We're #hiring a new Security Programmer (Genetec) in Belton, Texas. Apply today or share this post with your network.
HireSparks AV Recruiting’s Post
More Relevant Posts
-
Check out the latest blog Beyviel David and I put together for SIXGEN covering all of the #cybersecurity and #pentesting news, techniques, write-ups, and tools released from 08/12-08/19. SIXGEN is also actively hiring Junior Pentesters, Pentesters, Red Team Operators, and Senior Webapp Pentesters so apply if you're interested! Highlights: - Troy Hunt wrote an article digging into the "3 Billion People" National Public Data Breach - James Kettle of PortSwigger released a primer on novel web timing attacks including methodology, real-world case studies, open-source tools and even a mini CTF. - Outflank's Cedric Van Bockhaven wrote a post about how the MSC file format can be used for initial access or lateral movement - Quentin Roland of Synacktiv wrote a post introducing a tool called SCCMSecrets.py that aims to provide a comprehensive approach regarding SCCM policies exploitation - Oddvar Moe of TrustedSec details using a Universal Data Link Configuration (UDL) file for phishing - And many more tools, techniques, and write-ups! https://lnkd.in/gSi7WXvG
To view or add a comment, sign in
-
Innovative Transformational Leader | Multi-Industry Experience | AI & SaaS Expert | Generative AI | DevOps, AIOps, SRE & Cloud Technologies | Experienced Writer | Essayist | Digital Content Creator | Author
Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] oracle cloud) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past couple weeks. This post covers 2024-07-29 to 2024-08-12. News Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails - An unknown threat actor exploited a flaw in Proofpoint's email routing to send millions of spoofed phishing emails impersonating popular companies. The campaign, named EchoSpoofing, used SPF and DKIM signatures to bypass security protections. The attacker sent messages from SMTP servers on VPS, complying with authentication measures to imitate legitimate domains. Proofpoint addressed the issue by providing corrective instructions to customers and urging VPS providers and email service providers to limit spamming capabilities. The campaign was not attributed to any known threat actor, and no customer data was exposed. Improving the security of Chrome cookies on Windows - This new App-Bound Encryption feature aims to protect users from malware that steals sensitive data by encrypting data tied to app identity, making it more difficult for attackers to access. Enterprises with roaming profiles may need to adjust their configurations to support this new protection. Don’t Let Your Domain Name Become a “Sitting Duck” - Researchers have found that over a million domain names are vulnerable to cybercriminals due to authentication weaknesses at web hosting providers and registrars. This vulnerability allows cybercriminals to take over domains and use them for malicious activities like sending spam and phishing emails. This issue has been ongoing for years and still persists, with security experts urging for stricter verification measures to prevent domain takeovers. Multiple large hosting and DNS providers are still susceptible to this authentication weakness, leaving domains at risk of being hijacked for malicious purposes. Microsoft need to be transparent about customer impacting DDoS attacks - Microsoft has been experiencing customer impacting DDoS attacks that are causing network outages for Azure and Microsoft 365. Despite these incidents, Microsoft has not been transparent about what is happening. After being called out by the Associated Press, Microsoft released a blog po...
Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] oracle cloud) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engine...
sixgen.io
To view or add a comment, sign in
-
Innovative Transformational Leader | Multi-Industry Experience | AI & SaaS Expert | Generative AI | DevOps, AIOps, SRE & Cloud Technologies | Experienced Writer | Essayist | Digital Content Creator | Author
Last Week in Security - 2024-08-20 by Rusty Robison via SIXGEN ([Global] Security Breach) URL: https://ift.tt/xWVhc6r We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past week. This post covers 2024-08-12 to 2024-08-19. News Six 0-Days Lead Microsoft’s August 2024 Patch Push - Microsoft released updates to fix 90 security vulnerabilities, including six zero-day flaws actively exploited by attackers. The flaws include local privilege escalation vulnerabilities and remote code execution flaws. One vulnerability allows malware to bypass security features in Windows. It is recommended for Windows users to install security updates promptly and back up data before updating. The updates primarily focus on Windows components, Office products, and Azure services, but do not specifically target Group Policy or Intune. Inside the "3 Billion People" National Public Data Breach - Troy Hunt discusses a major data breach involving National Public Data, a data aggregator, where a threat actor has published personal information of billions of people. The breach includes names, addresses, social security numbers, and other personal details. Multiple parties had access to the data before it was leaked, and legal action has been taken against National Public Data. The data has been circulating on the dark web, and there are questions about its legitimacy and origin. Hunt decided to include the breach in his "Have I Been Pwned" database as an unverified breach to inform those affected. Threat Intel and Defense EastWind Campaign: New CloudSorcerer attacks on government organizations in Russia - The EastWind campaign targeted Russian government organizations and IT companies using phishing emails with malicious attachments to deliver malware such as CloudSorcerer, APT31, and APT27 tools. The attackers used Dropbox and social media sites as Command and Control servers, and also deployed a new implant named PlugY. Ransomware attackers introduce new EDR killer to their arsenal - Sophos analysts discovered a new EDR-killing utility called EDRKillShifter being used by ransomware attackers targeting an organization with RansomHub ransomware. The tool failed to disable Sophos protection, but the attackers attempted to run the ransomware, which also failed due to CryptoGuard. EDRKillShifter works by executing...
