Tag: jobs

Russian-Speaking Ransomware Gangs on the Hunt for Pen Testers

Nov 26, 2024 7:10 PM

Tags: cybercrime, group, jobs, ransomware, russia

In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/russian-ransomware-gangs-hunt-pen-testers
How to recognize employment fraud before it becomes a security issue

Nov 26, 2024 8:13 AM

Tags: fraud, jobs

The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/26/employment-fraud-red-flags/
North Korean fake IT workers up the ante in targeting tech firms

Nov 25, 2024 6:51 PM

Tags: access, advisory, ai, awareness, breach, ciso, compliance, crowdstrike, crypto, cybercrime, data, deep-fake, detection, edr, email, exploit, extortion, finance, governance, government, grc, group, incident response, infrastructure, jobs, korea, north-korea, risk, scam, social-engineering, technology, theft, tool, unauthorized, usa, vpn

North Korean fake IT worker scams are evolving to incorporate theft and extortion as more examples of targeting against technology and other companies emerge.The deception typically features North Korean operatives posing as legitimate IT professionals in attempts to gain employment at Western firms, almost always for positions that offer remote working options.Once hired, these “remote…
Top challenges holding back CISOs’ agendas

Nov 25, 2024 6:51 PM

Tags: ai, attack, authentication, awareness, breach, business, ceo, cisa, ciso, compliance, control, cyberattack, cybersecurity, data, deep-fake, defense, detection, framework, grc, group, insurance, intelligence, jobs, malicious, monitoring, network, password, phishing, privacy, regulation, risk, skills, soc, social-engineering, strategy, threat, tool, training, vulnerability, zero-trust

In the past decade, every CISO knew the question awaiting them in the boardroom: Can we survive the next cyberattack? Now, as the turbulent 2024 draws to a close, the concerns have multiplied, says Don Gibson, the CISO at Kinly. Board members are often asking: Can we survive these economic times? Or are we prepared…
What the cyber community should expect from the Trump transition

Nov 25, 2024 6:51 PM

Tags: ceo, cisa, ciso, cyber, cybersecurity, defense, disinformation, election, governance, government, infrastructure, intelligence, jobs, military, technology, threat, ukraine

Donald Trump’s decisive win in this year’s presidential election promises to deliver radical changes to how the US government operates.Trump’s positions on a range of social, economic, and military issues, from immigration to human rights to the defense of Ukraine, represent significantly different postures from those of the current Biden administration and are arguably more…
17 hottest IT security certs for higher pay today

Nov 25, 2024 6:51 PM

Tags: access, ai, attack, automation, blockchain, business, ceo, cisa, ciso, cloud, communications, conference, container, control, credentials, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, fortinet, google, governance, group, guide, hacker, incident response, infosec, infrastructure, intelligence, Internet, jobs, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-management, skills, software, technology, threat, tool, training, windows

With the New Year on the horizon, many IT professionals may be looking to improve their careers in 2025 but need direction on the best way. The latest data from Foote Partners may provide helpful signposts.Analyzing more than 638 certifications as part of its 3Q 2024 “IT Skills Demand and Pay Trends Report,” Foote Partners…
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice

Nov 25, 2024 6:51 PM

Tags: access, ai, apt, attack, captcha, chatgpt, control, cyber, cybercrime, defense, detection, email, espionage, finance, github, group, infrastructure, jobs, least-privilege, malicious, malware, marketplace, microsoft, open-source, password, phishing, powershell, social-engineering, software, technology, threat, tool, ukraine, update, vulnerability, windows

Threat groups are increasingly adopting a social engineering technique dubbed ClickFix to trick users into copying malicious PowerShell code and executing it themselves. Despite requiring more user interaction to succeed, the tactic has been adopted by several threat groups in recent months, suggesting it is reasonably effective at evading detection compared to relying on automated…
Job termination scam warns staff of phony Employment Tribunal decision

