Pierluigi Paganini
September 05, 2015
Security researchers have uncovered a group of fake recruiting accounts on LinkedIn used for intelligence gathering about security experts. A group of fake recruiter accounts is abusing the LinkedIn professional social network to send invitations to security professionals in various industries. The fake recruiters attempt to deceive targets usually by using a LinkedIn profile with […]
Pierluigi Paganini
July 24, 2015
Kaspersky’s researchers warned LinkedIn about a security flaw that could put at risk their 360 million users and exposing them to spear phishing attacks. In November 2014, Kaspersky’s researchers warned LinkedIn about a security flaw that could put at risk their 360 million users. This was a big concern at the time because LinkedIn has […]
Pierluigi Paganini
December 06, 2014
The experts at IBM have found several problems in implementation of the social login authentication of several identity providers. The researchers at IBM’s X Force security discovered a way to gain access to Web accounts by exploiting misconfiguration in some social login services. Social login, also known as social single sign-in, is a form of single […]
Pierluigi Paganini
June 19, 2014
Security experts at Zimperium firm revealed that LinkedIn users could be potentially vulnerable to Man-in-the-Middle attacks leveraging an SSL stripping. A new research is scaring users of LinkedIn revealing that they could be potentially vulnerable to Man-in-the-Middle (MITM) attacks leveraging an SSL stripping. Despite the US security firm Zimperium reported the problem to LinkedIn more than a […]
Pierluigi Paganini
May 27, 2014
CYBERPOL the International Cyber-Security Organization (ICSO)Â is looking into the ID theft of personalities on social websites online that offers very little, if any protection of your identity being used by third parties. This comes after a fake Ban Ki Moon ID profile was discovered by CYBERPOLÂ on LinkedIn on Sunday past. During the examination, […]
Pierluigi Paganini
May 03, 2014
Covert Redirect vulnerability is the security flaw in the open standards for authorization OAuth and OpenID that is menacing IT industry. Another security flaw in the open standards for authorization OAuth and OpenID is scaring IT industry. Just a few weeks after the disclosure of the Heartbleed vulnerability, another major flaw was discovered in the open […]
Pierluigi Paganini
January 09, 2014
LinkedIn company filed a complaint in San Francisco against unknown hackers responsible for the creation of an impressive amount of fake profiles. LinkedIn is considered the social network of professionals, its scope is to give the possibility to the users to build their network of business relationship, sharing content of interest and exchanging opinion and […]
Pierluigi Paganini
December 15, 2013
Researchers at Kaspersky Lab discovered Apple Safari browser stores previous secure session data unencrypted in a hidden folder. Appleâs Safari browser stores session information including authentication credentials used in previous HTTPS sessions to implement the feature “Reopen All Windows from Last Session”. Safari stores in a plain text XML file called Property list, or plist, […]
Pierluigi Paganini
December 09, 2013
LinkedIn iOS app parses HTML in the messages, and this can be used to phish for credentials or be escalated into a full blown attack. Senior CyberSecurity Specialist Zouheir Abdallah @ZuZ  (Twitter handle), has publicly and responsibly disclosed a vulnerability in LinkedIn’s mobile app. Zouheir is known for reporting a serious vulnerability in DropBox’s 2 Factor […]
Pierluigi Paganini
November 05, 2013
The professional social network LinkedIn is a mine of information for any king of attackers, a Websense post described a typical attack scenario. Recently I read an interesting post published on the Websense security labs blog on the use of social network LinkedIn for the reconnaissance phase of an attack. The concept is not […]
