Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Linkedin. Show all posts
User Privacy
Chrome Extensions Data Breach Data Leak Linkedin User Privacy

LinkedIn Secretly Scans 6,000+ Chrome Extensions, Collects Device Data

 

LinkedIn is facing renewed scrutiny after a report alleged that its website secretly scans browsers for more than 6,000 Chrome extensions and collects device data tied to user profiles . The company says the detection is meant to identify scraping and other policy-violating extensions, not to infer sensitive personal information.

LinkedIn’s critics say the practice goes far beyond basic security checks because the platform can connect extension data to real identities, employers, and job roles. That makes the scanning especially controversial, since the results could reveal which tools workers or companies use, including products that compete with LinkedIn’s own sales offerings.

BleepingComputer said it independently confirmed part of the behavior during testing, observing a LinkedIn-loaded JavaScript file with a randomized name that checked for 6,236 browser extensions . The script reportedly did this by probing extension-related file resources, a known method for determining whether specific extensions are installed . 

The report also says the script gathers broader browser and device details, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features . That kind of data can contribute to browser fingerprinting, which may allow websites to build a more unique profile of a visitor across sessions . 

LinkedIn, however, rejects the allegation that it is using the data to profile users in a harmful way . The company says it looks for extensions that scrape data without consent or violate its terms, and that it uses the findings to improve defenses and protect site stability . The dispute also appears to be tied to a broader legal fight involving a LinkedIn-related browser extension developer, with LinkedIn pointing to a German court ruling that sided with the company .
Read more »
LinkedIn Users
Cyber Security Cybersecurity Jobs Fake Job Fake Job Ads Linkedin Linkedin Hacks LinkedIn Users

How to Spot and Avoid LinkedIn Scams: A Complete Guide to Staying Safe Online

 

Most people trust LinkedIn for connecting careers, finding jobs, or growing businesses - yet that very trust opens doors for fraudsters. Because profiles often reveal detailed backgrounds, attackers pull facts straight from bios to craft believable tricks. Spotting odd requests or sudden offers helps block risks before they grow. Awareness matters, especially when messages seem too eager or oddly timed. 

Most people come across false job listings on LinkedIn at some point. Fake recruiter accounts tend to advertise positions offering large salaries, little work, fast placement, or overseas moves. Often, these deals turn out poorly once applicants get asked for private details or required to cover costs like setup fees, instruction modules, or tools. A different but frequent method relies on deceptive messages that mimic real notifications from the platform - these contain harmful web addresses meant to capture account passwords and access codes. 

One way attackers operate now involves tailored tactics, including spear-phishing. Studying someone's online activity helps them design messages appearing genuine and familiar. Sometimes these interactions shift from LinkedIn to apps such as WhatsApp or Telegram, avoiding detection more easily. Moving communication elsewhere raises serious concerns - it typically precedes deeper manipulation. Another trend gaining ground includes scams based on fake investments or romantic connections; here, confidence grows slowly until false money offers appear, frequently tied to digital currency. Watch out for certain red flags when using professional platforms. 

When messages push you to act fast, promise big rewards, or ask for private data, stay cautious. A profile showing few contacts, missing background, or odd job timelines might not be genuine. Confirm who you're dealing with by checking corporate sites - this basic move often gets ignored. Start smart - shielding your online presence begins with straightforward habits. Click only trusted links, since risky ones open doors to trouble. Two-step login adds a layer of safety, making breaches harder. Strong passwords matter; reusing them weakens protection. 

Staying inside LinkedIn messages helps keep exchanges secure. Sharing less personal detail lowers exposure quietly. Privacy controls fine-tune who sees what - adjust them often. Safety grows when small steps add up behind the scenes. Right away, cut contact if something feels off - then alert LinkedIn about the account. 

When financial data might be exposed, changing passwords fast becomes key, while also warning your bank without delay. Even as the platform expands, threats rise at the same pace, which means staying alert matters more than any tool. Awareness acts quietly but powerfully, standing between safety and harm.
Read more »
Linkedin
Corporate Cyber Crime Fake Job Job Scam Linkedin

Threat Actors Pose As Remote IT Workers on LinkedIn to Hack Companies


The IT workers related to the Democratic People's Republic of Korea (DPRK) are now applying for remote jobs using LinkedIn accounts of other individuals. This attack tactic is unique. 

According to the Security Alliance (SEAL) post on X, "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent applications appear legitimate.”

The IT worker scare has been haunting the industry for a long time. It originates from North Korea, the threat actors pose as remote workers to get jobs in Western organizations and other places using fake identities. The scam is infamous as Wagemole, PurpleDelta, and Jasper Sleet. 

The end goal?

To make significant income to fund the country’s cyber espionage operations, weapons programs, and also conduct ransomware campaigns. 

In January, cybersecurity firm Silent Push said that the DPRK remote worker program is a “high-volume revenue engine" for the country, allowing the hackers to gain administrative access to secret codebases and also get the perks of corporate infrastructure.  

Once the threat actors get their salaries, DPRK IT workers send cryptocurrency via multiple money laundering techniques. 

Chain-hopping and/or token swapping are two ways that IT professionals and their money laundering colleagues sever the connection between the source and destination of payments on the chain. To make money tracking more difficult, they use smart contracts like bridge protocols and decentralized exchanges.

What should individuals do?

To escape the threat, users who think their identities are being stolen in fake job applications should post a warning on their social media and also report on official communication platforms. SEAL advises to always “validate that accounts listed by candidates are controlled by the email they provide. Simple checks like asking them to connect with you on LinkedIn will verify their ownership and control of the account.”

The news comes after the Norwegian Police Security (PST) released an advisory, claiming to be aware of "several cases" in the last 12 months in which IT worker schemes have affected Norwegian companies. 

PST reported last week that “businesses have been tricked into hiring what are likely North Korean IT workers in home office positions. The salary income North Korean employees receive through such positions probably goes to finance the country's weapons and nuclear weapons program.”

Read more »
profile
Data Breach Data Leak database Linkedin Personal Data profile

LinkedIn Profile Data Among Billions of Records Found in Exposed Online Database

 



Cybersecurity researchers recently identified a massive online database that was left publicly accessible without any security protections, exposing a vast collection of professional and personal information. The database contained more than 16 terabytes of data, representing over 4.3 billion individual records that could be accessed without authorization.

