Nov 22, 2024Ravie LakshmananCyber Attack / MalwareThe threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today.Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily targeting Pakistani entities.The group's tactics and tooling have been found to share similarities with those of other threat actors operating in the regions, such as SideWinder, Confucius, and Bitter.In October 2023, the group was linked to a spear-phishing campaign that delivered a backdoor called ORPCBackdoor as part of attacks directed against Pakistan and other countries.The exact initial access vector employed by Mysterious Elephant in the latest campaign is not known, but it likely involves the use of phishing emails. The method leads to the delivery of a ZIP archive file that contains two files: a CHM file that claims to be about the Hajj policy in 2024 and a hidden executable file.When the CHM is launched, it's used to display a decoy document, a legitimate PDF file hosted on the government of Pakistan's Ministry of Religious Affairs and Interfaith Harmony website, while the binary is stealthily executed in the background.A relatively straightforward malware, it's designed to establish a cmd shell with a remote server, with Knownsec 404 identifying functional overlaps with Asyncshell, another tool the threat actor has repeatedly used since the second half of 2023.As many as four different versions of Asyncshell have been discovered to date, boasting capabilities to execute cmd and PowerShell commands. Initial attack chains distributing the malware have been found to leverage the WinRAR security flaw (CVE-2023-38831, CVSS score: 7.8) to trigger the infection.Furthermore, subsequent iterations of the malware have transitioned from using TCP to HTTPS for command-and-control (C2) communications, not to mention making use of an updated attack sequence that employs a Visual Basic Script to show the decoy document and launch it by means of a scheduled task."It can be seen that APT-K-47 has frequently used Asyncshell to launch attack activities since 2023, and has gradually upgraded the attack chain and payload code," the Knownsec 404 team said."In recent attack activities, this group has cleverly used disguised service requests to control the final shell server address, changing from the fixed C2 of previous versions to the variable C2, which shows the importance APT-k-47 organization internal places on Asyncshell."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Nov 22, 2024Ravie LakshmananCyber Espionage / MalwareThreat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe.Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The hacking crew has been active since at least 2021."Using custom malware tools HATVIBE and CHERRYSPY, TAG-110 primarily attacks government entities, human rights groups, and educational institutions," the cybersecurity company said in a Thursday report. "HATVIBE functions as a loader to deploy CHERRYSPY, a Python backdoor used for data exfiltration and espionage."TAG-110's use of HATVIBE and CHERRYSPY was first documented by CERT-UA back in late May 2023 in connection with a cyber attack targeting state agencies in Ukraine. Both the malware families were again spotted over a year later in an intrusion of an unnamed scientific research institution in the country.As many as 62 unique victims across eleven countries have been identified since then, with notable incidents in Tajikistan, Kyrgyzstan, Kazakhstan, Turkmenistan, and Uzbekistan, indicating that Central Asia is a primary area of focus for the threat actor in a likely attempt to gather intelligence that informs Russia's geopolitical objectives in the region.A smaller number of victims have also been detected in Armenia, China, Hungary, India, Greece, and Ukraine.Attack chains involve the exploitation of security flaws in public-facing web applications (e.g., Rejetto HTTP File Server) and phishing emails as an initial access vector to drop HATVIBE, a bespoke HTML application loader that serves as a conduit to deploy the CHERRYSPY backdoor for data gathering and exfiltration."TAG-110's efforts are likely part of a broader Russian strategy to gather intelligence on geopolitical developments and maintain influence in post-Soviet states," Recorded Future said. "These regions are significant to Moscow due to strained relations following Russia's invasion of Ukraine."Russia is also believed to have ramped up its sabotage operations across European critical infrastructure following its full-scale invasion of Ukraine in February 2022, targeting Estonia, Finland, Latvia, Lithuania, Norway, and Poland with the goal of destabilizing NATO allies and disrupting their support for Ukraine."These covert activities align with Russia's broader hybrid warfare strategy, aiming to destabilize NATO countries, weaken their military capabilities, and strain political alliances," Recorded Future said, describing the efforts as "calculated and persistent.""As relations between Russia and the West will almost certainly remain fraught, Russia is very likely to increase the destructiveness and lethality of its sabotage operations without crossing the threshold of war with NATO as discussed in the Gerasimov doctrine. These physical attacks will likely complement Russian efforts in the cyber and influence operations realm in line with Russia's hybrid war doctrine."