linkedin

It’s a common problem we’ve all seen before: An employee at work logs into their personal Facebook, Twitter or LinkedIn page to see an interesting video link shared by a “friend.”  Once they click the link, a virus spreads throughout their account and onto their computer.  As a reoccurring problem in the workplace, organizations are left struggling to find a way to manage social media sites.

With many Internet applications such as online social media outlets and web services, the line between corporate and personal usage has quickly distorted, causing an increase in data loss and malware outbreaks. Services such as blogs, Facebook, Twitter and LinkedIn now pose a great threat in the workplace, despite their functionality and organizational benefits.

A major new malware spam campaign mimicking invites sent via business networking site LinkedIn.com leverages user trust and a kitchen sink of browser exploits in a bid to install the password-stealing ZeuS Trojan.

The spam campaign began Monday morning, according to security experts at networking giant Cisco Systems, and for a while the fake LinkedIn invitations accounted for as much as 24 percent of all spam. Recipients who click links in the message are taken to a Web page that reads, “Please Waiting, 4 seconds,” and then sent on to Google.com.

On the way to Google, however, the victim’s browser is silently passed through a site equipped with what appears to be the SEO Exploit Pack, a commercial crimeware kit that tries to exploit more than a dozen browser vulnerabilities in an attempt to install ZeuS.

Staying up-to-date in this fast-paced word can be a challenge. To the resque are groups and communities online - like LinkedIn groups. I participate and moderate some groups. Here are a couple of groups on LinkedIn that I find value in:

NorSEC - a group for Nordic security professionals only.

Vulnerability scanning / Patch Management - specialized group

Information Security Community - the largest infosec group, many interesting topics and people here!

There are many other groups available too - just search for Security on LinkedIn, and find the groups that interest you!