With more companies looking towards a digital-first approach to business going forward, demand for digital skills is on a sharp upwards trajectory. Finding developers, cybersecurity professionals and cloud migration experts is top of the agenda for many hiring managers as organisations look towards long-term growth and sustainability, following a period of rapid transformation.

The extent of this demand is reflected in a booming tech jobs market. According to CompTIA’s June 2021 European Tech Hiring Trends report, employers posted just shy of 900,000 ads for new tech roles in Q1 2021, representing a 40% increase compared to the third quarter of 2021. Software developers were listed as the most in-demand occupation category, accounting for almost 250,000 job ads posted in the quarter.Developers wantedThe call for developers has been consistent throughout the pandemic, and is likely to present one of the biggest recruitment challenges for employers over the coming months. This was certainly true for 61% of respondents in a survey of 15,000 developers and HR managers by tech-hiring platform CodinGame, which offered a snapshot of the most in-demand development and programming skills among businesses in 2021.CodinGame’s 2021 Developer Survey, which was conducted between October and December 2020, found that 64% of companies were looking to hire up to 50 developers in 2021. Others had even more ambitious recruitment targets: 14.4% said they planned to hire 50 to 100 developers, while 13.5% hope to recruit over 100 new developers over the course of 2021.SEE: What is a software developer? Everything you need to know about the programmer role and how it is changingGoing hand-in-hand with the increased demand for coders, knowledge of programming languages is also being sought by businesses undergoing digital transformation and launching new apps and digital platforms.The same survey from CodinGame found that JavaScript, Java and Python were the most important programming languages for employers, with close to 60% of respondents citing high demand for JavaScript and Java in particular. This makes sense, given the explosion of mobile and web apps since the start of the pandemic, and also supports CodinGame’s findings surrounding the demand for full-stack and back-end developers – Java remains the most popular language for building web application backends, after all.
Image: CodinGame

Recruiters anticipate DevOps roles being particularly difficult to fill. The switch to remote working brought a sudden increase in demand for DevOps experts capable of managing organization’s cloud infrastructure, and helping companies migrate their services to the cloud.This trend is anticipated to continue throughout the course of the year, CodinGame found: 43% of survey respondents cited DevOps positions as their number one recruiting challenge in 2021, followed by back-end developers (41%), full-stack developers (41%), architects (33%) and software engineers (24%).Software development meets operationsAccording to GitLab’s April 2021 Upskilling Enterprise DevOps Skills Report, DevOps skills are projected to grow 122% over the next five years, making it one of the fastest-growing skills in the workforce. In the US, there were over 300,000 job openings requesting DevOps skills in the past 12 months – and this demand is spreading rapidly across roles, organizations and industries.This demand is also reflected in the UK, where employers have had to contend with a pre-existing digital skills shortage that has been made considerably worse by the combination of Brexit and COVID-19.Research published in June by recruiter Robert Half identified a 319.4% uptick in demand for DevOps skills over the 12 months to June as businesses continue to integrate software development with IT operations.Robert Half’s research, which was gathered between April and May 2021, provided a more generalised overview of the skills needed by organizations in the second half of the year, and the roles hiring managers across various departments are most eager to fill.For chief information officers (CIOs) and chief technology officers (CTOs), the top five priority hires for H2 2021 are cloud engineers, front-end developers, business transformation specialists and database administrators, Robert Half found.
Image: Robert Half
Interestingly, the results varied slightly when CIOs and CTOs were quizzed on their most important interim hires. In this instance, frontend developers topped the list, followed by cloud engineers, system security specialists, business intelligence specialists and network/system managers.Software as a service (SaaS) skills and Python were also highlighted as speciality technical skills of increased importance to employers, with demand for these growing by 143.1% and 136.5% respectively. Once again, developers find themselves in a favourable position in post-COVID jobs market. Phil Boden, senior manager at Robert Half, told ZDNet: “Across the board, we are seeing requests for candidates with demonstratable experience in Python, .NET, C# and PHP, while financial services firms are specifically looking for talent with a strong working knowledge of Java.”A mixed pictureCompTIA’s Hiring Trends Report also reports high demand for Java and PHP, with the programming languages featuring 6th and 10th in the technical skills most cited in tech job postings.
Image: CompTIA
Yet these languages come after more fundamental skills, such as “programming” (2nd), “businesses IT systems” (3rd), “IT system administration” (7th) and “[Microsoft] Office/spreadsheets”, which maintains a near-universal entry requirement for jobs and was the number-one skill required by employers.CompTIA notes that job postings “invariably align with the job roles employers are seeking to fill,” which helps explain variability in the importance placed on various skills within reports. However, it points out that nearly every technology job role shares a number of common skill threads: software, infrastructure, data and business applications are all represented, and employers “frequently expect some level of cybersecurity, data, cloud, project management, and related technical skills.”
Image: CompTIA
The report reads: “At the skills level, summary analysis across all job postings for all tech job roles suggests employers tend to seek well-rounded candidates. This also reflects the ever-expanding nature of innovation, whereby new platforms, new coding languages, new hardware and devices, new data streams and new combinations of technology building blocks (think IoT) are a de facto part of the job for any technology professional.”This also explains why cybersecurity is often not specifically listed in skills reports, despite the fact employers increasingly expect baseline IT security knowledge from workers.Take the UK, for example: according to the 2021 City and Guilds Skills Index published in June, jobs postings for “cybersecurity technician” in the country increased by a massive 19,222% between April 2020 and April 2021, whereas roles for “cybersecurity engineer” grew by 292%. This compares to 312% growth in ads for “full-stack developer” during the same period, and a 184% increase in job postings for “Azure architect”.Cybersecurity above all?Demand for cybersecurity pros is by no means localised to the UK. A report by Harvey Nash and KPMG in September 2020 identified a huge demand for cyber professionals globally, with cybersecurity skills cited as the most in-demand skill by more than a third (35%) of the 4,200 IT professionals surveyed.

