Security News

North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure
2020-08-25 09:25

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records
2020-07-14 01:07

The Russian hacker accused of raiding LinkedIn, Dropbox and Formspring, and obtaining data on 213 million user accounts, has been found guilty. The jury reckoned Nikulin probably swiped the LinkedIn account details, all 117 million of them, for commercial gain, though they didn't think greed played a role in his theft of 28 million account records from Formspring and 68 million from Dropbox.

Sueball locked, loaded and pointed at LinkedIn over iOS privacy naughtiness
2020-07-13 13:56

Microsoft's social-media-for-suits tentacle, LinkedIn, has attracted legal fire for allegedly peering at the clipboard of iOS devices. As well as doubtless making the podcast app a bit worse, the upcoming version of Apple's mobile OS also features a bunch of privacy features, including a notification telling the user when an app is reading from the device's clipboard.

Russian Found Guilty of Hacking LinkedIn, Formspring, Dropbox
2020-07-13 12:53

A Russian national accused of hacking into online platforms LinkedIn, Formspring, and Dropbox was found guilty by a United States jury last week. The man, Yevgeniy Aleksandrovich Nikulin, 32, was arrested in 2016 in the Czech Republic, and remained incarcerated there for two years, before being extradited to the U.S. In 2016, U.S. authorities charged Nikulin with accessing without authorization the systems of LinkedIn, Dropbox and Formspring in 2012, using stolen employee credentials.

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs
2020-06-22 12:35

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30.

LinkedIn ‘Job Offers’ Targets Aerospace, Military Firms With Malware
2020-06-17 09:30

Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn's messaging service. "To operate under the radar, the attackers frequently recompiled their malware, abused native Windows utilities and impersonated legitimate software and companies. To our knowledge, the custom malware used in Operation In(ter)ception hasn't been previously documented."

San Francisco trial of Russian bloke extradited and accused of hacking LinkedIn, Dropbox, Formspring stalls again amid pandemic lockdown
2020-04-28 22:22

The man accused of hacking LinkedIn, Dropbox and the Formspring Q&A forum, and later selling the stolen data of hundreds of millions of users, has seen his trial disrupted a third time by the coronavirus pandemic. At a hearing on Tuesday, Judge William Alsup again delayed the US trial of alleged Russian hacker Yevgeniy Nikulin until June 1; the third such delay since the COVID-19 virus appeared in San Francisco, where proceedings are unfolding.

Zoom Removes Data-Mining LinkedIn Feature
2020-04-02 16:58

Zoom has nixed a feature that came under fire for "Undisclosed data mining" of users' names and email addresses, used to match them with their LinkedIn profiles. Zoom founder Eric Yuan said in a Wednesday post responding to the concerns that Zoom will freeze the development of its features and instead focusing on security and privacy issues.

Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty
2019-10-31 08:19

Two grey hat hackers have pleaded guilty to blackmailing Uber, LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in...

Watch out for this latest LinkedIn phish that’s ‘sent’ by a friend
2019-10-15 20:02

We recently showed you how crooks rip off social networking passwords - here's what they do with stolen accounts.