Security News

Fake Corsair job offers on LinkedIn push DarkGate malware
2023-10-20 12:48

A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. Recent examples of DarkGate's use include phishing attacks through Microsoft Teams that push the payload and leveraging compromised Skype accounts to send VBS scripts to trigger an infection chain leading to the malware.

LinkedIn Smart Links attacks return to target Microsoft accounts
2023-10-11 13:00

Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials. Smart Links are part of LinkedIn's Sales Navigator service, used for marketing and tracking, allowing Business accounts to email content using trackable links to determine who engaged with it.

LinkedIn users targeted in account hijacking campaign
2023-08-16 13:52

LinkedIn users are being targeted in an ongoing account hijacking campaign, are getting locked out of their accounts; the hacked accounts are held for ransom.Users discussing their compromised LinkedIn accounts.

LinkedIn accounts hacked in widespread hijacking campaign
2023-08-15 21:21

LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers. As reported today by Cyberint, many LinkedIn users have been complaining about the account takeovers or lockouts and an inability to resolve the problems through LinkedIn support.

Microsoft stashes nearly half a billion in case LinkedIn data drama hits
2023-06-02 15:28

Microsoft has warned investors about a "Non-public" draft decision by Irish regulators against LinkedIn for allegedly dodgy ad data practices, explaining it had set aside some cash to pay off any potential fine. The software giant said the funds were connected to a 2018 investigation by the Irish Data Protection Commission looking into whether LinkedIn's targeted advertising practices violated the the European Union's General Data Protection Regulation.

While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn
2023-04-14 10:14

As Elon Musk tears at Twitter's credibility by demanding businesses and individuals pay for their blue verification checks, Microsoft is pushing ts own free digital ID technology to companies and their employees on LinkedIn. Verified ID is a managed identify verification service that is part of Microsoft's Entra product portfolio, an umbrella unit created last year that covers all of the vendor's identity and access capabilities.

LinkedIn now allows you to verify your workplace
2023-04-13 10:01

To combat the surge of fake LinkedIn accounts in recent years, Microsoft has introduced Entra Verified ID, a new feature that allows users to verify their workplace on the business-focused social media platform. "As the credential holder, the employee can decide to share their credential with apps and websites, such as LinkedIn. Then the verifier can cryptographically authenticate that the digital employee ID is genuine and was issued by the place of work the employee claims. This approach represents a more secure, convenient, and trustworthy way to verify digital information at scale."

Security researchers targeted with new malware via job offers on LinkedIn
2023-03-10 17:48

A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. Mandiant says the particular group has previously targeted tech firms, media groups, and entities in the defense industry.

LinkedIn's new security features combat fake profiles, threat actors
2022-10-26 18:40

LinkedIn has introduced three new features to fight fake profiles and malicious use of the platform, including a new method to confirm whether a profile is authentic by showing whether it has a verified work email or phone number. Over the past couple of years, LinkedIn has become heavily abused by threat actors to initiate communication with targets to distribute malware, perform cyberespionage, steal credentials, or conduct financial fraud.

Microsoft warns of North Korean crew posing as LinkedIn recruiters
2022-09-30 05:53

Microsoft has claimed a North Korean crew poses as LinkedIn recruiters to distribute poisoned versions of open source software packages. Dubbed "ZINC", the threat actors have previously run long-term phishing schemes targeting media, defence and aerospace, and IT services organizations in the US, UK, India, and Russia.