Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Recruitment fraud: h ...

 Tips

Fake jobs have been around for centuries. Even Sherlock Holmes himself encountered them in Arthur Conan Doyles The Red-Headed League. Real fraudsters are every bit as sophisticated as literary characters, so any job offer you may get should be analyzed carefully to prevent you losing money. The internet, social   show more ...

networks, cryptocurrencies and, of late, the upsurge in remote working — all of that gives crooks the tools they need to get up to no-good with recruitment fraud. In this article, well list the most common fraud schemes out there and the tell-tale signs to look out for to avoid job scams. The principal schemes of deception Scammers often try to mimic legitimate labor market players. Offers may come from job search sites (CareerBuilder, Headhunter, etc.), social networks (LinkedIn), or email. Interviews via Zoom or Teams, filling out forms on an employers site, a first day at work at Slack or Bitrix24 may at first seem convincing – and not unlike an honest job. Sometimes you even get hired by big brands! But sooner or later, more than the work hours and work experience will be required from you. Paid training If a job involves using a specific application or tool, you may be required to pay for and take a mandatory training course before you start and be sent a link to it. The employer may even give assurances to reimburse that money with your first paycheck, but actually your relationship will end as soon as you complete the training. To be convincing, the training platform may look independent and unrelated to a particular employer, but its all part of the same scheme. The need to invest your own money in training is a huge red flag. An honest employer would warn about required critical skills and supporting certifications before hiring, and simply wont hire you if you dont have the right qualifications. Certifications and preparation for them A variation of the previous scheme fakes an intermediary hiring for a real, honest job. If the job requires specific certification or a mandatory entrance test, the scammers guarantee employment for a specific job after you take their training courses. You pay for the training, and you may even learn something, but you get no help in finding a job and no guarantees afterward. This scheme is especially popular in the U.S.A. for government jobs. Help finding employment Another popular scheme is creating a plausible-looking recruitment agency that finds people who really are looking for work and promises to find them the ideal employer in a short period of time — charging a fixed amount of money to do so. They sometimes come back with a specific attractive job and ask to pay for just one little thing — to tell you the name of the hiring company. It doesnt even make sense to go into the details of the offer. The specifics of the recruitment market are such that its always the employer who pays for the search, not the employee. If the recruiter is asking an applicant for money, its most likely a scam. Purchasing tools, consumables, etc. Youre told that youve been hired for a job. But in order to do it, you need a specific tool, machine, or just a separate office laptop. You have to buy it from a certain site, and the money will be reimbursed in your first paycheck. Of course, if you fall for this trick, youll be getting neither a laptop nor a paycheck. A more elaborate scheme is possible. Recently on LinkedIn, a marketing specialist told a story about how, after a convincing job recruitment process — with the respective online interviews, an online meeting with an HR professional, and even receiving access to a paid training course at the new job — he was assigned to do market research on the crypto market, which first required buying Bitcoin from a particular online exchange. When he suspected something was amiss, he was told to take a break, and in the meantime, to pick out a work laptop. After seeing a document about paying for the laptop with his own money, the author was finally convinced that he was dealing with scammers. Sending merchandise You may also be offered a simple work-at-home job where you receive goods, check them out, and mail them back. Its often necessary to remove some of the packaging and various accompanying documents. In this scheme, victims are used as cogs in another scam — the resale of illegally purchased goods paid for with stolen credit cards, for example. At the end of the month, the employee doesnt get any payment, and the packages stop coming, too. And down the line, the police may show up on your doorstep, because the delivery address is one of the main threads in the investigation of fraudulent purchases. Resale of goods You may not be offered a job, but instead participation in a small business! Youll buy expensive electronics or other popular items at half price, and then you can sell them at full price. Its really simple here. After the first purchase (with an advance payment, of course) you either get nothing, or you get really cheap knockoffs. Common phishing Sometimes the hiring process is simply used to trick you into giving out your personal data, which may then be used in other fraudulent schemes. Here, after an interview, youre told that youve been hired and are sent a standard employment form. It asks for detailed personal information, including your home address, contact information, social security numbers or VAT ID, and bank information to send you your salary. After submitting this form, youll never see or hear from your employer again. How to spot job scammers Honest employers dont ask workers for money This is the fundamental and most important rule. No matter what the payment is called — prepayment for equipment, training fees, purchase of certification materials, a registration fee, or security deposit — the requirement to invest your own money is the biggest, clearest sign that youre being hired by fraudsters. Honest employers are rather demanding If you landed a relatively challenging and high-paying job at your first interview, theres reason to think twice. Extremely tight hiring and onboarding deadlines are also suspicious. And its just as strange if a good job doesnt have significant requirements for the applicants seniority, experience, and qualifications. Scammers can leech off famous brands Maybe a recruiting or consulting company is hiring you to work for a large, prestigious company, or even a government department. This does happen, but its important to check that the recruiters actually work at the company and that at least one interview involves employees of the company itself. Its worth checking out the reputation of the employer and recruiter. You can search the internet for a combination of recruiter name + scammer or employer company + recruitment fraud or recruiting company name + reviews. It also makes sense to check the jobs section of the brands website. Is the job you are offered there? Scammers actively use phishing Our usual anti-phishing tips can help you recognize a situation where a job questionnaire or the job ad itself is posted on a fraudulent site mimicking an official brand site. Its not uncommon for fake HR employees to correspond from accounts resembling corporate addresses, but which are actually hosted on phishing domains or free e-mail like Gmail. Of course, its hard to constantly be on the alert and check links and addresses, especially when youre already getting dizzy about this dream job. Thats why you should delegate the task of tracking phishing links to a specially tailored tool that will warn you if youre trying to follow a malicious link, and block it. How did the employer find out about you? The answer to this question is also important, as an attractive and unexpected job offer received when youre not searching for one is in itself suspicious. If youre really looking for work and put your resume and contact information on job sites, scammers may be knocking on your door alongside honest employers. Be on your guard. Dont give out personal information in advance The employment contract is usually signed on your first day at work. If youre asked for detailed smidgen personal information in advance, including bank details, you are better off simply not  giving it. Consult someone you trust Show the vacancy and the recruiters correspondence to someone you trust. They might notice something youve missed. A second opinion is always useful — even if theres just the tiniest smidgen of doubt in your mind. Try to double-check your future employer Perhaps you know someone already working for the employing company. Ask about the company and talk to the people there youre friendly with. If they dont know your recruiter, or if the company isnt hiring at all for the position youre being asked to interview for, you need to double down on your vigilance. This last piece of advice is extremely important because scammers are constantly improving their techniques. You may come across a convincingly described vacancy on a well-known job-search site, get through three rounds of interviews, and still end up with a scam job. Therefore, vigilance, common sense and checking through personal contacts is the most reliable way to protect yourself from any unpleasant surprises.

