Hello, welcome to the Tuesday, May 7, 2016 edition of the Sandinand, Storm Center's Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Baltimore, Maryland.

The German government, also known as Surd, Bund, is warning that data from the LinkedIn preach that was made public recently is being used

for successful fishing attacks. Essentially what happens here is that the data is used to personalize

the emails so you will be addressed with your name and the role in your company.

Now, I think I have received a couple of emails like that.

They usually claim to include an invoice, which is then an infected vert document.

For the most part, I ignored them because they looked, at least to me, obviously fake,

but they looked a little

bit better when it came to sort of being more personalized in the way the email appeared.

The use of social networks in order to personalize phishing emails is certainly nothing new,

but having bulk data like it is leaked here from LinkedIn, of course,

makes that process easier.

In the past, these criminals had to then, for example, spider and screen scrape the site

or use APIs in such in order to retrieve the data from this site.

And in addition, this data dump of course may include data that the user didn't make public,

so a simple screen scraper so wouldn't have access to that particular data.

And Google released its usual monthly update for Android.

With this particular update, 40 vulnerabilities are being addressed.

Now out of these about eight are being considered critical.

The focus this month really appears to be

drivers among the critical vulnerabilities. There are four out of six

...