Javascript – MYNYML http://mynyml.com/ Fri, 14 Jan 2022 13:54:58 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 https://mynyml.com/wp-content/uploads/2021/05/cropped-icon-32x32.png Javascript – MYNYML http://mynyml.com/ 32 32 The 10 professions whose demand will increase the most in 2022 https://mynyml.com/the-10-professions-whose-demand-will-increase-the-most-in-2022/ Fri, 14 Jan 2022 13:54:58 +0000 https://mynyml.com/the-10-professions-whose-demand-will-increase-the-most-in-2022/ If you are looking for a job in 2022, it is useful to know which positions will have the most vacancies. AI, cybersecurity and renewable energy will be among the biggest recruiting industries. Loading Something is loading. If you want to find work in 2022, it’s important to know which jobs will be most in […]]]>
  • If you are looking for a job in 2022, it is useful to know which positions will have the most vacancies.
  • AI, cybersecurity and renewable energy will be among the biggest recruiting industries.

If you want to find work in 2022, it’s important to know which jobs will be most in demand.

Whether you’re entering the job market for the first time or looking to change careers, it’s good to know who’s hiring because it could save you a lot of time and effort. You can also use the information to reorient your career or studies according to the roles that will open up.

Below are 10 of the positions expected to experience the fastest growth in 2022.

1. Artificial intelligence specialist

As LinkedIn’s Emerging Jobs Report revealed, in the US, hiring growth in this role increased 74% over four years.

This role is growing across all sectors and is expected to continue through 2022.

Artificial intelligence specialists work in a variety of industries, but with skills that focus on computer programming and computer science.

The work involves developing new AI-based products and improving existing ones.

2. Data scientist

Many businesses rely heavily on managing large databases, and it will become even more important with each passing year.

Some sectors that particularly need data scientists are telecommunications, banking and research.

Data scientists are experts in managing databases and extracting key insights from numbers.

3. Robotics Engineer

In the future, companies in all industries will use robots to streamline certain work processes.

As Bloomberg reported, robotics company UiPath achieved a market valuation of around $36 billion when it went public in the United States last year, showing how the industry is growing. quickly.

Robotics specialists are responsible for designing both hardware and software for robotic solutions.

4. Full Stack Engineer

The Linkedin report noted that this is the second year in a row that this role has appeared on their list, and it has seen a 35% growth rate since 2015.

5. Cloud Engineer

Virtually every business now stores information in the cloud, so it’s becoming an increasingly important role across all industries.

Sectors such as financial services, telecommunications and IT are in particular need of these professionals.

6. Sales Development Representative

This role has grown steadily through the expansion of the


technology sector

. The constant search for clients has ensured that hiring has not slowed down.

The goal of sales development is to develop new business models that increase sales and improve the customer experience.

7. Cybersecurity specialist

Every business needs cybersecurity experts to protect its data and that of its customers.

Fortune reported that the number of data breaches in 2021 surpassed the number in 2020 in October, underscoring the importance of this work.

8. Behavioral Health Technician

This job often involves working with people who have behavioral challenges and doesn’t require a specific degree, so it could be ideal for those looking to change careers later in life.

The Linkedin report suggested that the push for access to more mental health treatment is driving the increased demand for employment.

9. Customer Success Specialist

This role requires good product knowledge and customer service skills. This is another role that has been growing steadily thanks to the technology sector, and it will continue to do so.

The Linkedin report noted that 72% of professionals in this position at the time worked in the IT industry.

10. JavaScript Developer

The Linkedin report lists JavaScript as one of the top five most in-demand software skills, making JavaScript developers one of the most in-demand professionals nationwide.

]]>
Iranian Intelligence Malware Suite Uses Open Source Tools> US Cyber ​​Command> News https://mynyml.com/iranian-intelligence-malware-suite-uses-open-source-tools-us-cyber-%e2%80%8b%e2%80%8bcommand-news/ Wed, 12 Jan 2022 19:07:17 +0000 https://mynyml.com/iranian-intelligence-malware-suite-uses-open-source-tools-us-cyber-%e2%80%8b%e2%80%8bcommand-news/ FORT MEADE, Maryland – To better defend against malicious cyber actors, the Cyber ​​National Mission Force of the US Cyber ​​Command has identified and disclosed several open source tools that Iranian intelligence actors use in networks around the world. These actors, known as MuddyWater in the industry, are part of groups carrying out Iranian intelligence […]]]>

To better defend against malicious cyber actors, the Cyber ​​National Mission Force of the US Cyber ​​Command has identified and disclosed several open source tools that Iranian intelligence actors use in networks around the world.