This demand has continued into 2021. According to Harvey Nash’s 2021 Tech Salary and Hot Skills report, published June 2021, cybersecurity remains the number one skill for employers in the UK (31%) and the US (36%). “Demand has increased throughout the pandemic as security specialists have been required to play the key role of keeping businesses protected during the unprecedented challenges of moving to mass homeworking,” Harvey Nash CEO Bev White told ZDNet.SEE: Cybersecurity: Why a culture of silence and driving mistakes underground is bad for everyoneDrilling down into the types of roles businesses are hiring for, ethical hackers, information security analysts, chief information security officers (CISOs) and cybersecurity consultants all feature prominently, Harvey Nash found.Alongside IT security, employers also seek cloud and data/analytics expertise, again reflecting the demands of changing business needs as digital transformation accelerates and more businesses make the wholesale shift towards remote working. Among the cloud-specific roles companies are hiring for, Harvey Nash identified strong demand for “cloud architect”, “cloud engineer”, “cloud security specialist”, DevOps engineer and “Amazon Web Services specialist.”Organisations are maturing beyond simply moving software online and becoming more sophisticated in how they deploy and exploit their online assets, for instance through distributed cloud, edge computing and marketplace platforms,” Harvey Nash said.Data everywhereWithin the data and analytics realm, companies are particularly eager to fill roles including “data analyst”, “data scientist”, “data engineer” and “business intelligence analyst,” Harvey Nash found.”The skills driving transformation are the ones that are focused on the customer, as well as those that stitch together the ever-increasing array of technologies and platforms,” said White.”On the customer side we are seeing increasing demand for UX experts, as well as digital experts with strong customer-facing and product development skills. On the technical side we are seeing an increase in demand for architects with a strong focus on cloud platforms.”Demand for more niche skills is also beginning to emerge as businesses digitize, particularly those related to automation and artificial intelligence/machine learning technologies. Gathering the data businesses need to inform the next steps of their transformation journey is one thing; making sense of it and putting it to use is quite another.Organizational change management (27%), enterprise architecture (23%), technical architecture (22%) and advanced analytics (22%) were also identified as skills facing shortages in the company’s 2020 Harvey Nash/KPMG CIO Survey.OutlookThe digital skills deficit is not a new problem for businesses, but it is one that has been made significantly more urgent due to COVID-19.Digitization efforts may have put many companies in a better position to tackle the challenges of an increasingly data-driven economy, but it has also driven further demand for tech workers with the skills needed to see these plans through – as well as keep driving them forward.Employers face a problem here: at the same time as demand for technology workers is on the rise, the pool of available talent is quickly shrinking. Software developers, cloud engineers, DevOps professionals and cybersecurity technicians are all needed to build, maintain and protect businesses as they move towards the next steps of their transformation journeys, which have been accelerated by the global pandemic.In order to meet their increasingly complex technical needs, businesses will need to become experts at both attracting and retaining this talent in an increasingly competitive jobs marketplace, as well as levelling up their existing employees with the skills they need to develop at pace. While this may not completely compensate for the shortage of tech talent, it will go some way to address the issue of a widening skills gap in a time of rapid digital innovation.

