Security News

EXCLUSIVE: Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer-no verification needed. "Anyone can post a job under a company's LinkedIn account and it appears exactly the same as a job advertised by a company."

Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability. TAG researchers discovered the Safari WebKit flaw, tracked as CVE-​2021-1879, on March 19.

Google security researchers shared more information on four security vulnerabilities, also known as zero-days, unknown before they discovered them being exploited in the wild earlier this year. The four security flaws were found by Google Threat Analysis Group and Google Project Zero researchers after spotting exploits abusing zero-day in Google Chrome, Internet Explorer, and WebKit, the engine used by Apple's Safari web browser.

A data set including information from 600 million LinkedIn users showed up for sale on a hacker forum this week. That's the third time in four months that scraped data from the networking site has been offered up for sale, according to a report from CyberNews.

The latest data scrape was discovered this week when threat actors posted the personal data contained in 700 million LinkedIn user profiles in the RaidForums underground market. This latest data scrape follows an April operation which exposed 500 million LinkedIn users.

Analysts from Privacy Sharks stumbled across the data put up for sale on RaidForums by a hacker calling himself "GOD User TomLiner." The advertisement, posted June 22, claims that 700 million records are included in the cache, and included a sample of 1 million records as "Proof." It contained an "Aggregation of data from a number of websites and companies" as well "Publicly viewable member profile data," LinkedIn said at the time.

The U.S. Supreme Court has granted LinkedIn another legal option to try to prevent rival hiQ Labs from scraping public information from its user profiles, something the Microsoft-owned professional networking platform has claimed is a violation of user privacy and a misuse of its data. The decision effectively vacates a 2019 ruling by the San Francisco-based U.S. 9th Circuit Court of Appeals barring LinkedIn from prohibiting hiQ access to publicly available information of LinkedIn's users, bouncing the case back to the lower court to hear again.

Microsoft is working on addressing an Office 365 issue that has resulted in legitimate emails sent from multiple domains getting tagged as malicious and quarantined. "Users having multiple issues related to email flow, links within email messages and the Microsoft Defender portal," Microsoft says in the Microsoft 365 admin center.

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning. Details were previewed in this morning's Times newspaper, which warned specifically of people with "Access to classified or sensitive information" being targeted by Britain's enemies.

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning. Details were previewed in this morning's Times newspaper, which warned specifically of people with "Access to classified or sensitive information" being targeted by Britain's enemies.