Researchers associated with Cybernews reported that the exposed dataset is among the largest lead-generation style databases ever discovered online. The information appears to be compiled from publicly available professional profiles, including data commonly found on LinkedIn, such as profile handles, URLs, and employment-related details.

The exposed records included extensive personal and professional information. This ranged from full names, job titles, employer names, and work histories to education records, degrees, certifications, skills, languages, and location data. In some cases, the datasets also contained phone numbers, email addresses, social media links, and profile images. Additional information related to corporate relationships and contract-linked data was also present, suggesting the dataset was built for commercial or business intelligence purposes.

Investigators believe the data was collected gradually over several years and across different geographic regions. The database was stored in a MongoDB instance, a system commonly used by organizations to manage large volumes of information efficiently. While MongoDB itself is widely used, leaving such databases unsecured can expose sensitive information at scale, which is what occurred in this incident.

The exposed database was discovered on November 23 and secured approximately two days later. However, researchers were unable to determine how long the data had been accessible before it was identified. The exposure is believed to have resulted from misconfiguration or human error rather than a deliberate cyberattack, a common issue in cloud-based data storage environments.

Researchers noted that the database was highly organized and structured, indicating the information was intentionally collected and maintained. Based on its format, the data also appears to be relatively current and accurate.

Such large datasets are particularly attractive to cybercriminals. When combined with automated tools or large language models, this information can be used to conduct large-scale phishing campaigns, generate fraudulent emails, or carry out targeted social engineering attacks against individuals and corporate employees.

Security experts recommend that individuals take precautionary measures following incidents like this. This includes updating passwords for professional networking accounts such as LinkedIn, email services, and any connected financial accounts. Users should also remain cautious of unexpected emails, messages, or phone calls that attempt to pressure them into sharing personal information or clicking unknown links.

Although collecting publicly available data is not illegal in many jurisdictions, failing to properly secure a database of this size may carry legal and regulatory consequences. At present, the ownership and purpose of the database remain unclear. Further updates are expected if more information becomes available or accountability is established.

Read more »
Spear Phishing
Cyber Security Emails Google Ads Identity Theft Linkedin links phishing Spear Phishing

Phishing Expands Beyond Email: Why New Tactics Demand New Defences

 


Phishing has long been associated with deceptive emails, but attackers are now widening their reach. Malicious links are increasingly being delivered through social media, instant messaging platforms, text messages, and even search engine ads. This shift is reshaping the way organisations must think about defence.


From the inbox to every app

Work used to be confined to company networks and email inboxes, which made security controls easier to enforce. Today’s workplace is spread across cloud platforms, SaaS tools, and dozens of communication channels. Employees are accessible through multiple apps, and each one creates new openings for attackers.

Links no longer arrive only in email. Adversaries exploit WhatsApp, LinkedIn, Signal, SMS, and even in-app messaging, often using legitimate SaaS accounts to bypass email filters. With enterprises relying on hundreds of apps with varying security settings, the attack surface has grown dramatically.


Why detection lags behind

Phishing that occurs outside email is rarely reported because most industry data comes from email security vendors. If the email layer is bypassed, companies must rely heavily on user reports. Web proxies offer limited coverage, but advanced phishing kits now use obfuscation techniques, such as altering webpage code or hiding scripts to disguise what the browser is actually displaying.

Even when spotted, non-email phishing is harder to contain. A malicious post on social media cannot be recalled or blocked for all employees like an email. Attackers also rotate domains quickly, rendering URL blocks ineffective.


Personal and corporate boundaries blur

Another challenge is the overlap of personal and professional accounts. Staff routinely log into LinkedIn, X, WhatsApp, or Reddit on work devices. Malicious ads placed on search engines also appear credible to employees browsing for company resources.

This overlap makes corporate compromise more likely. Stolen credentials from personal accounts can provide access to business systems. In one high-profile incident in 2023, an employee’s personal Google profile synced credentials from a work device. When the personal device was breached, it exposed a support account linked to more than a hundred customers.


Real-world campaigns

Recent campaigns illustrate the trend. On LinkedIn, attackers used compromised executive accounts to promote fake investment opportunities, luring targets through legitimate services like Google Sites before leading them to phishing pages designed to steal Google Workspace credentials.

In another case, malicious Google ads appeared above genuine login pages. Victims were tricked into entering details on counterfeit sites hosted on convincing subdomains, later tied to a campaign by the Scattered Spider group.


The bigger impact of one breach

A compromised account grants far more than access to email. With single sign-on integrations, attackers can reach multiple connected applications, from collaboration tools to customer databases. This enables lateral movement within organisations, escalating a single breach into a widespread incident.

Traditional email filters are no longer enough. Security teams need solutions that monitor browser behaviour directly, detect attempts to steal credentials in real time, and block attacks regardless of where the link originates. In addition, enforcing multi-factor authentication, reducing unnecessary syncing across devices, and educating employees about phishing outside of email remain critical steps.

Phishing today is about targeting identity, not just inboxes. Organisations that continue to see it as an email-only problem risk being left unprepared against attackers who have already moved on.


Read more »
recruiters
Authenticity Identity Theft Job Search Linkedin Online Scams recruiters

Think That Job Offer on LinkedIn Is Real? Not Without This Badge

 






LinkedIn has taken a major step toward improving online safety by extending its identity verification feature beyond its own platform. This update is part of the company’s ongoing efforts to help users avoid fake profiles and internet scams, especially in professional spaces.


Verification Now Available Outside LinkedIn

Last year, LinkedIn introduced a system that allowed users to confirm their identity, work history, or education. This could be done by uploading a government ID, using a work email, or verifying through trusted services like Microsoft Entra or CLEAR. Once verified, a small badge appeared on the user’s profile to show they were a real person.

Now, that same badge can be used on other websites too. Platforms like Adobe’s Content Authenticity tool and Behance now support LinkedIn verification. This means that designers, freelancers, and other professionals can show proof of their LinkedIn verification outside the site, helping build trust wherever they share their work.


Fake Profiles: A Growing Problem

Online scams that involve fake identities are a serious issue, especially on business-focused platforms like LinkedIn. Criminal groups often create false accounts pretending to be recruiters or professionals. These accounts are then used to reach out to real users and trick them into clicking malicious links or sharing personal information.