Nov 25, 2024 6:51 PM

Tags: access, awareness, ciso, computer, country, cybersecurity, data, defense, detection, email, intelligence, jobs, login, malicious, malware, microsoft, phishing, scam, service, social-engineering, software, threat, training, zero-trust

Creators of phishing messages usually want to create anxiety in their targets so they’ll unwittingly download malware. And nothing gets stomachs churning more than the possibility of losing your job.One of the latest examples of this was detected by Cloudflare, which issued a report Thursday on a recent job termination phishing scam that included some…
What Talent Gap? Hiring Practices Are the Real Problem

Nov 22, 2024 9:53 PM

Tags: cybersecurity, jobs

While the need for cybersecurity talent still exists, the budget may not. Here’s how to maximize security staff despite hiring freezes. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/hiring-gap-not-talent-gap
AI hiring bias? Men with Anglo-Saxon names score lower in tech interviews

Nov 22, 2024 2:53 PM

Tags: ai, jobs

Study suggests hiding every Tom, Dick, and Harry’s personal info from HR bots First seen on theregister.com Jump to article: www.theregister.com/2024/11/21/ai_hiring_test_bias/
GAO: HHS Needs to Be a Better Leader in Health Sector Cyber

Nov 21, 2024 10:53 PM

Tags: cyber, cybersecurity, healthcare, jobs, service

Watchdog Agency Report Points to Unimplemented Cyber Recommendations. The U.S. Department of Health and Human Services needs to take important actions to do a better job of carrying out its duties as the lead federal agency responsible for strengthening cybersecurity in the healthcare and public health sector, said a new federal watch dog agency report.…
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps

Nov 21, 2024 9:53 PM

Tags: access, attack, authentication, automation, best-practice, breach, cloud, compliance, control, cyber, cybersecurity, data, defense, detection, exploit, finance, framework, group, iam, identity, infrastructure, jobs, least-privilege, microsoft, monitoring, password, ransomware, RedTeam, resilience, risk, service, strategy, tactics, threat, tool, unauthorized, update, vulnerability

A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses. Microsoft’s Active Directory (AD) is at the heart of identity and access…
5 Best Cybersecurity Certifications to Get in 2025

Nov 21, 2024 5:50 PM

Tags: access, cybersecurity, jobs, skills

Boost your career and job security with a cybersecurity certificate. Gain in-demand skills, access to high-paying roles, and protect vital information… First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/cybersecurity-certifications/
Active network of North Korean IT front companies exposed

Nov 21, 2024 3:53 PM

Tags: data-breach, jobs, network, north-korea

An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/north-korean-it-front-companies/
Red red team team: Threat actors hire pentesters to test out ransomware effectiveness

Nov 20, 2024 9:53 PM

Tags: jobs, ransomware, RedTeam, threat

First seen on scworld.com Jump to article: www.scworld.com/news/red-red-team-team-threat-actors-hire-pentesters-to-test-out-ransomware-effectiveness
North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers

Nov 20, 2024 3:54 PM

Tags: access, attack, conference, cyber, group, jobs, malware, north-korea, phishing, service

North Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps. The group, likely based in Laos, has demonstrated a sophisticated approach, infiltrating a U.S.-based SMB IT services company to gain access to sensitive information and secure a position at a major tech company. It…
Russian Ransomware Gangs on the Hunt for Pen Testers

Nov 19, 2024 11:55 PM

Tags: cybercrime, group, jobs, ransomware, russia

In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/russian-ransomware-gangs-hunt-pen-testers
North Korean Hackers Target Job Seekers with Malware-Laced Video Apps

Nov 19, 2024 5:53 AM

Tags: group, hacker, jobs, malware, north-korea, phishing

A recent report by Unit 42 researchers uncovers a complex phishing campaign linked to a cluster of North Korean IT workers tracked as CL-STA-0237. This group used malware-infected video conference... First seen on securityonline.info Jump to article: securityonline.info/north-korean-hackers-target-job-seekers-with-malware-laced-video-apps/
Channel Brief: N-able Makes Key Exec Hires to Further Channel Strategy