These actors, known as MuddyWater in the industry, are part of groups carrying out Iranian intelligence activities and have been seen to use various techniques to maintain access to victim networks.

MuddyWater is an Iranian threat group; Previously, the industry reported that MuddyWater primarily targets Middle Eastern countries, as well as European and North American countries.

MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (VEVAK). According to Congress Research Service, the MONTH “conducts national surveillance to identify opponents of the regime.” It also monitors anti-regime activists abroad through its network of agents in Iranian embassies. “

If a network operator identifies multiple tools on the same network, it may indicate the presence of malicious Iranian cyber actors.

Below are some technical aspects of how the threat actor could exploit network malware.

These include side-loading DLLs to trick legitimate programs into running malware and obfuscate PowerShell scripts to hide command and control functions. New samples showing the different parts of this suite of tools are published on Virus Total, along with the JavaScript files used to establish connections to the malicious infrastructure.

www.Virustotal.com/en/user/CYBERCOM_Malware_Alert

  • Example of previous PowGoop:
    • These three examples are all part of the same PowGoop instance. They were identified in a folder containing several other legitimate executables and DLLs. Goopdate.dll uses DLL sideloading to run when a non-malicious GoogleUpdate.exe executable is executed. goopdate.dll will then un-obscure goopdate.dat, which is a PowerShell script used to un-obscure and run config.txt. Config.txt is a PowerShell script that establishes network communication with the PowGoop C2 server. It uses a modified base64 encoding mechanism to send data to and from the C2 server. The IP of the C2 server is often hard-coded in config.txt
    • Goopdate.dll hides communications with C2 servers from malicious cyber actors by running with the Google Update service.
  • Additional PowGoop DLL side-loading variants:
    • Uses the same technique to un-obscure the .dat file, which is a PowerShell script to decode another PowerShell script with the .txt file extension
    • This open source code was used for espionage and ransomware – libpcre2-8-0.dll and vcruntime140.dll (PowGoop variant) exploit different naming conventions to avoid antivirus and manual detection.
  • Additional variants of the PowGoop charger:
    • Any instance of these files can indicate an attacker on the network: an open source computer research has found variants of PowGoop Loader in compromised networks, defusing a PowerShell script that allows an attacker to command and control functions.
    • De-obfuscation .txt file, which is another PowerShell script and the main C2 feature
  • Additional PowGoop C2 Variants:
    • These malicious software reach the victim networks and contact the malicious infrastructure. If you see these files, the MCAs are probably seeing their tag as well.
    • Each sample reaches the victim network and contacts the malicious infrastructure. If you see these files on the network, chances are they can see their tag as well.
  • JavaScript examples:
    • The examples send a GET request to the malicious servers. JavaScripts are associated with groups also using PowGoop.
  • Mori backdoor example:
    • This sample is an indicator that a network has been compromised – this is the Mori backdoor and is used by malicious cyber actors for spying. This malware uses DNS tunneling to communicate with its C2 infrastructure.
    • This sample is probably a Mori backdoor. This example uses regsvr32.dll to run. The key IOCs are creating the Mutex 0x50504060 and creating the HKLM SOFTWARE NFC registry key

]]>
JavaScript developer destroys own projects in supply chain ‘lesson’ – Naked Security https://mynyml.com/javascript-developer-destroys-own-projects-in-supply-chain-lesson-naked-security/ Tue, 11 Jan 2022 00:54:23 +0000 https://mynyml.com/javascript-developer-destroys-own-projects-in-supply-chain-lesson-naked-security/ You’ve probably seen the news, even if you’re not sure what happened. Unless you are a JavaScript programmer and rely on one or both of a pair of modules called faker.js and colors.js. If you were a user of one of these projects, and if you were (or were!) Inclined to automatically accept all updates […]]]>

You’ve probably seen the news, even if you’re not sure what happened.

Unless you are a JavaScript programmer and rely on one or both of a pair of modules called faker.js and colors.js.

If you were a user of one of these projects, and if you were (or were!) Inclined to automatically accept all updates to your source code without any kind of code review or testing …

… You are probably well aware of what exactly happened and how it affected you.