linkedin (10)


DEV#POPPER is a social engineering campaign that has been tracked recently by the Securonix Threat Research team.  Social engineering is a topic we have covered many times, but ultimately what it boils down to is that social engineering attacks are generally geared towards tricking victims into compromising themselves.  With that in mind, the primary target for the DEV#POPPER campaign appears to be software developers who are looking for work. 

Job interviews can be an effective cover for socia

10856609287?profile=RESIZE_400xLinkedIn has become a popular destination for threat actors trying to communicate with people for a variety of purposes, such as distributing malware, cyberespionage, credential stealing, financial fraud, etc.  One common approach to using LinkedIn by cyber criminals is to approach people using fake profile claiming to be a recruiter working at technology, defense, or media companies.  The North Korean-sponsored group Lazarus often engaged in these kinds of activities in order to propagate malwa

10475693668?profile=RESIZE_400xJust who are your LinkedIn connections?  LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cybercriminals in phishing attacks and an estimate of 52% of phishing attacks globally are focused on LinkedIn.  LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cybercriminals in phishing attacks

10068499668?profile=RESIZE_400xThe US Department of Justice, FBI's Internet Crime Center (IC3) is warning that scammers are exploiting verification weaknesses in job-focused networking sites to post legitimate looking ads, capture personal information and steal money from job seekers.  Scammers "continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money," authorities warn in a new public service announcement.  Se

9864834675?profile=RESIZE_400xNobody wants to believe they’ll fall for a scam.  Especially not any of you, my intelligent, savvy, and OPSEC-conscious friends!  Your radar is always on and carefully protecting your personal information, so you’d never click the link in that fortune-promising email, you’d never open an unexpected file attachment, and you’d certainly never send some stranger a document with your personal details on it, that’s inconceivable.  Or is it?  A recent blog post on explains the developm

9246407257?profile=RESIZE_192XAfter 500 million LinkedIn users were affected in a data-scraping incident in April 2021, it has happened again with big security consequences.  A new posting with 700 million LinkedIn records has appeared on a popular hacker forum.  Analysts from Privacy Sharks found the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.”  The dark web advertisement, posted 22 June 2021, claims that 700 million records are included in the cache, and included a sample of 1 million

8857017055?profile=RESIZE_400xTechRadar is reporting that the personal data of about 500 million LinkedIn users is being sold on a popular hacking forum.  Cyber security analysts discovered this evidence, which includes LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, and professional titles, and other work-related data.  On a good note, no associated passwords or payment data appear to have been affected.

LinkedIn boasts of nearly 740 millio

8789726084?profile=RESIZE_400xLinkedIn is a great portal to increase your professional network and there are actors who really want to connect with you and your connections.  Remember, people often look at mutual connections before accepting some on they do not know personally.  A casual acceptance can lend credibility to hackers’ requests to connect.

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineerin

8769967073?profile=RESIZE_400xA new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs."  More_eggs virus is a backdoor Trojan that is utilized by Cobalt Group and other criminal gangs to attack corporations and regular users More_eggs virus is a backdoor Trojan that was used by infamous cybercriminal group the Cobalt Group More_eggs is written in JavaScript programming language. To increase the odds


On 1 May 2019, Russian President Vladimir Putin signed “Internet sovereignty” bill.  New requirements to use ISPs to track traffic origin will likely force traffic decryption and support of internal censorship efforts.  In the future, Russia will develop its own DNS system to conduct special Internet controls.  Currently, LinkedIn is banned in Russia.  Russian national payment system, Mir, was developed after several Russian banks were denied services by US-based Visa and MasterCard.  Future st