Last Week in Security - 2024-08-20 by Rusty Robison via SIXGEN ([Global] Security Breach) URL: https://ift.tt/xWVhc6r We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Eng...
sixgen.io
To view or add a comment, sign in
-
Thank you Sean Jackson for this video! Thank you for taking the time. I'm now a fan. Because of this video, I found Podium - a company I had never heard of before. Hiring managers, please take a page out of Sean's playbook here. No doubt you can make better hires by putting a little skin in the game. Seeing something like this is the brass tax of what recruiters who've actually spoken to the hiring manager are qualifying candidates on. I don't even like working a role unless I've had a chance to speak to the actual decision maker to learn "exactly" what they need. Job descriptions are great, but you can see how much better the hiring process could be if it were "simply" hiring manager needs this, candidates, make your case, and go from there. This is why a referral network is so valuable! It's why most companies lean on the existing team to throw out names of people they've worked with in the past, get those referral bonuses, and try to bring in as many of those amazing people you've worked with. Somewhere along the way, we decided that being prescriptive and fitting inside a box was better/safer, so added all these extra layers, slow things down, and make things harder for everyone. Most of us just want good work - being a part of something, doing something meaningful, making an impact, etc. #wecandobetter #hiring #hiringmanagerswhocare
With 13+ years in information security, I’ve mastered roles from niche specializations to leadership. I'm now seeking a leadership role or board seat to drive secure, business-aligned strategies. **open to relocation**
We've had this position (Application Security Engineer) open for a minute, and it's still open. Let me pull the curtain back and tell you exactly what we want. If you are coding and you have an interest in security, maybe you've been the security champion, or maybe you trained the team on how to write more secure code......we want to talk to you. Coding 51%, Security 49%. Or the other way around. https://lnkd.in/grh9Uivb
To view or add a comment, sign in
-
We are #hiring Red Teamer in our team. Like breaking things? Passionate about finding vulnerabilities in latest and greatest? Do apply with the link below: https://lnkd.in/eZWDQBpz #redteam #hiring #penetrationtesting #pentesting
Senior Engineer, Information Security Red Team in Atlanta, Georgia | Intercontinental Exchange Holdings, Inc.
careers.ice.com
To view or add a comment, sign in
-
Innovative Transformational Leader | Multi-Industry Experience | AI & SaaS Expert | Generative AI | DevOps, AIOps, SRE & Cloud Technologies | Experienced Writer | Essayist | Digital Content Creator | Author
Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] Virtual Desktop Infrastructure) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past couple weeks. This post covers 2024-07-29 to 2024-08-12. News Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails - An unknown threat actor exploited a flaw in Proofpoint's email routing to send millions of spoofed phishing emails impersonating popular companies. The campaign, named EchoSpoofing, used SPF and DKIM signatures to bypass security protections. The attacker sent messages from SMTP servers on VPS, complying with authentication measures to imitate legitimate domains. Proofpoint addressed the issue by providing corrective instructions to customers and urging VPS providers and email service providers to limit spamming capabilities. The campaign was not attributed to any known threat actor, and no customer data was exposed. Improving the security of Chrome cookies on Windows - This new App-Bound Encryption feature aims to protect users from malware that steals sensitive data by encrypting data tied to app identity, making it more difficult for attackers to access. Enterprises with roaming profiles may need to adjust their configurations to support this new protection. Don’t Let Your Domain Name Become a “Sitting Duck” - Researchers have found that over a million domain names are vulnerable to cybercriminals due to authentication weaknesses at web hosting providers and registrars. This vulnerability allows cybercriminals to take over domains and use them for malicious activities like sending spam and phishing emails. This issue has been ongoing for years and still persists, with security experts urging for stricter verification measures to prevent domain takeovers. Multiple large hosting and DNS providers are still susceptible to this authentication weakness, leaving domains at risk of being hijacked for malicious purposes. Microsoft need to be transparent about customer impacting DDoS attacks - Microsoft has been experiencing customer impacting DDoS attacks that are causing network outages for Azure and Microsoft 365. Despite these incidents, Microsoft has not been transparent about what is happening. After being called out by the Associated Press, Microsoft ...
