Tag: jobs
-
Pentagon Piloting Skills-Based Assessments for Cyber Workers
Proponents Favor Performance Tests Over Certs. The U.S. Department of Defense is for the first time piloting new skills-based assessments for its cyber hiring as an alternative to checking paper qualifications. Many certificates, officials say, don’t reflect the skills their cyber teams need in the real world. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pentagon-piloting-skills-based-assessments-for-cyber-workers-a-31222
-
Phishers Pose as Palo Alto Networks’ Recruiters for Months in Job Scam
A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/phishers-pose-palo-alto-networks-recruiters-job-scam
-
Scam compounds hiring >>AI models<< to seal the deal in deepfake video calls
Forced labor doesn’t play well on camera, so scam compounds are hiring women to deepfake their faces on video calls. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/scam-compounds-hiring-ai-models-to-seal-the-deal-in-deepfake-video-calls/
-
New ‘StoatWaffle’ malware auto”‘executes attacks on developers
Tags: attack, detection, group, infrastructure, jobs, korea, malicious, malware, north-korea, threatContagious Interview, revisited: StoatWaffle isn’t an isolated campaign. It’s the latest chapter in the Contagious Interview attacks, widely attributed to North Korea-linked threat actors tracked as WaterPlum.Historically, this campaign has targeted developers and job seekers through fake interview processes, luring them into running malicious code under the guise of technical assessments. Previously, the campaign weaponized…
-
Google Forms Job Scam Spreads PureHVNC Malware
A newly observed malware campaign is leveraging trusted platforms like Google Forms to distribute the PureHVNC Remote Access Trojan (RAT), marking a shift in how attackers initiate infections. Rather than relying on traditional phishing emails or malicious websites, threat actors are using business-themed lures such as job interviews, project proposals, and financial documents to trick…
-
AI Governance in 2026: Why Staying Current Is No Longer Optional for Your Business
AI Governance in 2026: Why Staying Current Is No Longer Optional for Your Business You deployed an AI tool to screen job applicants six months ago. Maybe you used ChatGPT to draft customer communications. Perhaps your product team quietly integrated a third-party AI into your SaaS platform. Each of these decisions, made quickly, in the…The…
-
North Korean Hacker Lands Remote IT Job, Caught After VPN Slip
New research from LevelBlue reveals how a suspected North Korean operative landed a remote IT role to fund national weapons programmes. First seen on hackread.com Jump to article: hackread.com/north-korean-hacker-remote-it-job-vpn-slip/
-
Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire
Key signs of NK-linked insider infiltration: SpiderLabs has found that these threat actors commonly operate from China rather than North Korea because the internet is more stable and they can employ VPN services to conceal their true geographic origin.Astrill VPN has the ability to bypass China’s Great Firewall and allows threat actors to tunnel traffic…
-
We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware
Criminals extorting money online have created huge businesses, complete with branding and HRThe birth of ransomware was a stunt that got out of hand. In 1989, an evolutionary biologist called Joseph L Popp Jr was working part time for the World Health Organisation on the Aids epidemic. He was a difficult man. When he was…
-
TDL 018 – How To Think, Not What To Think – Mitch Prior
Tags: access, ai, apple, attack, backup, blockchain, business, cctv, china, ciso, cloud, computer, conference, control, credentials, cvss, cyber, cybersecurity, data, defense, detection, exploit, finance, firmware, google, infrastructure, intelligence, Internet, iot, jobs, law, mail, malware, military, network, phone, privacy, resilience, risk, router, software, strategy, switch, technology, threat, tool, vulnerability, wifi, zero-trustThe Human Algorithm in a Zero-Trust World In the latest episode of The Defender’s Log, host David Redekop sits down with cybersecurity expert Mitch Prior to discuss the intersection of high-tech security and human intuition. From their first meeting in 2018″, the early days of Zero Trust”, the duo explores why the “why” behind technical…
-
That “job brief” on Google Forms could infect your device
Fake job offers on Google Forms are spreading PureHVNC malware that can take over your device. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/that-job-brief-on-google-forms-could-infect-your-device/
-
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference
Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…
-
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference
Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…
-
Elite members of North Korean society fake their way into Western paychecks
Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/19/north-korean-remote-it-workers-corporate-infiltration-scheme/
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass…
-
New research unpacks North Korea’s stealthy, sophisticated remote IT worker schemes
The report recommends that businesses practice several forms of vigilance to avoid unwittingly hiring Pyongyang’s operatives. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/north-korea-remote-it-worker-ibm-flare/815063/
-
CISOs rethink their data protection strategies