Nov 18, 2024 10:53 PM

Tags: jobs, strategy

First seen on scworld.com Jump to article: www.scworld.com/news/channel-brief-n-able-makes-key-exec-hires-to-further-channel-strategy
Mozilla Foundation lays off 30% staff, drops advocacy division

Nov 18, 2024 4:47 PM

Tags: browser, jobs

This is the second layoff at Mozilla this year, the first affecting dozens of staff on the side of the organization that builds the popular Firefox br… First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/05/mozilla-foundation-lays-off-30-staff-drops-advocacy-division/
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 – Nov 17)

Nov 18, 2024 1:53 PM

Tags: cybercrime, cybersecurity, exploit, flaw, jobs, ransomware, threat, tool

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative”, using everything from human trust…
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign

Nov 18, 2024 12:53 PM

Tags: jobs, malware, network, north-korea, phishing

BeaverTail malware has been used to target tech job seekers through fake recruiters, Palo Alto Networks’ Unit 42 has found First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-it-worker-beavertail/
Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform

Nov 15, 2024 2:53 PM

Tags: access, ai, cybersecurity, data, exploit, flaw, google, jobs, malicious, ml, network, risk, service, unauthorized

Cybersecurity researchers have disclosed two security flaws in Google’s Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud.”By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project,” Palo Alto…
Iranian Threat Actors Mimic North Korean Job Scam Techniques

Nov 15, 2024 12:53 AM

Tags: attack, hacker, iran, jobs, malware, north-korea, scam, tactics, threat

Tehran Baits Aerospace Sector into Downloading Malware With Fake Job Offers. Iranian state hackers are taking a page out of North Korean tactics to entice job seekers into downloading malware, with security researchers spotting a Tehran campaign directed against the aerospace industry. It’s possible that Pyongyang shared its attack methods and tools. First seen on…
Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign

Nov 14, 2024 7:53 PM

Tags: hacker, iran, jobs

Iran-linked Charming Kitten hackers have been running a ‘dream job’ campaign targeting the aerospace industry with the SnailResin malware. The post Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/iranian-hackers-target-aerospace-industry-in-dream-job-campaign/
Iranian Threat Group Targets Aerospace Workers With Fake Job Lures

Nov 14, 2024 5:53 PM

Tags: group, iran, jobs, threat

First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36594/Iranian-Threat-Group-Targets-Aerospace-Workers-With-Fake-Job-Lures.html
Iran-linked group aims malware at aerospace industry through fake job recruiters

Nov 14, 2024 3:53 PM

Tags: group, iran, jobs, malware

First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-aerospace-espionage-malware-fake-recruiters
Lazarus Group Targets macOS with RustyAttr Trojan in Fake Job PDFs

Nov 14, 2024 2:53 PM

Tags: group, jobs, lazarus, macOS, malicious

Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on… First seen on hackread.com Jump to article: hackread.com/lazarus-group-macos-rustyattr-trojan-fake-job-pdfs/
Unused AWS services lead to unexpected costs. Here’s how to turn them off

Nov 14, 2024 11:53 AM

Tags: cloud, jobs, service

In a company, who owns the cloud? It’s not always clear. Maybe a better question is: who is responsible for the cloud’s cost? That answer is always the head of Operations. This person could be titled as ‘DevOps,’ or running a ‘Platform’ team the title doesn’t matter. This is the person whose job it… First…
Asda security chief replaced, retailer sheds jobs during Walmart tech divorce

Nov 14, 2024 10:53 AM

Tags: jobs, office

British grocer’s workers called back to office as clock ticks for contractors First seen on theregister.com Jump to article: www.theregister.com/2024/11/14/senior_tech_departure_asda/