Security News

LinkedIn Spear-Phishing Campaign Targets Job Hunters
2021-04-05 19:46

A threat group called Golden Chickens is delivering the fileless backdoor more eggs through a spear-phishing campaign targeting professionals on LinkedIn with fake job offers, according to researchers at eSentire. "Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more eggs."

LinkedIn is down for many, and we are not sure why
2021-02-23 19:14

LinkedIn is down for many users, including on the web and mobile, and we are not sure why. BleepingComputer has observed accessing LinkedIn shows obscure error messages to users around the world.

Phishers tricking users via fake LinkedIn Private Shared Document
2021-02-18 13:07

Phishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. The phishing message is delivered via LinkedIn's internal messaging system and looks like it has been sent by one of the victim's contacts.

Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes
2020-10-27 16:01

UPDATE. Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. When a user sends a link through, it renders a short summary and a preview image in-line in the chat, so other users don't have to click the link to see what it points to.

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison
2020-10-01 03:00

A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users.

Russian hacker, described as 'brilliant' by judge, gets seven years in a US clink for raiding LinkedIn, Dropbox
2020-09-30 20:15

A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring - and stealing data on over 200 million users - has been sent down for more than seven years. Yevgeniy Nikulin was sentenced to 88 months in an American prison by a federal court in San Francisco this week though the judge in this case, William Alsup, was surprisingly kind about the 32-year-old Russian.

Russian Sentenced to Prison for Hacking LinkedIn, Dropbox
2020-09-30 12:11

A Russian national was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. The man, Yevgeniy Aleksandrovich Nikulin, who will turn 33 next month, was charged in 2016 for using stolen employee credentials to access without authorization the systems of LinkedIn, Dropbox and Formspring.

Charming Kitten Returns with WhatsApp, LinkedIn Effort
2020-08-31 18:46

The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links. To lend verisimilitude to their impersonations, the cybercriminals also set up fake LinkedIn profiles corresponding to the journalists' names, and have been sending out LinkedIn messages to corner victims as well.

Iranian Hackers Target Academic Researcher via WhatsApp, LinkedIn
2020-08-28 12:16

The hackers used a personalized URL, tailored to the victim's email address, to trick them into accessing the malicious link, and also attempted to send a malicious ZIP file to the victim. "Clearsky alerted 'Deutsche Welle' about the impersonation and the watering hole in their website. A 'Deutsche Welle' representative confirmed that the reporter which Charming Kitten impersonated, did not send any emails to the victim nor any other academic researcher in Israel in the past few weeks," the security firm says.

Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages
2020-08-25 14:46

The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages. Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide through LinkedIn messages sent to targets' personal LinkedIn accounts.