Ex-cybersecurity Hackers Exposed, Norwegian Bus Vulnerability, LinkedIn Credential Scam

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

					DMARC Report					

				

Ex-cybersecurity Hackers Exposed, Norwegian Bus Vulnerability, LinkedIn Credential Scam

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-33487">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/11/Ex-cybersecurity-Hackers-Exposed-Norwegian-Bus-Vulnerability-LinkedIn-Credential-Scam.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M8S">2:08</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-33487" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-33487" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-33487" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-33487" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/ex-cybersecurity-hackers-exposed-norwegian-bus-vulnerability-linkedin-credential-scam/&t=Ex-cybersecurity Hackers Exposed, Norwegian Bus Vulnerability, LinkedIn Credential Scam" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/ex-cybersecurity-hackers-exposed-norwegian-bus-vulnerability-linkedin-credential-scam/&url=Ex-cybersecurity Hackers Exposed, Norwegian Bus Vulnerability, LinkedIn Credential Scam" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/11/Ex-cybersecurity-Hackers-Exposed-Norwegian-Bus-Vulnerability-LinkedIn-Credential-Scam.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/ex-cybersecurity-hackers-exposed-norwegian-bus-vulnerability-linkedin-credential-scam/" class="input-link input-link-33487" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-33487" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-33487” readonly/>

					<button class="copy-embed copy-embed-33487" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

It’s finally November. People are still basking in the Halloween vibes and are slowly gearing up for Christmas. Similarly, threat actors are pulling up their socks to make the biggest impact, while innocent, unsuspecting victims will be busy with festivities. If you wish to make the most out of this holiday season, without exposing your personal data to cybercrooks, you need to play it very safe. Cyber awareness and a proactive approach can be of great help in tackling the malicious activities of cybercriminals.

With that intention, we are back again with the first edition of the November bulletin. Today, we will talk about the two ex-cybersecurity employees who have allegedly hacked a few US firms. Next, our focus will also be on the highly susceptible Norwegian Yutong buses. Lastly, we will wrap up today’s news bulletin by discussing the misuse of LinkedIn by hackers for stealing corporate credentials. Let’s get started!

Ex-cybersecurity employees responsible for hacking into the systems of US-based firms!

Two former cybersecurity employees, Kevin Tyler Martin and Ryan Clifford Goldberg, who used to help their clients secure their data against cyberattacks, are facing accusations of conspiracy and active involvement in hacking and extortion targeting US companies. Authorities believe that the accused are responsible for deploying ransomware against a **Florida-based medical device manufacturing company. The ransomware they used was once quite popular with cybercriminals back in 2023. The same ransomware was also used by the two men to target a Maryland-based pharmaceutical firm and a drone maker in Virginia.

The two accused, along with another co-conspirator, allegedly had demanded a whopping **$10 million from the Florida-based medical device manufacturing company. So far, they have managed to extort $1.27 million from the same company.

Experts believe that this situation is quite concerning, as those who are supposed to be the protectors decided to switch sides and join the opposite team. The surge in ransomware attack incidents has already cost the US multiple billion dollars.

Cybersecurity experts are concerned that such cyber incidents initiated by former **cybersecurity employees can damage the entire cybersecurity ecosystem’s reputation. This single incident is a direct blow to the trust that governments, firms, and the public have in cybersecurity professionals.

Norwegian Yutong buses are vulnerable to cyberattack!

If you are planning to visit Norway soon and travel regularly by Norwegian Yutong buses, this is something you need to know!

The Norwegian public transport operator Ruter has detected potential cyber risks. A recent series of security tests has revealed that the electric Yutong buses are not secure against threat attacks.

As per Ruter, the digital access system for software updates can allow cybercrooks to manipulate the control of all 850 buses.

While digital access is important to update the software from time to time over the air, the same access is prone to manipulation by threat actors.

Rutor also believes that all the systems in the Yutong are “barely integrated.” They are not hidden well and can be abused for backdoor entry by hackers.

The Ministry of Transport and Communications and Ruter have decided to work together to “find a solution.” They are planning to bolster security setups to be able to combat future threat attacks. Working with national and local agencies, as well as developing their own firewalls, is also being prioritized.

Fake board offers on LinkedIn are being used to steal corporate credentials

LinkedIn is getting immensely popular among users as a personal branding and professional networking platform around the globe. But it is also used as a job-hunting platform**. A new trend is doing the rounds where phishing actors are misusing board offers on LinkedIn to access the Microsoft login credentials of entrepreneurs. This time, they are not using the age-old phishing email technology. On LinkedIn, these scammers are using a high-end, sophisticated attacking tactic to target the big profiles on LinkedIn.

A renowned cybersecurity company revealed that the phishing attack is being initiated by scammers through LinkedIn DMs. To an unsuspecting user, the DM would look quite legitimate. The message sounds like an invitation for executives to join the executive board that has been created recently by the “Commonwealth” investment fund. The threat actor would make the message look highly tempting and prestigious. It will be presented as an opportunity to achieve yet another career milestone.

The message also includes a link to a proposal document that the entrepreneur must click. As soon as the victim clicks on the malicious link, they are redirected to a fake landing page. When the victim clicks this page, they are prompted to view it in Microsoft. Soon, the victim enters their login credentials on the phishing page, thereby sharing this sensitive data unknowingly with hackers.

This incident underscores why ex-cybersecurity employees always emphasize implementing DMARC, DKIM, and SPF protocols - essential measures to prevent email spoofing and ensure secure communication.