Digital transformation More

A small but complex malware variant is targeting supercomputers worldwide.

Reverse engineered by ESET and described in a blog post on Tuesday, the malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets. 
The cybersecurity team has named the malware Kobalos in deference to the kobalos, a small creature in Greek mythology believed to cause mischief. 
Kobalos is unusual for a number of reasons. The malware’s codebase is tiny but is sophisticated enough to impact at least Linux, BSD, and Solaris operating systems. ESET suspects it may possibly be compatible with attacks against AIX and Microsoft Windows machines, too. 
“It has to be said that this level of sophistication is only rarely seen in Linux malware,” commented cybersecurity researcher Marc-Etienne Léveillé.
While working with the CERN Computer Security Team, ESET realized the “unique, multiplatform” malware was targeting high performance computer (HPC) clusters. In some cases of infection, it appears that ‘sidekick’ malware hijacks SSH server connections to steal credentials that are then used to obtain access to HPC clusters and deploy Kobalos. 
“The presence of this credential stealer may partially answer how Kobalos propagates,” the team says. 

Kobalos is, in essence, a backdoor. Once the malware has landed on a supercomputer, the code buries itself in an OpenSSH server executable and will trigger the backdoor if a call is made through a specific TCP source port.
Other variants act as middlemen for traditional command-and-control (C2) server connections.
Kobalos grants its operators remote access to file systems, allows them to spawn terminal sessions, and also acts as connection points to other servers infected with the malware. 
ESET says that a unique facet of Kobalos is its ability to turn any compromised server into a C2 through a single command. 
“As the C2 server IP addresses and ports are hardcoded into the executable, the operators can then generate new Kobalos samples that use this new C2 server,” the researchers noted. 
The malware was a challenge to analyze as all of its code is held in a “single function that recursively calls itself to perform subtasks,” ESET says, adding that all strings are encrypted as a further barrier to reverse engineering. As of now, more research needs to be conducted in the malware — and who may be responsible for its development.
“We were unable to determine the intentions of the operators of Kobalos,” ESET commented. “No other malware, except for the SSH credential stealer, was found by the system administrators of the compromised machines. Hopefully, the details we reveal today in our new publication will help raise awareness around this threat and put its activity under the microscope.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

<!–> boonstudio/Getty Images Windows users who want to browse the web with greater anonymity and privacy can now take the DuckDuckGo browser for a spin. Released late last week as a public beta, DuckDuckGo for Windows joins its Mac counterpart in providing you with a host of features that emphasize privacy as you surf the […] More

Amazon has filed a lawsuit against Instagram and TikTok personalities for allegedly participating in a scheme to sell counterfeit luxury goods. 

