“This is the first in an annual report that looks at the candidate’s view of acquisition and retention. Where do candidates look for IT jobs, what makes them apply, why do they leave and why do they stay? Talent acquisition is often viewed from the recruiters perspective, but it can be revealing to view it from the other side of the table - the candidate - and analyse the differences. For example, in-house recruiters invest much in social media, listing it in 3rd place for the amount of time and money they spend. Yet it’s not the first port of call for IT candidates. As Chart I shows, few respond to IT jobs on Facebook or Twitter.”

This is our 2nd annual survey of the IT recruitment landscape. A lot has changed in the last 12 months. Social media and job boards are evolving and there seems to be fresh challenges in talent acquisition. This year Curo Talent® decided to look at how the views of hiring managers compared to the outlook of executives in the recruitment department. Naturally, there was a difference of opinion on some issues.

“In our 2nd annual survey of IT candidates, Curo Talent® decided to look at how the views of in-house recruiters compared to the outlook of IT candidates. Naturally, there was a difference of opinion on many issues.”

From the report, “The survey results show that companies should ensure their online interactions with customers are aligned around three key principles: trust, consent, and education.” Read on to understand more.

To provide insight into some of the top trends in health IT, the Center for Connected Medicine partnered with The Health Management Academy to survey C-suite health system executives on health IT priorities for 2018. The quantitative and qualitative surveys focused on five areas: Cybersecurity, Consumer-Facing Technology, Virtual Care, Artificial Intelligence, and Predictive Analytics.

From the Report, “Through analysis of billions of anonymized cloud events across a broad set of enterprise organizations*, we can determine the current state of how the cloud is truly being used, and where our risk lies. Consider that nearly a quarter of data in the cloud is sensitive, and that sharing of sensitive data in the cloud has increased 53% year-over-year. If we don’t appropriately control access and protect our data from threats, we put our enterprises at risk.”

Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. This report details the activities from a group they named Lazarus, their tools, and the techniques they use to infiltrate computer networks. The Lazarus group is tied to the 2014 attack on Sony Pictures Entertainment and the 2013 DarkSeoul attacks. This recently identified activity is targeting Korean speaking individuals, while the threat actors behind the attack likely speak both Korean and English. This blog will detail the recently discovered samples, their functionality, and their ties to the threat group behind Operation Blockbuster.

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware, including 11 new, unreported applications. We also discovered and analyzed live, misconfigured malicious command and control servers (C2), from which we were able to identify how the attacker gets new, infected apps to secretly install and the types of activities they are monitoring. In addition, we uncovered the IMEIs of the targeted individuals (IMEIs will not be shared publicly for the privacy and safety of the victims) as well as the types of exfiltrated content.

This blog post discusses how WannaCry is a pet project of the Lazarus group.

This post regards the following event - “Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ command and control server. In addition, the compromised devices were pushed Trojan updates, which allowed the attackers to extend their capabilities. The operation remains active at the time of writing this post, with attacks reported as recently as February 2017.”

CopyKittens is a cyberespionage group that has been operating since at least 2013. In November 2015, ClearSky and Minerva Labs published1 the first public report exposing its activity. In March 2017, ClearSky published a second report2 exposing further incidents, some of which impacted the German Bundestag. In this report, Trend Micro and ClearSky expose a vast espionage apparatus spanning the entire time the group has been active. It includes recent incidents as well as older ones that have not been publicly reported; new malware; exploitation, delivery and command and control infrastructure; and the group’s modus operandi. We dubbed this activity Operation Wilted Tulip

Iranian cyber espionage against human rights activists, academic researchers and media outlets -and the HBO hacker connection

This report is a transcript of written Testimony provided to the House Comittee on Oversight and Government Reform, Subcomittee on Information Technology, by Sarah Cook Senior Research analyst for East Asia and China Media Bulletin Director.

This report posits that “A dedicated staff with a clear mission helps retain and engage a cybersecurity workforce.” Read the report to learn more.

“To take a look at the cybersecurity health of financial institutions, this September, SecurityScorecard analyzed 2,924 financial institutions in the SecurityScorecard platform to find existing vulnerabilities within banks, investment firms, and other financial firms to determine the cybersecurity performance of the financial sector, especially as compared to other industries. Our team also analyzed the cybersecurity posture of the Top 20 highest performing FDIC-insured banks to understand what security factors pose risks to these financial institutions.”

This report focuses on key metrics from the following verticals: 1) Education 2) Finance & Finance-related Businesses 3) Technology 4) Healthcare Additional data is provided that focuses on company size. In the following pages, we present specific data showing the types of attacks attempted on these networks and other key findings that we believe are of interest.

This report offers an analysis into current trends in vulnerability risk management. It examines the attributes of security vulnerabilities viewed through a variety of lenses: Attributes of vulnerabilities published since 2002 versus those only recently published, Attributes of all vulnerabilities published in the National Vulnerability Database (NVD) in contrast with only those uploaded into our platform by our clients, Vulnerabilities broken down by industry vertical, CVSS score, product vendor and active exploitation in the wild.

The purpose of this research, sponsored by Lookout, is to understand the value of the data we access and store on our mobile devices and if we are doing enough to protect that data.

This is the fourth annual presentation of the cybercrim threat landscape by Europol’s European Cybercrime Centre.

With unique and specialized analysis, this paper discusses Nigerian cyber crime actors, their growth, collaboration, and the direction they are headed.

This guide offers help for surviving ransomware attacks.