Last Week in Security - 2024-08-12 by Rusty Robison via SIXGEN ([Global] Virtual Desktop Infrastructure) URL: https://ift.tt/4ujbnSL We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Syste...
sixgen.io
To view or add a comment, sign in
-
modePUSH is hiring a remote Director, Forensics and Incident Response #modePUSH #remotework #remotejob #workfromhome #IncidentResponse #DigitalForensics #WindowsOS #CloudNative #Network #OSFundamentals #Forensics #TeamBuilding #WrittenAndVerbalCommunication #ProjectManagement #Okta #Windows #MacOS #IncidentResponseManager #IncidentResponseAnalyst #DirectorOfSecurity
Director, Forensics and Incident Response Job at modePUSH | Himalayas
himalayas.app
To view or add a comment, sign in
-
Innovative Transformational Leader | Multi-Industry Experience | AI & SaaS Expert | Generative AI | DevOps, AIOps, SRE & Cloud Technologies | Experienced Writer | Essayist | Digital Content Creator | Author
Last Week in Security - 2024-08-20 by Rusty Robison via SIXGEN ([Global] Data Breach) URL: https://ift.tt/xWVhc6r We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Engineer, Cyber Operator Developer Analyst (CODA), Senior Data Analyst and Earned Value Management Specialist. Virginia Applicants: Available opportunities: Land and Expeditionary Warfare Specialist, Cyber Warfare Threat Analyst, and Cyber Network Operator. For more open positions visit: https://lnkd.in/dsjBaCpM Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools, and exploits from the past week. This post covers 2024-08-12 to 2024-08-19. News Six 0-Days Lead Microsoft’s August 2024 Patch Push - Microsoft released updates to fix 90 security vulnerabilities, including six zero-day flaws actively exploited by attackers. The flaws include local privilege escalation vulnerabilities and remote code execution flaws. One vulnerability allows malware to bypass security features in Windows. It is recommended for Windows users to install security updates promptly and back up data before updating. The updates primarily focus on Windows components, Office products, and Azure services, but do not specifically target Group Policy or Intune. Inside the "3 Billion People" National Public Data Breach - Troy Hunt discusses a major data breach involving National Public Data, a data aggregator, where a threat actor has published personal information of billions of people. The breach includes names, addresses, social security numbers, and other personal details. Multiple parties had access to the data before it was leaked, and legal action has been taken against National Public Data. The data has been circulating on the dark web, and there are questions about its legitimacy and origin. Hunt decided to include the breach in his "Have I Been Pwned" database as an unverified breach to inform those affected. Threat Intel and Defense EastWind Campaign: New CloudSorcerer attacks on government organizations in Russia - The EastWind campaign targeted Russian government organizations and IT companies using phishing emails with malicious attachments to deliver malware such as CloudSorcerer, APT31, and APT27 tools. The attackers used Dropbox and social media sites as Command and Control servers, and also deployed a new implant named PlugY. Ransomware attackers introduce new EDR killer to their arsenal - Sophos analysts discovered a new EDR-killing utility called EDRKillShifter being used by ransomware attackers targeting an organization with RansomHub ransomware. The tool failed to disable Sophos protection, but the attackers attempted to run the ransomware, which also failed due to CryptoGuard. EDRKillShifter works by executing wit...
Last Week in Security - 2024-08-20 by Rusty Robison via SIXGEN ([Global] Data Breach) URL: https://ift.tt/xWVhc6r We're Hiring! Immediate Open Positions: Maryland Applicants: We have openings for a Technical Writer, Red Team Operator, Red Team Operator Infrastructure Engineer, Red Team Operator Tool Developer, Systems Engineer, HPC Software Engineer, Information Systems Security Enginee...
sixgen.io
To view or add a comment, sign in
-
Check out the latest blog Beyviel David and I put together for SIXGEN covering all of the #cybersecurity, #threatintel, and #pentesting news, techniques, write-ups, and tools released from 09/09-09/16. Highlights: - Fake recruiters are targeting devs with malicious python packages - Cybersecurity and Infrastructure Security Agency released a Fiscal Year 2023 Risk and Vulnerability Assessments report - Benjamin Harris and Aliz Hammond at watchTowr detail how they used $20 to achieve RCE and become the admins of the .mobi TLD. - Pen Test Partners' Ceri Coburn wrote a blog and released a tool on editing Group Policy Objects (GPO) from a non domain-joined machine. - James H. wrote about decrypting and replaying VPN cookies and released a tool to that decrypts GlobalProtect configuration and cookie files. - John Hammond released a PoC to recreate a recently seen reCAPTCHA phishing lure. - And many more tools, techniques, and write-ups! https://lnkd.in/gj2P4e86
Last Week in Security - 2024-09-16
sixgen.io
To view or add a comment, sign in
17,778 followers