One major example involved a hacker group from North Korea, known as Lazarus. They created a fake LinkedIn profile and pretended to be offering a job to a blockchain developer. During the interview process, the developer was unknowingly sent harmful software, which was used to steal around $600 million worth of cryptocurrency. Experts called this series of attacks “Operation DreamJob.”

In other cases, scammers even created fake developer identities to get hired by real companies. Once inside, they used their access to collect private company data.


More Protection for Job Seekers

In response to these risks, LinkedIn has also added a feature to confirm whether a recruiter is legitimate. Verified recruiters now have a special checkmark on their profiles, making it easier for job seekers to know who they can trust.


What This Means for Users

These new steps help users feel safer while networking or job hunting online. The verification badge shows others that the person they are talking to has been confirmed by LinkedIn, either as a real employee, job seeker, or recruiter. By making this system available on other platforms, LinkedIn is helping more people protect their identities and avoid falling for fake offers or scams.

Read more »
python
Blockchain cryptocurrency Cyber Attacks Cybersecurity GitHub Hacker JavaScript Linkedin malware python

North Korean Hacker Group Targets Cryptocurrency Developers via LinkedIn

 

A North Korean threat group known as Slow Pisces has launched a sophisticated cyberattack campaign, focusing on developers in the cryptocurrency industry through LinkedIn. Also referred to as TraderTraitor or Jade Sleet, the group impersonates recruiters offering legitimate job opportunities and coding challenges to deceive their targets. In reality, they deliver malicious Python and JavaScript code designed to compromise victims' systems.

This ongoing operation has led to massive cryptocurrency thefts. In 2023 alone, Slow Pisces was tied to cyber heists exceeding $1 billion. Notable incidents include a $1.5 billion breach at a Dubai exchange and a $308 million theft from a Japanese firm. The attackers typically initiate contact by sending PDFs containing job descriptions and later provide coding tasks hosted on GitHub. Although these repositories mimic authentic open-source projects, they are secretly altered to carry hidden malware.

As victims work on these assignments, they unknowingly execute malicious programs like RN Loader and RN Stealer on their devices. These infected projects resemble legitimate developer tools—for instance, Python repositories that claim to analyze stock market data but are actually designed to communicate with attacker-controlled servers.

The malware cleverly evades detection by using YAML deserialization techniques instead of commonly flagged functions like eval or exec. Once triggered, the loader fetches and runs additional malicious payloads directly in memory, making the infection harder to detect and eliminate.

One key malware component, RN Stealer, is built to extract sensitive information, including credentials, cloud configuration files, and SSH keys, especially from macOS systems. JavaScript-based versions of the malware behave similarly, leveraging the Embedded JavaScript templating engine to conceal harmful code. This code activates selectively based on IP addresses or browser signatures, targeting specific victims.

Forensic investigations revealed that the malware stores its code in hidden folders and uses HTTPS channels secured with custom tokens to communicate. However, experts were unable to fully recover the malicious JavaScript payload.

Both GitHub and LinkedIn have taken action against the threat.

"GitHub and LinkedIn removed these malicious accounts for violating our respective terms of service. Across our products, we use automated technology, combined with teams of investigation experts and member reporting, to combat bad actors and enforce terms of service. We continue to evolve and improve our processes and encourage our customers and members to report any suspicious activity," the companies said in a joint statement.

Given the increasing sophistication of these attacks, developers are urged to exercise caution when approached with remote job offers or coding tests. It is recommended to use robust antivirus solutions and execute unknown code within secure, sandboxed environments, particularly when working in the high-risk cryptocurrency sector.

Security experts advise using trusted integrated development environments (IDEs) equipped with built-in security features. Maintaining a vigilant and secure working setup can significantly lower the chances of falling victim to these state-sponsored cyberattacks.
Read more »
X
Apple lazarus Linkedin macOS malware Microsoft X

Lazarus Gang Targets Job Seekers to Install Malware

Lazarus Gang Targets Job Seekers to Install Malware

North Korean hackers responsible for Contagious Interview are trapping job seekers in the cryptocurrency sector by using the popular ClickFix social-engineering attack strategy. They aimed to deploy a Go-based backdoor— earlier undocumented— known as GolangGhost on Windows and macOS systems. 

Hackers lure job seekers

The latest attack, potentially a part of a larger campaign, goes by the codename ClickFake Interview, according to French cybersecurity company Sekoia. Aka DeceptiveDeployment, DEV#POPPER, and Famoys Chollima; Contagious Interview has been active since December 2022, however, it was publicly reported only after late 2023. 

The attack uses legitimate job interview sites to promote the ClickFix tactic and deploy Windows and MacOS backdoors, said Sekoia experts Amaury G., Coline Chavane, and Felix Aimé, attributing the attack to the notorious Lazarus Group. 

Lazarus involved

One major highlight of the campaign is that it mainly attacks centralized finance businesses by mimicking firms like Kraken, Circle BlockFi, Coinbase, KuCoin, Robinhood, Tether, and Bybit. Traditionally, Lazarus targeted decentralized finance (DeFi) entities. 

Attack tactic explained

Like Operation Dream Job, Contagious Interview also uses fake job offers as traps to lure potential victims and trick them into downloading malware to steal sensitive data and cryptocurrency. The victims are approached via LinkedIn or X to schedule a video interview and asked to download malware-laced video conference software that triggers the infection process. 

Finding of Lazarus ClickFix attack

Security expert Tayloar Monahan first reported the Lazarus Group’s use of ClickFix in late 2022, saying the attack chains led to the installment of a malware strain called FERRET that delivered the Golang backdoor. In this malware campaign, the victims are prompted to use a video interview, ‘Willow,’ and do a sell video assessment. 

The whole process is carefully built to gain users and “proceeds smoothly until the user is asked to enable their camera,” Sekoia said. At this stage, an “error message appears, indicating that the user needs to download a driver to fix the issue. This is where the operator employs the ClickFix technique," adds Sekoia. 

Different attack tactics for Windows and MacOS users

The prompts given to victims may vary depending on the OS. For Windows, victims are asked to open the Command Prompt and run a curl command to perform a Visual Basic Script (VBS) file to launch a basic script to run GolanGhost. MacOS victims are prompted to open the Terminal app and perform a curl command to run a malicious shell script, which then runs another shell script that runs a stealer module called FROSTYFERRET—aka ChromwUpdateAlert— and the backdoor. 