 Security Tips and Advice

The European Union Agency for Cybersecurity (ENISA) has made available Awareness Raising in a Box (AR-in-a-BOX), a “do it yourself” toolbox to help organizations in their quest to create and implement a custom security awareness-raising program.

 Malware and Vulnerabilities

Authors of the BlackRock and ERMAC Android banking trojans released yet another malware known as Hook. It has been equipped with remote access tooling capabilities. A swathe of financial apps that the malware targeted concerns users in the U.S., Poland, Spain, Australia, Canada, Turkey, the U.K., France, Italy, and Portugal.

 Identity Theft, Fraud, Scams

According to researchers at Avanan, in this attack, hackers hide malicious content inside “blank images”, creating automatic redirects that bypass VirusTotal and other anti-malware checks.

 Trends, Reports, Analysis

Hackers are now spreading malware using Microsoft OneNote attachments in phishing emails, infecting victims using remote access malware that can be used to install additional malware, steal passwords, or even cryptocurrency wallets.

 Security Tips and Advice

The document released by the UK's National Cyber Security Centre, Cyber Threat Report: UK Charity Sector, outlines the main threats to the sector and explains how organizations can enhance their cyber-resilience.

 Malware and Vulnerabilities

Roaming Mantis malicious campaigns got a makeover with a DNS changer function, reported Kaspersky. Using this feature, adversaries can illegally manage all communications from devices via compromised Wi-Fi routers. According to the number of malicious APK downloads, in the first half of December, the most   show more ...

affected region was Japan (24,645), followed by Austria (7,354), France (7,246), Germany (5,827), South Korea (508), Turkey (381), Malaysia (154), and India (28).

 Companies to Watch

Vanta has acquired Trustpage to transform trust into a marketable advantage for companies globally. With the addition of Trustpage, it is accelerating its product innovation and continuing to scale its industry-defining trust management platform.

