#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

LinkedIn | Breaking Cybersecurity News | The Hacker News

North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns

North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns

Nov 22, 2023 Cyber Espionage / Social Engineering
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks aims to "infect software developers with malware through a fictitious job interview," the latter is designed for financial gain and espionage. "The first campaign's objective is likely cryptocurrency theft and using compromised targets as a staging environment for additional attacks," the cybersecurity company  said . The fraudulent job-seeking activity, on the other hand, involves the use of a GitHub repository to host resumes with forged identities that impersonate individuals of various nationalities. The Contagious Interview attacks pave the way for two hitherto undocumented cross-plat
Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

Oct 20, 2023 Malware / Cyber Attack
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous  Ducktail stealer . "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace," WithSecure  said  in a report published today. "Threat actors are able to acquire and use multiple different tools for the same purpose, and all they have to do is come up with targets, campaigns, and lures." The development comes amid an  uptick in malware campaigns  using DarkGate in recent months, primarily driven by its author's decision to rent it out on a malware-as-a-service (MaaS) basis to other threat actors after using it privately since 2018. It's not just DarkGate and Ducktail, for the Vietnamese threat actor cluster responsible for these campaigns is leveraging same or very similar lures, themes, targeting, and delivery methods to also deliver  L
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

Jul 05, 2023 Critical Infrastructure Security
A sophisticated stealer-as-a-ransomware threat dubbed  RedEnergy  has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The .NET malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities," Zscaler researchers Shatak Jain and Gurkirat Singh  said  in a recent analysis. The objective, the researchers noted, is to couple data theft with encryption with the goal of inflicting maximum damage to the victims. The starting point for the multi-stage attack is a  FakeUpdates  (aka SocGholish) campaign that tricks users into downloading JavaScript-based malware under the guise of web browser updates. What makes it novel is the use of reputable LinkedIn pages to target victims, redirecting users clicking on the website URLs to a bogus lan
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job

Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job

Apr 20, 2023 Linux / Cyber Attack
The notorious North Korea-aligned state-sponsored actor known as the  Lazarus Group  has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name  Operation Dream Job , ESET said in a  new report  published today. The findings are crucial, not least because it marks the first publicly documented example of the adversary using Linux malware as part of this social engineering scheme. Operation Dream Job , also known as  DeathNote or NukeSped , refers to multiple attack waves wherein the group leverages fraudulent job offers as a lure to trick unsuspecting targets into downloading malware. It also  exhibits overlaps  with two other Lazarus clusters known as Operation In(ter)ception and Operation North Star. The attack chain discovered by ESET is no different in that it delivers a fake HSBC job offer as a decoy within a ZIP archive file that's then used to launch a Linux backdoor named SimplexTea
Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

Apr 21, 2022
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers . "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting jobseekers with fake job offers," eSentire's research and reporting lead, Keegan Keplinger, said in a statement . The Canadian cybersecurity company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a U.S.-based aerospace company, an accounting business located in the U.K., a law firm, and a staffing agency, both based out of Canada. The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider ), is a stealthy, modular backdoor suite capable
Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers

Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers

Apr 06, 2021
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles. "For example, if the LinkedIn member's job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the 'position' added to the end)," cybersecurity firm eSentire's Threat Response Unit (TRU)  said  in an analysis. "Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs." Campaigns delivering more_eggs using the  same modus operandi  have been spotted at least since 2018, with the backdo
Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

Oct 01, 2020
A Russian hacker who was found guilty of  hacking LinkedIn ,  Dropbox , and Formspring over eight years ago has finally been  sentenced  to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users. Between March and July 2012, Nikulin hacked into the computers of LinkedIn,  Dropbox, and Formspring , and installed malware on them, which allowed him to remotely download user databases of over  117 Million LinkedIn  users and more than  68 Million Dropbox  users. According to the prosecutor, Nikulin also worked with unnamed co-conspirators of a Russian-speaking cybercriminal forum to sell customer data he stole as a result of his hacks. Besides hacking into the three social media firms, Nikulin
Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

Jun 17, 2020
Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money. The campaign, dubbed " Operation In(ter)ception " because of a reference to "Inception" in the malware sample, took place between September to December 2019, according to a new report cybersecurity firm ESET shared with The Hacker News. "The primary goal of the operation was espionage," the researchers told The Hacker News. "However, in one of the cases we investigated, the attackers tried to monetize access to a victim's email account through a business email compromise (BEC) attack as the final stage of the operation." The financial motivation behind the attacks, coupled with similarities in targeting and development environment, have led ESET to suspect Laz
Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

