Hello and welcome to the Wednesday, November 30th, 2020 edition of the Sansonet Storms, Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today's diary is about linked in bots. Well, at least I think it's bots what we are dealing with, but sometimes, and that's in

part what is about, it's hard to tell if you're dealing with actual people, with bots, or something

in between, which are often actual people who basically just copy-paste profiles. What makes

you sort of interesting is that these profiles, bots, individuals happen

to try to connect to people in the information security industry.

So in my opinion, it's likely an attempt to map out different relationships likely.

The profiles of these individuals are not really anything that's related to information

security, anybody that you would think would sort of reach out to a larger number of information security

professionals.

This also still very much sort of work in progress.

So if you run into any connection requests that do look suspicious, I would be interested

in hearing about it and figuring out if this is sort of a more coordinated effort or really

just sort of some spammer collecting connections here in order to then eventually advertise

some kind of service. As usual, the rule of thumb applies. If you post something on social

media, assume it to be public.

Social media are not built and not meant to exchange information with sort of trusted groups.

It's really medium to very effectively reach a large number of readers, users, customers,

and use it like that, don't use it sort of as a replacement for some kind of instant messaging or other more direct channel. And this, of course,

is not just a LinkedIn issue that applies to all of these social media sites.

And SISA added CVE 2021 35587. That's an Oracle Fusion middleware vulnerability to its

...