Filed in the United States District Court for the Western District of Washington and made public on Thursday, the complaint alleges that 13 individuals and businesses ran a scam to lure followers into buying fake luxury products — and deceive Amazon in the process. 
The influencers, Kelly Fitzpatrick and Sabrina Kelly-Krejci, allegedly peddled counterfeit items listed on Amazon — but disguised — by sellers they conspired with. Amazon claims that Fitzpatrick and Kelly-Krejci used social media platforms, such as Instagram, Facebook, and TikTok — as well as their own websites — to advertise fake products. 
According to the lawsuit, the influencers posted side-by-side photos of generic, unbranded items and a luxury — but counterfeit — product. The text “Order this/Get this” was posted alongside the photos, with “Order this” referring to a generic product listed on Amazon, and “Get this” referring to a fake luxury good, also referred to as a dupe. 
See also: Inexpensive gifts: Best tech and gadgets for under $100
As shown in the court filing example below, a generic black wallet would be listed on Amazon, but customers would receive a dupe of a branded product. The generic item, therefore, was nothing more than a placeholder. 

Videos describing the “high quality” of the fake products were also published by the influencers. 

“By posting only generic products on Amazon, Fitzpatrick and Kelly-Krejci — and the sellers they coordinated with — attempted to evade our anti-counterfeit protections while using social media to promote the true nature of these counterfeit products,” Amazon says. 
Fitzpatrick, a former member of the Amazon Influencer Program, has now been booted out of the program. 
Amazon says dupes are still being advertised on her personal website. At the time of writing, the domain is inaccessible, as is her Instagram profile, now made private. 
CNET: Rules for strong passwords don’t work, researchers find. Here’s what does
The e-commerce giant says that Kelly-Krejci’s scheme was also “detected and blocked.”
The social media influencer pool can be a valuable tool for marketers and legitimate, sponsored product placements, listings, and shout-outs do exist. However, as the lawsuit may show, social media platforms can also be abused to conduct fraud and to peddle counterfeit items. 
Amazon has attempted to crack down on fake goods and dupes in recent years, investing over $500 million to combat such alleged scams in 2019 alone. In June this year, Amazon launched its Counterfeit Crimes Unit to investigate and launch legal action against “bad actors” involved in the sale of counterfeit goods. 
TechRepublic: New survey details IT challenges, shadow IT risks, 2021 outlook, and more
Cristina Posa, Director of Amazon’s Counterfeit Crimes Unit, described the alleged scam and defendants as “brazen.” 
“This case demonstrates the need for cross-industry collaboration in order to drive counterfeiters out of business,” Posa commented. “Amazon continues to invest tremendous resources to stop bad actors before they enter our store and social media sites must similarly vet, monitor, and take action on bad actors that are using their services to facilitate illegal behavior.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: GitHub
Code-hosting website GitHub is rolling out today a new security feature named Code Scanning for all users, on both paid and free accounts.
GitHub says the new Code Scanning feature “helps prevent vulnerabilities from reaching production by analyzing every pull request, commit, and merge—recognizing vulnerable code as soon as it’s created.”
Once vulnerabilities are detected, Code Scanning works by prompting the developer to revise their code.
Under the hood, Code Scanning works on top of CodeQL, a technology that GitHub integrated into its platform after it acquired code-analysis platform Semmle in September 2019.
CodeQL stands for code query language and is a generic language that allows developers to write rules to detect different versions of the same security flaw across large codebases.
To configure Code Scanning, users must visit the “Security” tab of each of the repositories they want the feature to be enabled.

Image: GitHub
Here, developers will be prompted to enable the CodeQL queries they want GitHub to use to scan their source code.
To get users started on using Code Scanning, Gitub said its security team has put together more than 2,000 predefined CodeQL queries that users can enable for their repositories and automatically check for the most basic security flaws when submitting new code.
In addition, Code Scanning can also be extended via custom CodeQL templates written by repository owners or by plugging in third-party open-source or commercial static application security testing (SAST) solutions.
Code Scanning has been available to GitHub beta testers since May after the feature was initially announced at the GitHub Satellite conference.
Since then, GitHub says the feature has been used to perform more than 1.4 million scans on more than 12,000 repositories and has identified over 20,000 vulnerabilities, including remote code execution (RCE), SQL injection, and cross-site scripting (XSS) vulnerabilities.
Developers also appear to have warmly received the new feature, and GitHub says it already received 132 community contributions to CodeQL’s open-sourced query sets since the feature launched in the spring. More