Tags: access, ai, attack, automation, breach, business, cisco, ciso, cloud, compliance, computing, control, cyber, data, defense, framework, governance, healthcare, identity, jobs, LLM, privacy, resilience, risk, service, strategy, technology, tool, zero-trustFactors driving strategy evaluations CISOs, security experts, and data practitioners cite the expanding use of AI in the enterprise as the main reason they’re rethinking their data protection strategies.”AI is exposing more sensitive information as [workers] are taking that information and typing it into LLMs,” says Errol Weiss, CSO at Health-ISAC.AI tools make it easy…
-
EU sanctions Iranian cyber front over election meddling, Charlie Hebdo breach
State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties First seen on theregister.com Jump to article: www.theregister.com/2026/03/17/eu_iran_cyber_sanctions/
-
AWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatch
Tags: access, bug-bounty, credentials, cvss, data, dns, iam, infrastructure, jobs, network, service, strategy, update, vulnerabilityAWS allegedly rolled back a fix: BeyondTrust said it discovered and reported the vulnerability to AWS on September 1, 2025, via the bug bounty platform HackerOne. AWS reportedly acknowledged receipt of the report and deployed an initial fix to production in November.However, BeyondTrust was informed a few days later that the initial fix was rolled…
-
Runtime: The new frontier of AI agent security
Tags: access, ai, automation, ceo, ciso, computer, container, control, crowdstrike, cybersecurity, data, detection, edr, endpoint, firewall, framework, incident response, jobs, monitoring, network, openai, risk, saas, technology, threat, tool, vulnerability, zero-dayWhat runtime monitoring looks like: Once an organization knows where its agents are, the question is what to watch for, and how.Elia Zaitsev, CTO of CrowdStrike, tells CSO that existing endpoint detection and response (EDR) tools already capture the kinds of behavior needed to track AI agents. They instrument operating systems like a flight data…
-
Gartner suggests Friday afternoon Copilot ban because tired users may be too lazy to check its mistakes
Admins may be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job First seen on theregister.com Jump to article: www.theregister.com/2026/03/17/gartner_copilot_security_mitigations/
-
Gartner suggests Friday afternoon Copilot ban because tired users may be too lazy to check its mistakes
Admins may be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job First seen on theregister.com Jump to article: www.theregister.com/2026/03/17/gartner_copilot_security_mitigations/
-
Simply Offensive Podcast: The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss
Tags: ai, automation, computer, corporate, cybersecurity, data, exploit, hacker, hacking, jobs, penetration-testing, skills, technology, threat, tool, update, vulnerability<div cla The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss In this episode of Simply Offensive, Philip Wylie welcomes Dan DeCloss, the founder of PlexTrac. The two veterans of the cybersecurity industry discuss their history together, the evolution of report writing, and the seismic shift AI is bringing to offensive security.…
-
Simply Offensive Podcast: The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss
Tags: ai, automation, computer, corporate, cybersecurity, data, exploit, hacker, hacking, jobs, penetration-testing, skills, technology, threat, tool, update, vulnerability<div cla The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss In this episode of Simply Offensive, Philip Wylie welcomes Dan DeCloss, the founder of PlexTrac. The two veterans of the cybersecurity industry discuss their history together, the evolution of report writing, and the seismic shift AI is bringing to offensive security.…
-
DPRK IT Worker Fraud: Hiring an Insider Threat
Nisos DPRK IT Worker Fraud: Hiring an Insider Threat Here at Nisos, we’ve spent years helping organizations understand and mitigate complex, human risk-related threats, such as insider risk, executive protection and employment fraud… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/dprk-it-worker-fraud-hiring-an-insider-threat/
-
Models Are Applying to Be the Face of AI Scams
Dozens of Telegram channels reviewed by WIRED include job listings for “AI face models.” The (mostly) women who land these gigs are likely being used to dupe victims out of their money. First seen on wired.com Jump to article: www.wired.com/story/models-are-applying-to-be-the-face-of-ai-scams/
-
Those who ‘circle back’ and ‘synergize’ also tend to be crap at their jobs
Tags: jobsCornell Uni researchers pivot to pluck low-hanging fruit to optimize bandwidth First seen on theregister.com Jump to article: www.theregister.com/2026/03/15/corporate_jargon_research/
-
‘100 Video Calls Per Day’: Models Are Applying to Be the Face of AI Scams
Dozens of Telegram channels reviewed by WIRED include job listings for “AI face models.” The (mostly) women who land these gigs are likely being used to dupe victims out of their money. First seen on wired.com Jump to article: www.wired.com/story/models-are-applying-to-be-the-face-of-ai-scams/
-
What it takes to win that CSO role
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, defense, finance, flaw, framework, google, identity, insurance, jobs, monitoring, network, resilience, risk, skills, startup, strategy, technology, threatGovern the explosion of shadow AI and establish guardrails for generative AI before it creates material data leakage.Move beyond prevention and operate as a business enabler, proving the organization can maintain a minimum viable business during a sustained outage.Address compliance burdens, such as SEC disclosure rules or the EU AI Act, not as a checklist,…