Read more »
X
AI Algorithm Chatbot copyright Data FTC Grok Linkedin personalization Privacy Snapchat Social Media Technology training user content X

Social Media Content Fueling AI: How Platforms Are Using Your Data for Training

 

OpenAI has admitted that developing ChatGPT would not have been feasible without the use of copyrighted content to train its algorithms. It is widely known that artificial intelligence (AI) systems heavily rely on social media content for their development. In fact, AI has become an essential tool for many social media platforms.

For instance, LinkedIn is now using its users’ resumes to fine-tune its AI models, while Snapchat has indicated that if users engage with certain AI features, their content might appear in advertisements. Despite this, many users remain unaware that their social media posts and photos are being used to train AI systems.

Social Media: A Prime Resource for AI Training

AI companies aim to make their models as natural and conversational as possible, with social media serving as an ideal training ground. The content generated by users on these platforms offers an extensive and varied source of human interaction. Social media posts reflect everyday speech and provide up-to-date information on global events, which is vital for producing reliable AI systems.

However, it's important to recognize that AI companies are utilizing user-generated content for free. Your vacation pictures, birthday selfies, and personal posts are being exploited for profit. While users can opt out of certain services, the process varies across platforms, and there is no assurance that your content will be fully protected, as third parties may still have access to it.

How Social Platforms Are Using Your Data

Recently, the United States Federal Trade Commission (FTC) revealed that social media platforms are not effectively regulating how they use user data. Major platforms have been found to use personal data for AI training purposes without proper oversight.

For example, LinkedIn has stated that user content can be utilized by the platform or its partners, though they aim to redact or remove personal details from AI training data sets. Users can opt out by navigating to their "Settings and Privacy" under the "Data Privacy" section. However, opting out won’t affect data already collected.

Similarly, the platform formerly known as Twitter, now X, has been using user posts to train its chatbot, Grok. Elon Musk’s social media company has confirmed that its AI startup, xAI, leverages content from X users and their interactions with Grok to enhance the chatbot’s ability to deliver “accurate, relevant, and engaging” responses. The goal is to give the bot a more human-like sense of humor and wit.

To opt out of this, users need to visit the "Data Sharing and Personalization" tab in the "Privacy and Safety" settings. Under the “Grok” section, they can uncheck the box that permits the platform to use their data for AI purposes.

Regardless of the platform, users need to stay vigilant about how their online content may be repurposed by AI companies for training. Always review your privacy settings to ensure you’re informed and protected from unintended data usage by AI technologies
Read more »
North Korea Hackers
cyber attack Financial Exploit Laundering Lazarus Group Linkedin North Korea Hackers

North Korean Hackers Exploit LinkedIn in Targeted Attacks

 


The North Korean hacker group Lazarus has once again made headlines, this time for exploiting LinkedIn in their cyber operations. According to a report by blockchain security analytics firm SlowMist, Lazarus hackers are leveraging the professional networking platform to target unsuspecting users and pilfer their assets through malware attacks.


LinkedIn Used as a Trojan Horse

This involves Lazarus members masquerading as blockchain developers seeking employment opportunities in the cryptocurrency industry. By posing as job seekers, they lure in vulnerable targets, enticing them to share access to their code repositories under the guise of collaborative work. However, the innocuous-seeming code snippets provided by the hackers contain malicious elements designed to syphon off confidential information and assets from the victims' systems.


History of Innovation in Cybercrime

This tactic isn't new for Lazarus, as they previously employed a similar strategy in December 2023, posing as recruiters from Meta. Back then, they convinced victims to download malware-infected coding challenges, which, when executed, granted remote access to their computers.


Lazarus: A Cyber Threat

Lazarus has earned a notorious reputation in the cybersecurity realm since its emergence in 2009. The group is infamous for orchestrating some of the largest cryptocurrency heists, including the 2022 Ronin Bridge hack, which saw a staggering $625 million being stolen.


Laundering Techniques

Once they've plundered their ill-gotten gains, Lazarus employs sophisticated techniques, such as crypto mixing services, to launder the funds back to North Korea. Reports suggest these funds are funnelled into financing the country's military endeavors.


Industry Response and Countermeasures

In response to persistent cyber threats, crypto companies are advocating for heightened security measures and conducting awareness seminars to educate employees about potential risks. The industry's proactive stance has led to the implementation of robust security protocols and increased investment in cybersecurity to safeguard against data breaches and financial theft.


The recent exploits by Lazarus serve as a stark reminder of the ever-present dangers lurking in the digital realm. As cyber threats continue to expand, it's imperative for individuals and organisations alike to remain careful and adopt proactive measures to mitigate risks and be digitally secured.


By staying informed and proactive, investors, traders, and social media users can collectively work towards thwarting cyber threats and safeguarding digital assets in an increasingly interconnected world.


Read more »
Social Media
Data Breach data security Linkedin MOAB Social Media

The “Mother of All Breaches”: Implications for Businesses


In the vast digital landscape, data breaches have become an unfortunate reality. However, some breaches stand out as monumental, and the recent discovery of the “mother of all breaches” (MOAB) is one such instance. Let’s delve into the details of this massive security incident and explore its implications for businesses.

The MOAB Unveiled

At the beginning of this year, cybersecurity researchers stumbled upon a staggering dataset containing 26 billion leaked entries. This treasure trove of compromised information includes data from prominent platforms like LinkedIn, Twitter.com, Tencent, Dropbox, Adobe, Canva, and Telegram. But the impact didn’t stop there; government agencies in the U.S., Brazil, Germany, the Philippines, and Turkey were also affected.

The MOAB isn’t your typical data breach—it’s a 12-terabyte behemoth that cybercriminals can wield as a powerful weapon. Here’s why it’s a game-changer:

Identity Theft Arsenal: The stolen personal data within this dataset provides threat actors with a comprehensive toolkit. From email addresses and passwords to sensitive financial information, it’s a goldmine for orchestrating identity theft and other malicious activities.

Global Reach: The MOAB’s reach extends across borders. Organizations worldwide are at risk, and the breach’s sheer scale means that no industry or sector is immune.