Oct 31, 2019
Two grey hat hackers have pleaded guilty to blackmailing Uber , LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016. In a San Jose courthouse in California on Wednesday, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto admitted they accessed and downloaded confidential corporate databases on Amazon Web Services using stolen credentials. After downloading the data, the duo contacted affected companies to report security vulnerabilities and demanded money in exchange for the deletion of the data, according to a press release published by the US Justice Department. "I was able to access backups upon backups, me and my team would like a huge reward for this," the hackers said to the victim company in an email. "Please keep in mind, we expect a big payment as this was hard work for us, we already helped a big corp which paid close to 7 digits, all
Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Apr 21, 2018
Not just Facebook , a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address, ZIP code, company and job title, with a single click. In general, the AutoFill button only works on specifically "whitelisted websites," but 18-year-old security researcher Jack Cable of Lightning Security said it is not just the case. Cable discovered that the feature was plagued with a simple yet important security vulnerability that potentially enabled any website (scrapers) secretly harvest user profile data and the user would not even realize of the event. A legitimate website would likely place a AutoFill button near the fields the button can fill, but accordin
Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Jul 31, 2017
Reportedly, at least one senior cyber security analyst working with Mandiant, a Virginia-based cybersecurity firm owned by the FireEye, appears to have had its system compromised by hackers, exposing his sensitive information on the Internet. On Sunday, an anonymous group of hackers posted some sensitive details allegedly belonged to Adi Peretz , a ‎Senior Threat Intelligence Analyst at Mandiant, claiming they have had complete access to the company's internal networks since 2016. The recent hack into Mandiant has been dubbed Operation # LeakTheAnalyst . Further Leaks from Mandiant Might Appear The hackers have leaked nearly 32 megabytes of data—both personal and professional—belonging to Peretz on Pastebin as proof, which suggests they have more Mandiant data that could be leaked in upcoming days. "It was fun to be inside a giant company named "Mandiant" we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse
LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

May 31, 2017
The alleged Russian hacker, who was arrested by the Czech police in Prague last October on suspicion of massive 2012 data breach at LinkedIn, can be extradited to either the United States or Russia, a Czech court ruled on Tuesday. Yevgeniy Aleksandrovich Nikulin , a 29-years-old Russian national, is accused of allegedly hacking not just LinkedIn , but also the online cloud storage platform Dropbox , and now-defunct social-networking company Formspring. However, he has repeatedly denied all accusations. Nikulin was arrested in Prague on October 5 by the Czech police after Interpol issued an international arrest warrant against him. Nikulin appeared at a court hearing held inside a high-security prison in Prague on Tuesday and emaciated after eight months in solitary confinement. The court ruling, pending appeals, left the final decision in the hands of Czech Justice Minister Robert Pelikan, who can approve extradition to one of the countries and block the other. The United
Cloud-AI: Artificially Intelligent System Found 10 Security Bugs in LinkedIn

Cloud-AI: Artificially Intelligent System Found 10 Security Bugs in LinkedIn

Jan 24, 2017
2017 is the year of Artificial Intelligence (A.I.), Big Data, Virtual Reality (VR) and Cyber Security with major companies like Google, Facebook, Apple, IBM and Salesforce and technology pioneers like SpaceX founder Elon Musk investing in these hot technologies. Since everyone seems to be talking about the hottest trend — artificial intelligence and machine learning — broadly, 62 percent of large enterprises will be using AI technologies by 2018, says a report from Narrative Science. But why AI is considered to be the next big technology? Because it can enhance and change everything about the way we think, interact, manufacture and deliver. Last year, we saw a significant number of high-profile hacks targeting big organizations, governments, small enterprises, and individuals — What's more worrisome? It's going to get worse, and we need help. No doubt, we, the human, can find vulnerabilities but can not analyze millions of programs with billions of lines of codes at o
Russian Court bans LinkedIn in Russia; Facebook and Twitter Could be Next

Russian Court bans LinkedIn in Russia; Facebook and Twitter Could be Next

Nov 12, 2016
As reported late October, the world's largest online professional network LinkedIn is going to ban in Russia beginning Monday following a Moscow court decision this week that found Microsoft-owned LinkedIn to be in violation of the country's data protection laws. Here's why LinkedIn is facing ban in Russia: In July 2014, Russia approved amendments to the Russian Personal Data Law that came into force on 1st September 2015, under which foreign tech companies were required to store the personal data of its citizens within the country. Legislation put in place for protecting its citizens' data from the NSA's worldwide surveillance revealed by whistleblower Edward Snowden. The Russian state's federal media regulator, known as Roskomnadzor, is now threatening to block any company that stored its citizens' personal data on non-Russian servers. Facebook and Twitter could be Next to Get BLOCKED! Not just LinkedIn, even other bigger companies, includ
LinkedIn to get Banned in Russia for not Complying with Data Localization Law

