Honestly I can see this being the worlk of someone who had to deal with one of those stupid fucking online interview code tests which require crazy screen monitoring permissions. What a better way to kill off that trend entirely than to make the very practice an active cyber-security risk?
this post was submitted on 29 Apr 2024
87 points (98.9% liked)
Cybersecurity
5385 readers
157 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
Accelerationism is a very difficult thing to defend, though mostly because the evil shits of the world will keep pushing once most people wake up to how shitty everything is. Helping them to make things shitty is quite directly only helping shitheads further their goals.
My company has a strict policy against take home coding challenges. If we want to see you code, we'll do the challenge live, open book (just tell us what you're looking up).
Bad candidates cheat on those tests, and good candidates don't have the patience, so they're worthless. If you're applying for a job and they have a take home coding challenge, your time is probably better spent elsewhere.
Shit like that would run in a VM. At 640x480 in 16 colors with the max font size and cursor trails.
They don't say who was targeted, but I bet this is a backdoor way to infiltrate specific projects. So if they have a list of 163 projects they see a benefit in gaining some sort of access to, they then compile a target list from the relevant developers/contributors to all of those projects, and go from there.
This isn't the type of campaign that can be spammed to anyone and everyone both due to logistics and to minimize exposure of the tools being used.
Job finding is getting abstract to this point. Imagine to having an interview only to get a RAT.
A lot of tech people are getting laid off and looking for jobs. This makes them susceptible to social engineering efforts like this.
In the last two weeks I've been getting multiple unsolicited text messages saying they have reviewed my resume and have a job that would be perfect. Of course, there's a link to follow.
If I sent someone a message like that, if they DID click on it, that would be an automatic disqualification on grounds of infosec dumbassery.
Be careful out there.
Huh, that's an interesting way to potentially vet candidates for a sec job: throw a phishing link into a recruiting email (convincing email, sketchy link). If their email matches an application, reject the candidate. Include info about an actual position in the email, and if they report it, give them an interview.