Implications for Businesses

As business leaders, it’s crucial to understand the implications of the MOAB and take proactive measures to safeguard your organization:

1. Continual Threat Landscape

The MOAB isn’t a one-time event—it’s an ongoing threat. Businesses must adopt a continuous monitoring approach to detect any signs of compromise. Here’s what to watch out for:

  • Uncommon Access Scenarios: Keep an eye on access logs. Sudden spikes in requests or unfamiliar IP addresses could indicate unauthorized entry. Logins during odd hours may also raise suspicion.
  • Suspicious Account Activity: Scammers might attempt to take over compromised accounts. Look for unexpected changes in user privileges, irregular login times, and frequent location shifts.
  • Phishing Surge: Breaches like the MOAB create fertile ground for phishing attacks. Educate employees and customers about recognizing phishing scams.

2. Infrastructure Vigilance

Patch and Update: Regularly update software and apply security patches. Vulnerabilities in outdated systems can be exploited.

Multi-Factor Authentication (MFA): Implement MFA wherever possible. It adds an extra layer of security by requiring additional verification beyond passwords.

Data Encryption: Encrypt sensitive data both at rest and in transit. Even if breached, encrypted data remains useless to attackers.

Incident Response Plan: Have a robust incident response plan in place. Know how to react swiftly if a breach occurs.

3. Customer Trust and Reputation

Transparency: If your organization is affected, be transparent with customers. Promptly inform them about the breach, steps taken, and precautions they should follow.

Reputation Management: A breach can tarnish your brand’s reputation. Communicate openly, take responsibility, and demonstrate commitment to security.

4. Legal and Regulatory Compliance

Data Protection Laws: Understand the legal obligations related to data breaches in your jurisdiction. Compliance is critical to avoid penalties.

Notification Requirements: Depending on the severity, you may need to notify affected individuals, authorities, or regulatory bodies.

5. Employee Training

Security Awareness: Train employees to recognize phishing attempts, use strong passwords, and follow security protocols.

Incident Reporting: Encourage employees to report any suspicious activity promptly.

What next?

The MOAB serves as a wake-up call for businesses worldwide. Cybersecurity isn’t a one-and-done task—it’s an ongoing commitment. By staying vigilant, implementing best practices, and prioritizing data protection, organizations can mitigate the impact of breaches and safeguard their customers’ trust.



Read more »
USDoD
Data Breach Data Leak Database Breach Linkedin LinkedIn Users Personal Data US Government USDoD

Hackers Leaks Scraped LinkedIn Data of 35 Million Users


Threat actors have recently leaked personal information of over 35 million online users, by illicitly accessing a LinkedIn database. Apparently, the hackers are operating under the name ‘USDOD.’

The database, on the other hand, has been released in a popular cybercrime forum, Breach Forums. 

It is significant to note that USDoD is the same hacker who compromised the FBI's InfraGard security platform last year, revealing 87,000 members' personal information.

In a post on Breach Forums, the hacker verified that web scraping was used to access the most recent LinkedIn information. Web scraping is a software-driven, automated process that extracts data from websites, usually with the purpose of obtaining certain information from web pages.

As revealed by Hackread, the leaked data included publicly available information regarding the victims’ LinkedIn profiles, such as full names and profile bios. While this data also contains millions of email addresses, the hackers could not get hold of the passwords.

Email addresses from senior US government officials and organizations are exposed in the leak. Email addresses from other international government agencies have also been found.

Legitimacy of LinkedIn Data: Is it Authentic?

After analyzing more than 5 million accounts in the database, Troy Hunt of HaveIBeenPwned came to the conclusion that the data was a combination of information from other sources, including fraudulent email addresses and public LinkedIn profiles. Troy notes that the individuals, businesses, domain names, and a large number of email addresses are real, even though some of the information may be anecdotal or largely made up.

"Because the conclusion is that there’s a significant component of legitimate data in this corpus, I’ve loaded it into HIBP[…]But because there are also a significant number of fabricated email addresses in there, I’ve flagged it as a spam list which means the addresses won’t impact the scale of anyone’s paid subscription if they’re monitoring domains," Hunt explained.

This however was not the first time when the LinkedIn information was being leaked online by threat actors. A similar case happened back in April 2021, where 2 scrapped LinkedIn databases went on sale with 500 million and 827 million records. Also, in June 2021, a hacker sold a LinkedIn database that contained information about around 700 million users.  

Read more »
Scam
Company Data Breach Job Scams Jobseekers Linkedin New Jobs Online Jobs Perfect Jobs Scam

Online Jobseekers Beware: Strategies to Outsmart Scammers

 


The number of employment scams is increasing, and the number of job seekers who are targets of cunning scammers is also on the rise. A person who is seeking a new job is advised to be vigilant to these scams and to be aware of what to look out for to better protect themselves against them if they are searching for one. 

Precisely what is the scam? 

On fake websites that look like they belong to reputable companies, criminals will pose as them to post fictitious job descriptions that require applicants to apply for fictitious jobs. The scammers will then make false job offers to candidates looking for a job. 

Sometimes, the fraudster may ask for personal information, like a person's address, bank details, or personal information like a passport number. It is becoming increasingly common for these scams to take the form of legitimate recruitment activities, and they often appear to be recruiting through third-party websites or direct email exchanges. 

It is becoming increasingly common for employers to be caught up in this sort of scam, which is known as recruitment fraud. A scammer has been known to target job seekers with fake job openings on LinkedIn as the social networking site receives more than 100 job application submissions per second. 

Approximately two-thirds of British users have been targeted in the last several years, according to a study conducted by NordLayer, a security firm. Scammers do not limit themselves to LinkedIn, with scammers exploiting other genuine, well-known job websites as well as sending email solicitations directly to university students by targeting them directly within their email addresses. 

Scammers employ two main methods to con their victims. A job offer with basic information about the company and its job position sounds very interesting to job seekers, and there is a link that says that if they click on it, a presentation with detailed information about the company and the job role will appear, says Jedrzej Pyzik, a recruitment consultant at the financial recruitment firm FTeam.

It has been observed that after clicking through the link, there are usually some landing pages that require the user to download a certain program, log in, and provide personal information - this is the most common one that has noticed the most, said Jedrzej. 

When that data is obtained, it can be used to steal the job seeker's identity, or even to open a bank account in their name or to apply for credit in their name if the job seeker is not present. Another popular scam involves asking "successful" job applicants to send over a substantial amount of money upfront to have the money paid back when they are hired - a practice known as advance fee scams. 

If a person is told that the amount can be credited towards training fees, criminal background checks by the Disclosure and Barring Service (DBS), travel fees like visas, or equipment that is needed for the job, they may feel more inclined to apply. 

