Tag Archive for: job’

Cyber security expert and Ethical Hacker needed for ongoing ID Theft, Harassment – Freelance Job in Information Security – Less than 30 hrs/week – 1 to 3 months

/in


We already have a 6k digital forensic analysis of computer, phones. We have IP addresses and likely suspects. Our problem is that 1) my identity has been stolen and so I’m easy to find in databases- think cellular providers, ISP, banks, medical patient portals, government tax, soc sec. – anything with a database. I’ve had people call up companies and insurance providers pretending to be me and changing account info. They use their computers to access my accounts to change passwords- preventing me from banking or seeing a doctor. No matter if I choose att or Verizon or T-Mobile – they find me and my Apple ID. They have gotten past 2 factor. 2) The situation has now progressed into my work life – they have put malware on my work computer. Our understanding is that this started out as a personal  resentment due to an  inheritance issue but now the hacking, stalking, harassment has been handed over to professionals. The police have known about it for 2 years – now the County DA is looking into it – but I really have my doubts as to their ability to identify and stop these people. My ISP has written me letters from their legal department offering help – they know who’s doing it but they are shocked that no one has issued a subpoena for their records. This is what my husband and I need: a multilayered surveillance cyber security system. A VPN is not going to do it – the hackers ripped that protection off the computers and phones like it was nothing. These are persistent professional hackers getting paid for specific and targeted harassment. They never take any money even though it was there for the taking. Two years of account/data breaches but NO money was taken. While we wait and hope for the county da to investigate – we also have to get on with our lives. In addition to a new comprehensive cyber security system for our home, cars, phones – we would very much be interested in any reverse engineering or ethical hacking that Identifies the owners of 5 IP addresses – these addresses are within 3 miles of our home. The other IP addresses that were discovered in the digital forensic report are Russian.

Willing to consider multiple security solutions. Communication and…

Source…

Biden selects former Army acquisition exec for DOD’s top tech job — FCW

/in


Defense

Biden selects former Army acquisition exec for DOD’s top tech job

  • By Lauren C. Williams
  • Apr 27, 2021

Heidi Shyu, the assistant secretary of the Army for Acquisition, Logistics and Technology, vists Ft. Bliss May 2015 DOD photo by Sgt. Jessica Littlejohn 

Heidi Shyu on a 2015 visit to Ft. Bliss. (DOD photo by Sgt. Jessica Littlejohn)

President Joe Biden has nominated Heidi Shyu, former assistant secretary of the Army for acquisition, logistics and technology, to lead the Defense Department’s tech investments as undersecretary for research and engineering.

Shyu chairs the board for manufacturing company Plasan North America, leads her own consulting firm and has held several executive positions at Raytheon.

As the Army’s acquisition executive, Shyu worked to streamline the Army’s program executive offices, especially around cybersecurity.

“Cyber cuts across every single one of my programs,” Shyu previously said. “It’s not stove-piped. You don’t want … Cyber Command to talk to every single PEO individually – that’s just stupid.”

The White House also nominated former Defense Department acquisition chief, Frank Kendall, to be secretary of the Air Force.

Kendall, who was most recently an independent consultant and a senior fellow for the think-tank Center for American Progress, served as DOD’s acquisition chief during the Obama administration and the deputy director of defense research and engineering for tactical warfare programs.

Previously, he was also the vice president of engineering for major defense contractor Raytheon. He also sits on the board of directors for Leidos, another major defense technology contractor.

Gina Ortiz Jones, an experienced Air Force intelligence officer and former special advisor to the Defense Intelligence Agency’s deputy director, was also nominated to be the Air Force’s number two. In addition to her military experience, Ortiz Jones was the investment director for the Committee on Foreign Investment in the United States (CFIUS) portfolio.

The White House also nominated Thomas Monheim to be the inspector general for the intelligence community. Monheim is currently acting in the role and…

Source…

Hackers are hiding malware in fake LinkedIn job offers

/in


New Delhi: Cybercriminals are hiding malware in fake LinkedIn job offers, according to a new report by security firm eSentire. The company’s threat response unit (TRU) has discovered that hackers are hiding malicious zip files in fake job offers on the professional social media platform, in a new form of spearphishing attack.

“For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs,” the company said in a blog post.

Also Read | How India’s banking model has changed

According to eSentire’s TRU, the malware installs a “sophisticated backdoor” that can provide hackers access to the victim’s computer. They sell these backdoors as a malware-as-a-service (MaaS) to other cybercriminals, who can use it to steal user data. Once the malware is on a victim’s computer, it can allow cybercriminals to install ransomware, credential stealers, banking malware, or another backdoor on the affected computer.

The malware presents a decoy Word document to the victim, which looks like an employment application but serves “no functional purpose”. It does so while hijacking legitimate Windows processes that give the malware access to the victim’s computer. “It is merely used to distract the victim from the ongoing background tasks of more_eggs,” the firm said.

Robb McLeod, senior director at the TRU, said the malware poses a “formidable threat to businesses and business professionals”. It’s not picked up by regular anti-virus software and security solutions since it uses normal Windows processes. Users are also more likely to download the malware since it’s hidden inside a job posting that they are already interested in. “It is a perfect time to take advantage of job seekers who are desperate to find employment,” the firm said. “Thus, a customised job lure is even more enticing during these troubled times,” it…

Source…

Hackers target LinkedIn users with fake job offers

/in


According to researchers, hackers are spear phishing with a malicious zip file using the job position listed on the target’s LinkedIn profile.

(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

A hacking group is spear phishing business professionals on LinkedIn with fake job offers to get remote control over the victim’s computer, according to researchers at eSentire.

Spear phishing is an email or electronics communications scam in which a victim receives an email that leads them to a fake website infected with malware. The aim of the attack is to steal data or install malware on victims’ device.

According to researchers, hackers are spear phishing with a malicious zip file using the job position listed on the target’s LinkedIn profile. For instance, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight, the malicious zip file would be titled Senior Account Executive—International Freight position.

Once a users open the fake job offer, they initiate the installation of file-less backdoor, titled ‘more_eggs’. Once loaded, the backdoor trojan can download additional malicious plugins and provide hands-on access to the victim’s computer.

Besides, it can infect the system with any type of malware including ransomware, credential stealers, banking malware, or simply use the backdoor as a foothold into the victim’s network so as to exfiltrate data.

More_eggs possess a significant threat to business as it uses normal Windows processes to run, meaning it is not going to typically be picked up by anti-virus and automated security solutions.

Cybercriminals are taking advantage of the rising unemployment rates since the COVID pandemic. Luring job seekers is more enticing in these times.

Source…