Browsing tag
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit […]
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. “The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace,” WithSecure said in a report published today. “Threat […]
A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware “possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out […]
The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it […]
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. “This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with […]
In the latest LinkedIn phishing scam, the sender’s email address appears to be from Paul University which is based in Nigeria. Phishing scams are one of the most often done owing to their simplicity and sadly, reliability as well. In the latest, researchers from ArmorBlox have discovered a new LinkedIn phishing campaign that targeted approximately […]
LinkedIn has not suffered data breach but the records being sold are collected through data scraping technique. Two months back, Hackread.com exclusively reported a staggering data leak compiled as a result of data scraping involving LinkedIn where threat actors posted 500 million and over 800 million LinkedIn user profiles up for sale on a hacker […]
A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that’s more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American […]
Two grey hat hackers have pleaded guilty to blackmailing Uber, LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016. In a San Jose courthouse in California on Wednesday, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto […]
The tension generated by the cyber warfare between the United States, and its allies, and Iran keeps growing. Although some information security specialists consider Iranian hackers to be light years away from the U.S. government in terms of capabilities and resources, this does not apply in the same way for the American private companies’ technology […]
A cybersecurity investigator reported the finding of at least eight databases without online protection measures. According to cyber forensics course specialists from the International Institute of Cyber Security (IICS), these databases contain about 60 million of LinkedIn users records. Most of the data is accessible to any user with minimal knowledge. As reported by the […]
Professional messaging platform LinkedIn, stepping further into the video arena, has introduced its new live streaming service, called LinkedIn Live. Currently, in the beta testing phase, the new feature will allow various businesses and other users to conduct live events such as conferences, product launches, Q&A sessions, meetings, and more. However, the feature is an […]
Attackers took advantage of a bank employee to penetrate their computer infrastructure Redbanc, a company responsible for administering the interbank ATM network in Chile, suffered a serious cybersecurity incident, reported network security and ethical hacking experts from the International Institute of Cyber Security. After some local media began to follow up on the incident, Redbanc […]
Another day, another data breach – This time, the IT security researcher at HackenProof have discovered a massive trove of personal data of over 66 million users exposed online due to an unprotected MongoDB database. In October and November 2018, HackenProof’s security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a […]
Following rumors that surfaced late last week, Microsoft has confirmed the acquisition of GitHub code repository in $7.5 billion on Monday. The value announced by Microsoft is still higher than speculated in recent days. Microsoft was expected to pay $ 5 billion for the service. In 2015, GitHub was valued at $ 2 billion – it was […]
A majority of users and companies are moving to Two-factor authentication (2FA) for enhancing the security of its data and systems. But contrary to popular belief, it cannot provide a fool-proof layer of security to online accounts since Kevin Mitnick at KnowBe4 has demonstrated that it is very easy to deceive this defensive measure. KnowBe4 […]
Private profile data, like phone numbers and email addresses, could have been easily collected. According to information security experts, the flaw was found in LinkedIn’s widely used AutoFill plugin, which allows approved third-party websites to let LinkedIn members automatically fill in basic information from their profile — such as their name, email address, location, and where they […]
Ultimate phishing tool with Ngrok integrated. PREREQUISITES Python 2.7 Wget from Python PHP TESTED ONKali Linux – ROLLING EDITION CLONE git clone https://github.com/UndeadSec/SocialFish.git RUNNING cd SocialFish sudo pip install -r requirements.txt python SocialFish.py AVAILABLE PAGES+ Facebook: Traditional Facebook login page. Advanced login with Facebook. + Google: Traditional Google login page. Advanced login with Facebook. + […]
In a Dark Web marketplace, one can buy anything from illegal drugs to weapons, fake documents to malicious software and even stolen databases, etc. Although after the shut down of Hansa and AlphaBay marketplace, buying and selling have slowed down. It does not, however, mean it has been fully curbed. Recently, a dark web monitoring firm 4iQ discovered a […]
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills. Check out the example (digraph), which is based on mine and my colleagues (David Prince) LinkedIn profile. By glancing at the visualisation you can easily see, by the number of “arrows”, there is some sort of relationship between us […]
Hacking group OurMine has breached Vevo, a video hosting service, and has leaked files from the company’s internal network. The hacker group, who has a reputation for defacing websites and social media accounts, said it leaked data from Vevo after one of its employees was disrespectful to an OurMine member on LinkedIn. The mysterious case […]