The problem is that if a check is ever received to cover these costs, it will bounce. A large part of the problem is associated with fake job ads, which are especially common when it comes to the recruitment process for students and recent graduates, who may be considered to be less knowledgeable about it. 

Several scams have been targeting US university students lately, according to the security firm Proofpoint, offering jobs in biosciences, healthcare, and biotechnology fields, mostly in recent months. These scams appear to have targeted students in various parts of the country. 

Is there a way to protect from these Frauds? 

To identify phishing scams, follow these five tips: 

It is advisable to avoid generic emails at all costs. A lot of effort is put into casting a wide net when scammers do not include specific information in their scams. It is always a good idea to be cautious when receiving an email that seems overly generic. 

The spelling of domain names and email addresses should be checked very carefully. Even a slight change of lower and uppercase letters can result in a redirect to a different domain where the job seeker may be a victim of identity theft. 

A recruitment agent from an authentic company will most often ask applicants for an in-person interview if the candidate truly meets all the requirements for the job. 

A recruiter will never ask a prospective candidate for financial information or payments as part of an employment application or as a condition of employment or anything similar.

Those who post a job stating the position is the "perfect job" usually make this claim as they rely on the high pay they will offer for positions that do not require any skills and experience. 

It is likely that such a job is a scam and is just too good to be true. There is a concerted effort being made by job platforms to eliminate job scams in their platforms. 

A report from LinkedIn claims that 99.3% of the spam and scams it detects are caught by its automated defences, and 99.6% of the fake accounts it detects are blocked before members even know they exist. Additionally, job websites are also doing their part to help those looking for work. 

It is the company's policy to perform automatic verification processes that confirm the validity of its advertisers, according to Keith Rosser, director of group risk at Reed, a process which involves checking Company House information, the domain information of the company as well as the email addresses and physical addresses of the company's advertisers. 

The job seekers are advised, however, to be cautious and to check whether the employer is legitimate before sharing any personal information with them. Before sharing any personal information, it would be wise to verify that the organization exists.
Read more »
threats
Advertising attacks Business Cloud CyberCrime Cybersecurity Duckport Ducktail Facebook Hijacking Information Linkedin malware Marketing Scams Security SocialEngineering SocialMedia Tactics threats

Vietnamese Cybercriminals Exploit Malvertising to Target Facebook Business Accounts

Cybercriminals associated with the Vietnamese cybercrime ecosystem are exploiting social media platforms, including Meta-owned Facebook, as a means to distribute malware. 

According to Mohammad Kazem Hassan Nejad, a researcher from WithSecure, malicious actors have been utilizing deceptive ads to target victims with various scams and malvertising schemes. This tactic has become even more lucrative with businesses increasingly using social media for advertising, providing attackers with a new type of attack vector – hijacking business accounts.

Over the past year, cyber attacks against Meta Business and Facebook accounts have gained popularity, primarily driven by activity clusters like Ducktail and NodeStealer, known for targeting businesses and individuals operating on Facebook. 

Social engineering plays a crucial role in gaining unauthorized access to user accounts, with victims being approached through platforms such as Facebook, LinkedIn, WhatsApp, and freelance job portals like Upwork. Search engine poisoning is another method employed to promote fake software, including CapCut, Notepad++, OpenAI ChatGPT, Google Bard, and Meta Threads.

Common tactics among these cybercrime groups include the misuse of URL shorteners, the use of Telegram for command-and-control (C2), and legitimate cloud services like Trello, Discord, Dropbox, iCloud, OneDrive, and Mediafire to host malicious payloads.

Ducktail, for instance, employs lures related to branding and marketing projects to infiltrate individuals and businesses on Meta's Business platform. In recent attacks, job and recruitment-related themes have been used to activate infections. 

Potential targets are directed to fraudulent job postings on platforms like Upwork and Freelancer through Facebook ads or LinkedIn InMail. These postings contain links to compromised job description files hosted on cloud storage providers, leading to the deployment of the Ducktail stealer malware.

The Ducktail malware is designed to steal saved session cookies from browsers, with specific code tailored to take over Facebook business accounts. These compromised accounts are sold on underground marketplaces, fetching prices ranging from $15 to $340.

Recent attack sequences observed between February and March 2023 involve the use of shortcut and PowerShell files to download and launch the final malware. The malware has evolved to harvest personal information from various platforms, including X (formerly Twitter), TikTok Business, and Google Ads. It also uses stolen Facebook session cookies to create fraudulent ads and gain elevated privileges.

One of the primary methods used to take over a victim's compromised account involves adding the attacker's email address, changing the password, and locking the victim out of their Facebook account.

The malware has incorporated new features, such as using RestartManager (RM) to kill processes that lock browser databases, a technique commonly found in ransomware. Additionally, the final payload is obfuscated using a loader to dynamically decrypt and execute it, making analysis and detection more challenging.

To hinder analysis efforts, the threat actors use uniquely generated assembly names and rely on SmartAssembly, bloating, and compression to obfuscate the malware.

Researchers from Zscaler also observed instances where the threat actors initiated contact using compromised LinkedIn accounts belonging to users in the digital marketing field, leveraging the authenticity of these accounts to aid in social engineering tactics. This highlights the worm-like propagation of Ducktail, where stolen LinkedIn credentials and cookies are used to log in to victims' accounts and expand their reach.

Ducktail is just one of many Vietnamese threat actors employing shared tools and tactics for fraudulent schemes. A Ducktail copycat known as Duckport, which emerged in late March 2023, engages in information stealing and Meta Business account hijacking. Notably, Duckport differs from Ducktail in terms of Telegram channels used for command and control, source code implementation, and distribution, making them distinct threats.

Duckport employs a unique technique of sending victims links to branded sites related to the impersonated brand or company, redirecting them to download malicious archives from file hosting services. Unlike Ducktail, Duckport replaces Telegram as a channel for passing commands to victims' machines and incorporates additional information stealing and account hijacking capabilities, along with taking screenshots and abusing online note-taking services as part of its command and control chain.