 Trends, Reports, Analysis

KELA spotted 2,800 ransomware and extortion attack victims last year, which were listed on nearly 60 different platforms. Moreover, LockBit, BlackCat, Conti, Black Basta, and Hive accounted for 50% of victims. The U.S. was the most affected at 40%, followed by the U.K, Germany, Canada, and France. Despite ongoing   show more ...

efforts by governments to combat ransomware, it is expected to remain a major threat to businesses and governments worldwide in 2023.

 Malware and Vulnerabilities

Following the leak of the source code of the CrySIS/Dharma ransomware family, cybercriminals worldwide continue to spin variants of it and deliver them via phishing attacks masked as genuine software. To gain access to the victim’s machine, CrySIS/Dharma operators abuse exposed RDP servers and also attempt to infiltrate via phishing techniques.

 Govt., Critical Infrastructure

On Thursday, Ukraine signed an agreement to join the Estonia-based NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Before it is official, all of CCDCOE’s members will have to sign this agreement.

 Malware and Vulnerabilities

Album Stealer is disguised as a photo album that drops decoy adult images while performing malicious activity in the background. It uses a side-loading technique that uses legitimate apps to execute malicious DLLs to avoid detection.

 Malware and Vulnerabilities

A new Android malware, named Gigabud, was found impersonating government agencies, financial institutions, and other organizations from Thailand, Peru, and the Philippines to harvest user banking credentials. Gigabud leverages a server-side verification process to ensure that the mobile number entered during   show more ...

registration is legitimate. Experts suspect that the malware operator will continue to expand its targets and capabilities with new variants in the near future as well.

 Security Culture

An international counter-ransomware task force first announced at a White House event in November officially commenced operations on Monday, according to the Australian government which is the inaugural chair of the group.

 Feed

Ubuntu Security Notice 5818-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

 Feed

Red Hat Security Advisory 2023-0291-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Ubuntu Security Notice 5817-1 - Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service.

 Feed

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

 Feed

Red Hat Security Advisory 2023-0281-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

ERPGo is a software as a service (SaaS) platform that is vulnerable to CSV injection attacks. This type of attack occurs when an attacker is able to manipulate the data that is imported or exported in a CSV file, in order to execute malicious code or gain unauthorized access to sensitive information. This   show more ...

vulnerability can be exploited by an attacker by injecting specially crafted data into a CSV file, which is then imported into the ERPGo system. This can potentially allow the attacker to gain access to sensitive information, such as login credentials or financial data, or to execute malicious code on the system.

 Feed

Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster   show more ...

discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.

 Feed

Red Hat Security Advisory 2023-0280-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Red Hat Security Advisory 2023-0284-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Red Hat Security Advisory 2023-0282-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Red Hat Security Advisory 2023-0287-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Red Hat Security Advisory 2023-0292-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

 Feed

Red Hat Security Advisory 2023-0283-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 Feed

Red Hat Security Advisory 2023-0285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

 Feed

Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

 Feed

Red Hat Security Advisory 2023-0195-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

 Feed

Red Hat Security Advisory 2023-0296-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

 Feed

Whitepaper called DensePose From WiFi. It discusses how scientists from Carnegie Mellon University have figured out how to map a human's 3D form by using two wifi routers.

 Feed

Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices.  "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views," fraud prevention firm

 Feed

The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation

 Feed

Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung

 Feed

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access.  The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures

 Data loss

The important thing to realise about the most recently-reported data breach at email newsletter service Mailchimp is that it’s not just Mailchimp’s customer data that was put at risk. Even if you’re not personally a customer of Mailchimp, even if you’ve never even heard of Mailchimp, you may be affected.

 Feed only

Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support! You know the old thought experiment about the AI designed to make paper clips, that quickly decides that in order to maximize paper clips, it will have to get rid of all the … Continue reading "Kolide – Endpoint security for people, not paper clips"

 Data loss

Imagine you're an immigrant, who has fled your home country for the United States due to fear of being persecuted and tortured. What you definitely do not want is the agency handling your asylum request being careless with your personal information - and potentially putting your life and that of loved ones at risk. Read more in my article on the Hot for Security blog.

2023-01
Aggregator history
Monday, January 23
SUN
MON
TUE
WED
THU
FRI
SAT
JanuaryFebruaryMarch