cité du Vin”. The night was short but I was present at the first talk! Ready as usual!

What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn’t sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan of its user and Azure AD accounts versus the three billion publicly leaked credentials for the first quarter of the year.

• In its previous joint investigations with Spiegel, The Insider and Dossier Center, Bellingcat has reported that the person held by German authorities over the murder of Zelimkhan Khangoshvili in Berlin traveled from Moscow to Germany under a fake identity.
• We established that the suspected assassin’s passport, issued under the name Vadim Sokolov, born 20 August 1970, was issued to a non-existing persona. We identified that the earliest reference to that identity in Russian registries was in September 2015 when this “person” received his first domestic passport, aged 45. “Vadim Sokolov” was assigned a tax identification number only in July 2019, days before applying for his Schengen visa on which he traveled to Paris, Warsaw, and then to Berlin.
  
• We concluded that the issuance of valid domestic passport, tax ID and a international travel passport to a non-existing persona could not have happened without the direct involvement of the Russian state, and thus implicates Russian security services in the assassination in Berlin.
  
• Spiegel reported on Tuesday that the Federal General Prosecutor Peter Frank has reached a conclusion that the Russian authorities likely ordered the Berlin murder. As a result, the Federal Prosecutor’s office is expected to take over the case from the Berlin investigative office in the next few days.
• Spiegel also reports that the German authorities were able to identify the true identity of the killer through matching him to a Russian citizen previously wanted by the Russian state on an Interpol red notice, which however was later withdrawn. That person had been wanted over the murder of a Russian businessman in 2013.

Independently from the findings of the German authorities, our investigative team has independently verified that the real identity of the Berlin assassin who traveled under the fake identity of Vadim Sokolov is in fact Vadim Nikolaevich Krasikov. Vadim Krasikov was born on 10 August 1965, and not in 1970 as per his cover identity. In 19 June 2013, Krasikov was the key suspect in the murder a Russian businessman who had been the subject of several previous assassination attempts. The murder in Moscow was similar in many respects to the Berlin assassination – the killer had approached his target on a bicycle, had shot at him with a hand gun at close range, both in the back and in the head, and had left on his bike.

Take control of your documents no matter where they go

By Alyn Hockey, VP Product Management

What is EDRM?

Enterprise digital rights management (eDRM or Information Rights Management, IRM) has had a rocky start to life. While it’s been around for the last 20 years and is seen as the next step on from encryption, it just hasn’t made it into mainstream use.

• In the previous part of this investigation, we identified the assassin of Zelimkhan Khangoshvili as Vadim Nikolaevich Krasikov, a 54-year old Russian citizen traveling with state-issued false identity papers. Khankoshvilli, an ethnically Chechen Georgian citizen who had fought against Russia in the Second Chechen War and was linked to Georgian military intelligence, was shot and killed at close range by a cyclist in broad daylight at a park near Berlin’s Kleiner Tiergarten. We disclosed that the detained suspect had been a key suspect in a previous murder in Moscow in June 2013, where the killer had also used a bicycle to approach his victim and escape.
• We also disclosed that Russia had terminated both domestic and international search warrants issued for Vadim Krasikov just over a year after their issuance, in mid 2015. This lifting of the warrants occurred only a couple of months before Krasikov’s fake identity papers were issued under the new, cover name of “Vadim Sokolov”.
• Following our publication, Germany’s Federal Prosecutor announced that it is escalating the investigation to a federal level, based on its assessment that the murder was likely commissioned by representatives of the Russian state. In its public statement, the Federal prosecutor’s office confirmed the key findings presented in our previous reports., including the true identity of the suspect and the evidence for the Russian state’s involvement.

In this part of the investigation we present newly discovered evidence that at the time Russian authorities detained Vadim Krasikov – presumably around the time his search warrants were revoked in 2015 – he was wanted for a second, previously unresolved murder in Karelia. A recidivist murder charge would have resulted in a severe jail sentence, in all likelihood a life jail term. This circumstance would have aggravated his personal prospects, and, coupled with his track record as a hitman, would have made him a suitable target for recruitment by Russia’s security services.

Written by Sean Lyngaas
Dec 6, 2019 | CYBERSCOOP

Amy Hess has spent nearly three decades at the FBI, rising to become the highest-ranking woman in the bureau and head of the Criminal, Cyber, Response, and Services Branch.

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about stalkerware and why it’s on the rise. Also, read about Trend Micro’s selection as a launch partner for the new Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing service, announced during AWS re:Invent 2019.

As reported by The Register, researchers from the University of New Mexico have found a bug in the way Unix-flavored systems handle TCP connections, which could put VPN users at risk of having their encrypted traffic hijacked. CVE-2019-14899 is a security weakness that they report to be present in “most” Linux distros, along with Android, iOS, and macOS. If exploited, encrypted VPN traffic can be potentially hijacked and disrupted by miscreants on the network. Once the victim connected to their VPN, the spy would be able to tamper with the TCP stream to do things like inject packets into the stream.

Avast Security News Team, 6 December 2019

Plus more news of the week, including a cyberattack launched by the Chinese government against protestors and malware targeting Facebook ad settings

Written by Shannon Vavra
Dec 6, 2019 | CYBERSCOOP

Huawei is suing the Federal Communications Commission over a measure passed last month that limits the Chinese telecommunication firm’s ability to conduct business in the U.S.

Its December and the Christmas lights are going up, so it can’t be too early for cyber predictions for 2020.   With this in mind, Richard Starnes, Chief Security Strategist at Capgemini, sets out what the priorities will be for businesses in 2020 and beyond.

Apple confirmed that their latest iPhone 11 phones come with a feature that requires regular geolocation checks, but the company said that information doesn’t leave the phone.

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote ‘network adjacent attackers’ to spy on and tamper with encrypted VPN connections.

European Union finance ministers have agreed a defacto ban on the launch in the region of so-called global ‘stablecoins’ such as Facebook’s planned Libra digital currency until the bloc has a common approach to regulation that can mitigate the risks posed by the technology.

Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Not all credentials-stealing has to be done using a remote website, however.

I recently came across an interesting phishing campaign in which the scammers used a rather novel technique. The e-mail looked like a traditional payment notice phishing with a fairly usual text.

Good Day Please find attached a copy of your payment notification Kind Regards, James Watson

“As new technologies emerge, hacking trends will adapt and the number of threats that industry needs to be defended against can only increase”

employing usernames and passwords that leaked online following security breaches at other online services

Gartner Market Guide for SOAR Solutions

*** This is a Security Bloggers Network syndicated blog from Siemplify authored by Steve Salinas. Read the original post at: https://www.siemplify.co/blog/automatic-for-the-soc-people-how-automation-can-quell-those-pesky-false-positives/

When we think about threats to data security our minds usually jump to cyberattacks. But the physical threat of someone stealing or losing a device makes sensitive data just as vulnerable. Between 2005 and 2015, a startling 41% of all data breaches were caused by lost devices.This is a very real threat for the energy industry, where most infrastructure is over 30 years old and was built without present-day security features. Luckily, there’s a simple way to protect data in the energy industry from physical threats: private and secure communications solutions. A strong private, secure communications solution can protect your data from malicious insiders and outsiders – and even protect your data once a device is physically outside of the premises. Here’s how:

It’s commonly known that single sign-on (SSO) reduces risk associated with poor password practices and improves security posture. But not all single sign-on solutions are created equally. This blog will go over highlights from our webinar on Legacy v.s Modern SSO, which is available on-demand here.