"The Vietnamese-centric element of these threats and high degree of overlaps in terms of capabilities, infrastructure, and victimology suggests active working relationships between various threat actors, shared tooling and TTPs across these threat groups, or a fractured and service-oriented Vietnamese cybercriminal ecosystem (akin to ransomware-as-a-service model) centered around social media platforms such as Facebook," WithSecure said.
Read more »
Zinc
Cyber Attacks Lazarus APT Linkedin malware Microsoft MSTIC Whatsapp. Zinc

Zinc APT is Conducting an Attack Against Victims in Critical Sectors


 
During recent months, Microsoft has detected cyberattacks targeted at security researchers by an actor tracked as ZINC, who is also called the author of these attacks. Originally, the campaign was brought to the attention after Microsoft Defender for Endpoints detected an attack that was taking place in the background. 

As a consequence, seven groups have been identified as being targeted, including pen testers, private offensive security researchers, and employees of security and technology companies. Based on the observations made by MSTIC, which is a Microsoft Threat Intelligence Center, we can attribute this campaign with high confidence to ZINC, which is a DPRK-affiliated and state-sponsored group, given its tradecraft, infrastructure, malware patterns, and account affiliations.


Campaigns designed to attack 


Using a high degree of confidence, Microsoft Threat Prevention and Defense has linked these recent attacks to a threat group identified as Zinc. The group is allegedly associated with recent attacks on LinkedIn. In addition, the group is also linked with one of the groups of the Lazarus movement.

• During their experiments, researchers noticed Zinc using a wide variety of open-source software, including KiTTY, TightVNC, Sumatra PDF Reader, PuTTY, and muPDF/Subliminal Recording software installers.

• As far as Microsoft is concerned, there are around five methods for trojanizing open-source applications, including packing with commercial software protection Themida, hijacking DLL Search orders, using custom encryption methods, encoding victim information in parameters associated with common keywords, and using SSH clients.

• A number of these applications are bundled with malicious shellcodes and malicious payloads that belong to the ZetaNile malware family that researchers have been tracking.

Is there anyone who has been affected by the crisis?


There has been a recent rash of attacks caused by Zinc on employees of various companies located in the United Kingdom, the United States, Russia, and India. These companies operate in different industries such as defense, aerospace, IT services, and media.


The tactical approach to the spread of infection 


A LinkedIn security team discovered Zinc impersonating recruiters from defense, technology, and media companies. This was malware that was delivered from LinkedIn to WhatsApp. Despite this, LinkedIn immediately suspended accounts linked to suspicious or fraudulent behavior as per its policies and the accounts spotted in these attacks.

Earlier this month, Mandiant reported about an ongoing campaign related to the weaponized version of PuTTY being used by some hackers; the operation Dream Job campaign was initiated by attackers to extract information about jobs on LinkedIn using job lures.

In essence, throughout its attack campaign, Zinc targets victims all over the world with a wide range of platforms and open-source software, making it one of the most dangerous cyber threats for businesses globally. 

To prevent such abuses, individuals and organizations that use open-source software should therefore ensure that they are vigilant. Whenever possible, it is highly recommended that you leverage a threat intelligence platform to find threats that are tailored to your needs.
Read more »
Linkedin
CISO Cyber Fraud Fake Accounts High Profile Attacks Linkedin

Fake CISO Profiles of Corporate Giants swamps LinkedIn

 

LinkedIn has recently been flooded with fake profiles for the post of Chief Information Security Officer (CISO) at some of the world’s largest organizations. 

One such LinkedIn profile is for the CISO of the energy giant, Chevron. One might search for the profile, and find the profile for Victor Sites, stating he is from Westerville, Ohio, and is a graduate of Texas A&M University. When in reality, the role of Chevron is currently occupied by Christopher Lukas, who is based in Danville, Calif. 

According to KrebsOnSecurity, upon searching the profile of “Current CISO of Chevron” on Google, they were led to the fake CISO profile, for it is the first search result returned, followed by the LinkedIn profile of the real Chevron CISO, Christopher Lukas. It was found that the false LinkedIn profiles are engineered to confuse search engine results for the role of CISOs at major organizations, and the profiles are even considered valid by numerous downstream data-scraping sources. 

Similar cases could be seen in the LinkedIn profile for Maryann Robles, claiming to be the CISO of another energy giant, ExxonMobil. LinkedIn was able to detect more such fabricated CISO profiles since the already detected fake profile suggested 1 view a number of them in the “People Also Viewed” column. 


Who is Behind the Fake Profiles? 


Security experts are not yet certain of the identity of the threat actors behind the creation and operation of these fake profiles. Likewise, the intention leading to the cyber security incident also remains unclear.  

LinkedIn, in a statement given to KrebsOnSecurity, said its team is working on tracking the fake accounts and taking down the con men. “We do have strong human and automated systems in place, and we’re continually improving, as fake account activity becomes more sophisticated,” the statement reads. “In our transparency report we share how our teams plus automated systems are stopping the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scam,” said LinkedIn. 

What can LinkedIn do?  


LinkedIn could take simple steps that could inform the user about the profile they are looking at, and whether to trust the given profile. Such as, adding a “created on” date for every profile, and leveraging the user with filtered searches. 

The former CISO Mason of LinkedIn says it could also experiment with offering the user something similar to Twitter’s ‘verified mark’ to those who chose to validate that they can respond to email at the domain linked with their stated current employer. Mason also added LinkedIn needs a more streamlined process allowing employers to remove phony employee accounts.
Read more »
Spear Phishing Mails
Cyber Attacks Facebook Linkedin Spear Phishing Spear Phishing attacks Spear Phishing Mails

Ducktail Spear-Phishing Campaign Targets Facebook Business Accounts Via LinkedIn

 

An ongoing spear-phishing campaign dubbed “Ducktail” is targeting admin profiles of enterprise networks via LinkedIn, with the motive of taking over Facebook Business accounts and exploiting the Ads function to run malvertising campaigns. 

According to researchers at WithSecure, a popular global IT-security firm, the hackers are of Vietnamese origin and have been active since 2018. 

Modus operandi 

The Ducktail operators have a limited targeting scope and carefully choose their victims, seeking those with administrative access to their employer's social media accounts. The hacker contacts employees on LinkedIn who may have access to Facebook business accounts, such as those described as working in "digital media" and "digital marketing." 

Subsequently, the hacker lures the potential victim to download a file hosted on legitimate cloud hosting services like Dropbox or iCloud. The downloaded file contains JPEG image files and a PDF document relevant to the topic discussed between the hacker and the potential victim during the convincing stage.

Security researchers reported that the entire file is a .NET Core malware that can infect any operating system by running on computers without having to install the .NET runtime. Once it has compromised the system the malware collects browser cookies from Chrome, Edge, Firefox, and additional sensitive information to steal Facebook credentials. 

