News for November 2, 2022


New Security Efforts At LinkedIn
by Artie Kaye

Three features are being added to the social media site to combat scammers.  They are going to be employing AI to scan profile images for artifacts that are commonly present in AI generated images.  Next there is the About This Profile change, which will allow contacted users to verify if the account contacting them was made yesterday or 5 years ago, or if the account is linked with a phone number or a corporate email address.  Lastly, they will have automatic warnings sent to users who are asked to move to another platform to discuss further.  While none of these things is absolute proof that a scammer is contacting you, they are red flags and should be treated with caution.

https://www.bleepingcomputer.com/news/security/linkedins-new-security-features-combat-fake-profiles-threat-actors/

https://www.pcmag.com/news/linkedin-takes-aim-at-scam-accounts-with-new-security-features

https://www.techzine.eu/news/security/92815/linkedin-launches-security-features-to-remove-fake-profiles/

Twitter Verified Phishing Scam
by Artie Kaye

After the recent announcement regarding charging users for the verified tag on Twitter, there’s been a phishing scam targeting the platforms users.  The scam is asking for payment of a fee to retain or obtain a blue check mark on the platform in some instances.  In others it is claiming to give one for free by verifying their identity with personal information.  Double check the email addresses that messages are from, anything not from the official website is a scam.  If the message is asking you for money or details about yourself, it is probably a scam.  Do not click on links in an email you are wary of.

https://www.darkreading.com/cloud/musk-twitter-verification-payment-cyberattackers

https://www.infosecurity-magazine.com/news/twitter-verified-status-users/

https://www.pcmag.com/news/new-phishing-email-exploits-twitters-plan-to-charge-for-blue-checkmark

News Sites Compromised, Spreading Malware
by Artie Kaye

Proofpoint’s Threat Insight team discovered an as yet unnamed company has been compromised.  The company in question provides media to many news websites across the US.  A javascript file that is loaded when visiting the news sites has been altered to install a malicious payload.  It masquerades as a browser update, and a fake update alert can pop up for some users.  If you see an alert to update your browser on a website, you can check your browser’s current update status under the Help menu of the browser, or in the About Us subsection of the Help tab.  A good practice is to not install updates from an untrusted source.

https://twitter.com/threatinsight/status/1587865920130752515

https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/