LinkedIn to get Banned in Russia for not Complying with Data Localization Law

Oct 26, 2016
The world's largest online professional network LinkedIn could face a ban in Russia after the company has failed to comply with a Russian data localization law that compels companies to keep data on Russian users in their country. If you are not aware, LinkedIn is the only major social network which is not banned in China, because the company agreed to cooperate with the Chinese government and remove controversial content. However, LinkedIn could be the first social network in Russia to be blocked by the Russian state's federal media regulator, called Roskomnadzor, for not complying with the rules. In July 2014, the Russia approved amendments to the Russian Personal Data Law which came into force in 1st September 2015, under which foreign tech companies were required to store the personal data of its citizens within the country. However, Russia was not the first country to enforce such law on foreign tech companies. A few months ago, Iran also imposed new regulations
Breaking — Russian Hacker Responsible for LinkedIn Data Breach Arrested by FBI

Breaking — Russian Hacker Responsible for LinkedIn Data Breach Arrested by FBI

Oct 19, 2016
The alleged Russian hacker arrested by the FBI in collaboration with the Czech police is none other than the hacker who was allegedly responsible for massive 2012 data breach at LinkedIn , which affected nearly 117 Million user accounts. Yevgeniy N , 29-year-old Russian hacker was arrested in Prague on October 5 suspected of participating in conducting cyber-attacks against the United States, according to Reuters . Earlier it was suspected that the hacker could be involved in hacking against the  Democratic National Committee  (DNC), or its presidential candidate Hillary Clinton , intended to influence the presidential election. However, the latest statement released by LinkedIn suggests that the arrest was related to a 2012 data breach at the social network that exposed emails and hashed password of nearly 117 Million users. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this
Breaking: Microsoft to buy LinkedIn for $26.2 BILLLLLION

Breaking: Microsoft to buy LinkedIn for $26.2 BILLLLLION

Jun 13, 2016
Breaking News for today: Microsoft has announced that it is planning to acquire LinkedIn, the social network for professionals, for $26.2 Billion in cash. Yes, Microsoft announced today that it would buy LinkedIn for $196 per share in an all-cash transaction valued at $26.2 BILLLLLLION. It is so far the biggest acquisition made by Microsoft, which has made 8 takeovers, including Skype in 2011 and Nokia in 2013, worth more than $1 Billion. According to the tech giant, LinkedIn will retain its own brand and product, and also LinkedIn's existing CEO Jeff Weiner will remain as the company's chief executive. LinkedIn will now become a part of Microsoft's productivity, and business processes segment and Weiner will report directly to Microsoft CEO Satya Nadella. Here's what Nadella said about the deal: "The LinkedIn team has grown a fantastic business centered on connecting the world's professionals. Together we can accelerate the growth of Linked
Hacker puts up 167 Million LinkedIn Passwords for Sale

Hacker puts up 167 Million LinkedIn Passwords for Sale

May 18, 2016
LinkedIn's 2012 data breach was much worse than anybody first thought. In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker. Now, it turns out that it was not just 6 Million users who got their login details stolen. Latest reports emerged that the 2012's LinkedIn data breach may have resulted in the online sale of sensitive account information, including emails and passwords, of about 117 Million LinkedIn users. Almost after 4 years, a hacker under the nickname "Peace" is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users. The hacker, who is selling the stolen data on the illegal Dark Web marketplace " The Real Deal " for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming th
LinkedIn iOS app HTML Message Parsing Vulnerability

LinkedIn iOS app HTML Message Parsing Vulnerability

Dec 10, 2013
LinkedIn's iOS application is prone to a vulnerability that may permit remote attackers to execute arbitrary code. Security Researcher Zouheir Abdallah  has disclosed HTML parsing vulnerability in LinkedIn iOS an app, that can be used to phish for credentials or be escalated into a full blown attack. LinkedIn's vulnerability occurs when the messaging feature of LinkedIn's mobile app parses invalid HTML and an attacker can exploit this vulnerability remotely from his/her account, which could have serious impact on LinkedIn's users.  He created Proof of concept of the flaw and submitted it to the LinkedIn Security team in September 2013. Later in October 2013, the vulnerable application was patched. One of the possible attack vector is that, using this vulnerability attacker can easily phish LinkedIn user on iOS app. As shown in the screenshot, POC message says: Hey, Can you please view my LinkedIn profile and endorse me! Thanks! I appreciate it! The iOS app will d
'LinkedIn Intro' iOS app can read your emails in iPhone

'LinkedIn Intro' iOS app can read your emails in iPhone

Oct 25, 2013
Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro ' LinkedIn Intro '. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn. Basically, to use the service, a LinkedIn user must route all of their emails (any provider i.e. Hotmail, Gmail, Yahoo, etc.) through LinkedIn's 'Intro' servers, which will inject fancy business centric HTML profile right in your emails, as shown. But this also means that LinkedIn is now able to read the complete content of your emails and also can store the passwords to users' external email accounts. The feature is enough to destroy the security and privacy of your mails. Another point to be noted that, Apple does not provide any APIs or frameworks for developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a ' man in the middle ' by inter
Cybersecurity Resources