“The malware directly interacts with various Facebook endpoints from the victim’s machine using the Facebook session cookie (and other security credentials that it obtains through the initial session cookie) to extract information from the victim’s Facebook account,” researchers explained. 

The malware is then deployed to other Facebook pages owned by the victim and collects multiple tokens, IP addresses, account information, geolocation data, and other valuables to disguise itself as a legitimate admin. 

After getting access to the victim’s business profile the malware steals advertising limits, credit card details, client lists, currency, payment cycle, and more sensitive details, and finally, the stolen data is exfiltrated through Telegram bots when the malware exits or crashes. 

The phishing campaign operates on an infinite loop in the background which allows continuous exfiltration of new cookies and any update to the victim’s Facebook account. The motive is to interact with the victim’s account, and ultimately create an email account managed by the hacker with the highest privilege role; that is, admin access and finance editor roles.
Read more »
More Eggs Malware
Corporate Networks Hackers Hiring Linkedin malware More Eggs Malware

Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

 

A year after potential candidates looking for work on LinkedIn were tempted with weaponized job offers, a new series of phishing assaults carrying the more eggs malware has been detected attacking corporate hiring supervisors with false resumes as an infection vector. 

Keegan Keplinger, eSentire's research and reporting lead said in a statement, "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting job seekers with fake job offers."
 
Four separate security events were identified and disrupted, according to the Canadian cybersecurity firm, three of which happened towards the end of March. A U.S.-based aerospace company, a U.K.-based accounting firm, a legal firm, and a hiring agency, all based in Canada, are among the targets. 

The malware, which is thought to have been created by a threat actor known as Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing sensitive data and lateral movement across a hacked network. 

Keplinger stated, "More_eggs achieves execution bypassing malicious code to legitimate windows processes and letting those windows processes do the work for them."
 
The goal is to leverage the resumes as a decoy to launch the malware and sidestep detection. Apart from the role reversal in the mode of operation, it's unclear what the attackers were after, given that the attacks were stopped before they could carry out their intentions. However, it's worth noting that, once deployed, more eggs might be used as a launchpad for further assaults like data theft and ransomware. 

"The threat actors behind more_eggs use a scalable, spear-phishing approach that weaponizes expected communications, such as resumes, that match a hiring manager's expectations or job offers, targeting hopeful candidates that match their current or past job titles," Keplinger stated.
Read more »
Phishing and Spam
Cyber Security cybercriminals Job Scam Linkedin malacious Phishing and Spam

Giant User Theft and Bot Attacks Target on Job Seekers

 

Job seekers are viable targets for social manipulation efforts because applicants are emotionally weak and eager to provide any information to help them win the job. Cybercriminals are finding it easier to find the next victim now the "Great Resignation" is in full armor. 

A job posting portal with a location in six countries was the sufferer in this instance. The goal of the attack was to collect job seeker information from the website. 

Since February 1, experts have seen a 232 percent increase in phishing email attacks imitating LinkedIn, seeking to deceive job seekers into handing up private credentials. The emails contained subject lines including "Searching for a suitable candidate online," "You mentioned in 4 searches this week," and even "You have 1 new message," as per the Egress team. 

The OWASP Foundation classifies web scraping as an operational threat (OAT-011), which is defined as gathering accessible data or processing output from an application. While web scraping walks a delicate line among reporting and data privacy violations, it is still one of the most common automated hacks affecting businesses today, according to Imperva.

Imperva didn't name the company, but it said it received 400 million bot requests from 400,000 network Interfaces over four days in an attempt to harvest all of its job seekers' information. Similar strategies can be employed in "scalping" attacks, which are aimed to purchase in-demand, limited-edition products in order to resell them at a greater price later. Imperva neutralized one such operation on a retailer's website around Black Friday week, which had nine million bot queries in only 15 minutes — 2500 percent above its normal traffic rate.

Several people are accustomed to receiving regular authentic LinkedIn communications – and may unintentionally click without double-checking. Individual users are still responsible for being aware of the data they provide socially and how it can be used to deceive users into clicking a malicious link.
Read more »
Vulnerabilities and Exploits
Atlassian Audi Confluence Flaw Linkedin OGNL Instructions Team collaboration Software Vulnerabilities and Exploits

Recently Patched Confluence Vulnerability Abused in the Wild

 

A significant vulnerability in Confluence's team collaboration server software is on the edge of exploitation after the company released the patch a week ago. 

Threat actors were found abusing the major vulnerability tracked as CVE-2021-26084 which affects Confluence Server and Confluence Data Center software, which is often installed on Confluence self-hosted project management, wiki, and team communication platforms. 

The vulnerability is hidden in OGNL (Object-Graph Navigation Language), a basic scripting language for interfacing with Java code, which is the fundamental technology used to build most Confluence software. 

When Atlassian released the fix on August 25, the firm that owns the Confluence software family, stated the vulnerability could be used by threat actors to circumvent authentication and implant malicious OGNL instructions that allow attackers to take control of the system. 

As an outcome, the vulnerability received a severity rating of 9.8 out of 10, indicating that it could be exploited remotely over the internet and building a weaponized exploit would be relatively simple.

Exploitation begins a week after fixes are released

Attackers and professional bug bounty hunters are investigating Confluence systems for functionalities vulnerable to CVE-2021-26084 exploits, according to Vietnamese security researcher Tuan Anh Nguyen, who stated on Tuesday that widespread scans for Confluence servers are already ongoing. 

Soon after the issue was discovered in the open, two security researchers, Rahul Maini and Harsh Jaiswal released a detailed explanation of the flaw on GitHub, along with various proof-of-concept payloads. Maini explained the procedure of creating the CVE-2021-26084 attack as “relatively simpler than expected,” thus proving the bug's high severity level of 9.8. 

Confluence is a widely used team collaboration software among some of the world's top businesses, and the CVE-2021-26084 vulnerability is highly effective from a threat actor's standpoint, criminal gangs are anticipated to increase their assaults in the next few days. 

As Confluence flaws have previously been widely weaponized, a similar exploitation strategy is probable this time. 

Atlassian states that Confluence is used by over 60,000 clients, including Audi, Hubspot, NASA, LinkedIn, Twilio, and Docker, according to its website.
Read more »
Subscribe to: Posts (Atom)