LinkedIn

Pierluigi Paganini September 19, 2015
Discovered a Reflected Filename Download flaw in LinkedIn

The Security researcher David Sopas at WebSegura discovered a Reflected Filename Download vulnerability in the popular professional social network LinkedIn. He was analyzing another website when he discovered the following XHR request on Google Inspector on LinkedIn: https://www.linkedin.com/countserv/count/share?url=http://www.site_i_was_in.pt It seems a simple request to make by websites to count how many shares their site have on […]

Pierluigi Paganini September 05, 2015
Fake recruiters on LinkedIn spy on security experts

Security researchers have uncovered a group of fake recruiting accounts on LinkedIn used for intelligence gathering about security experts. A group of fake recruiter accounts is abusing the LinkedIn professional social network to send invitations to security professionals in various industries. The fake recruiters attempt to deceive targets usually by using a LinkedIn profile with […]

Pierluigi Paganini July 24, 2015
LinkedIn and the story how crooks can use it for spear phishing

Kaspersky’s researchers warned LinkedIn about a security flaw that could put at risk their 360 million users and exposing them to spear phishing attacks. In November 2014, Kaspersky’s researchers warned LinkedIn about a security flaw that could put at risk their 360 million users. This was a big concern at the time because LinkedIn has […]

Pierluigi Paganini December 06, 2014
SpoofedMe attacks exploit popular websites social login flaws

The experts at IBM have found several problems in implementation of the social login authentication of several identity providers. The researchers at IBM’s X Force security discovered a way to gain access to Web accounts by exploiting misconfiguration in some social login services. Social login, also known as social single sign-in, is a form of single […]

Pierluigi Paganini June 19, 2014
LinkedIn vulnerable to MITM attack that leverages an SSL stripping could expose users data at risk

Security experts at Zimperium firm revealed that LinkedIn users could be potentially vulnerable to Man-in-the-Middle attacks leveraging an SSL stripping. A new research is scaring users of LinkedIn revealing that they could be potentially vulnerable to Man-in-the-Middle (MITM) attacks leveraging an SSL stripping. Despite the US security firm Zimperium reported the problem to LinkedIn more than a […]

Pierluigi Paganini May 27, 2014
CYBERPOL Investigates Indentify theft online

CYBERPOL the International Cyber-Security Organization (ICSO)  is looking into the ID theft of personalities on social websites online that offers very little, if any protection of your identity being used by third parties. This comes after a fake Ban Ki Moon ID profile was discovered by CYBERPOL  on LinkedIn on Sunday past. During the examination, […]

Pierluigi Paganini May 03, 2014
Covert Redirect security vulnerability found in OAuth and OpenID

Covert Redirect vulnerability is the security flaw in the open standards for authorization OAuth and OpenID that is menacing IT industry. Another security flaw in the open standards for authorization OAuth and OpenID is scaring IT industry. Just a few weeks after the disclosure of the Heartbleed vulnerability, another major flaw was discovered in the open […]

Pierluigi Paganini January 09, 2014
LinkedIn – Surge of fake profiles and increment of illicit activities

LinkedIn company filed a complaint in San Francisco against unknown hackers responsible for the creation of an impressive amount of fake profiles. LinkedIn is considered the social network of professionals, its scope is to give the possibility to the users to build their network of business relationship, sharing content of interest and exchanging opinion and […]

Pierluigi Paganini December 15, 2013
Safari browser stores in plaintext previous secure session data

Researchers at Kaspersky Lab discovered Apple Safari browser stores previous secure session data unencrypted in a hidden folder. Apple’s Safari browser stores session information including authentication credentials used in previous HTTPS sessions to implement the feature “Reopen All Windows from Last Session”. Safari stores in a plain text XML file called  Property list, or plist, […]

Pierluigi Paganini December 09, 2013
Linkedin iOS app V 6_1_2 HTML message parsing vulnerability

LinkedIn iOS app parses HTML in the messages, and this can be used to phish for credentials or be escalated into a full blown attack. Senior CyberSecurity Specialist Zouheir Abdallah @ZuZ  (Twitter handle), has publicly and responsibly disclosed a vulnerability in LinkedIn’s mobile app. Zouheir is known for reporting a serious vulnerability in DropBox’s 2 Factor […]