Talent acquisition is a planned process of identifying, assessing, and acquiring new employees. It starts with the intent to hire the best-performing resource in the industry. It is a carefully curated technique to fetch the best talent for organizational growth. And unlike general recruitment, it focuses more on quality over quantity. Lately we have seen the growth of personnel being hired online, from the process of selecting the employees to the interview are all managed and processed online.

For the education sector, data security ranges from the need to protect devices to safeguarding the sensitive information and privacy of its users, including students, their parents, and the institution's staff. Taking into account the current context in which educational centers operate, which involves combining remote learning and in-person teaching, as well as the use of personal devices, we analyze the most common cybersecurity threats affecting the sector.

The public sector consists of organizations owned and operated by the government. It provides services deemed necessary for society’s welfare. Most services offered through the public sector are typically for free or at a reduced cost. The public sector does not include organizations that are voluntary or private.

You’ve probably watched at least one movie or TV show where a hacker sneaks into someone’s house, finds a computer, and then guesses the password on the first try. They then declare, “I’m in!” before downloading reams of sensitive data.

In Part 1 of this four-part blog series examining wiper malware, the CrowdStrike Endpoint Protection Content Research Team introduced the topic of wipers, reviewed their recent history and presented common adversary techniques that leverage wipers to destroy system data. In Part 2, the team dove into third-party drivers and how they may be used to destroy system data.

On Friday, September 23, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.

As all software publishers are concerned about their code integrity and reputation, they select the best code signing certificate provider. Still, some search for the free code signing certificate. Now, you must be thinking, is there anything like a free code sign certificate. And, if it is, then from where you can avail of it. Code Signing Certificate is an integral part of executable files. And mainly, a publisher purchases it from an authorized vendor and provider.

2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In 2021, the US Federal Bureau of Investigation received 3,729 complaints identified as ransomware.

LockBit (a.k.a. ABCD) emerged in September 2019 and became one of the most relevant RaaS (Ransomware-as-a-Service) groups among others like REvil, BlackMatter, Night Sky, Maze, Conti and Netwalker. The group targets many organizations around the world with a double-extortion scheme, where the attackers steal sensitive data and threaten to leak everything if the ransom is not paid.

On September 12, the FBI released a private industry notification entitled “Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities.” The notification underscores how a growing number of vulnerabilities in medical devices and Internet of Medical Things (IoMT) assets can be exploited by threat actors to “impact healthcare facilities’ operational functions, patient safety, data confidentiality and data integrity.”