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Brandon Taylor, Digital Editorial Program ManagerNovember 22, 20245 Min ViewAs artificial intelligence (AI) continues to advance and be adopted at a blistering pace, there are many ways AI systems can be vulnerable to attacks. Whether being fed malicious data that enables incorrect decisions or being hacked to gain access to sensitive data and more, there are no shortage of challenges in this growing landscape.Today, it's more vital than ever to consider taking steps to ensure that generative AI models, applications, data, and infrastructure are protected.In this archived panel discussion, Sara Peters (upper left in video), InformationWeeks editor-in-chief; Anton Chuvakin (upper right), senior staff security consultant, office of the CISO, for Google Cloud; and Manoj Saxena (lower middle), CEO and executive chairman of Trustwise AI, came together to discuss the importance of applying rigorous security to AI systems.This segment was part of our live virtual event titled, State of AI in Cybersecurity: Beyond the Hype. The event was presented by InformationWeek and Dark Reading on October 30, 2024.A transcript of the video follows below. Minor edits have been made for clarity.Sara Peters: All right, so let's start here. The topic is securing AI systems, and that can mean a lot of different things. It can mean cleaning up the data quality of the model training data or finding vulnerable code in the AI models.Related:It can also mean detecting hallucinations, avoiding IP leaks through generative AI prompts, detecting cyber-attacks, or avoiding network overloads. It can be a million different things. So, when I say securing AI systems, what does that mean to you?What are the biggest security risks or threats that we need to be thinking about right now? Manoj, I'll send that to you first.Manoj Saxena: Sure, again, thanks for having me on here. Securing AI broadly, I think, means taking a proactive approach not only to the outside-in view of security, but also the inside-out view of security. Because what we're entering is this new world that I call prompt to x. Today, it's prompt to intelligence.Tomorrow, it will be prompt to action through an agent. The day after tomorrow, it will be prompt to autonomy, where you will tell an agent to take over a process. So, what we are going to see in terms of securing AI are the external vectors that are going to be coming into your data, applications and networks.They're going to get amplified because of AI. People will start using AI to create new threat vectors outside-in, but also, there will be a tremendous number of inside-out threat vectors that will be going out.Related:This could be a result of employees not knowing how to use the system properly, or the prompts may end up creating new security risks like sensitive data leakage, harmful outputs or hallucinated output. So, in this environment, securing AI would mean proactively securing outside-in threats as well as inside-out threats.Anton Chauvkin: So, to add to this, we build a lot of structure around this. So, I will try to answer without disagreeing with Manoj, but by adding some structure. Sometimes I joke that it's my 3am answer if somebody says, Anton secure AI! What do you mean by this? I'll probably go to the model that we built.Of course, that's part of our safe, secure AI framework approach. When I think about securing AI, I think about models, applications, infrastructure and data. Unfortunately, it's not an acronym, because the acronym would be MADE, and it'll be really strange.But after somebody said it's not an acronym, obviously, everybody immediately thought it's an acronym. The more serious take on this is that if I say securing AI, I think about securing the model, the applications around it, the infrastructure under it, and the data inside it.I probably won't miss anything that's within the cybersecurity domain, if I think about these four buckets. Ultimately, I've seen a lot of people who obsess about one, and all sorts of hilarious and sometimes sad results happen. So, for example, I go and say the model is the most important, and I double down on prompt injection.Related:Then, SQL injection into my application kills me. If I don't want to do it in the cloud for some reason, and I try to do it on premise, my infrastructure is let go. My model is fine, my application is great, but my infrastructure is let go. So, ultimately, these four things are where my mind goes when I think about securing AI systems.MS: Can I just add to that? I think that's a good way to look at the stack and the framework. I would add one more piece to it, which is around the notion of securing the prompts. This is prompt security and filtering, prompt defense against adversarial attacks, as well as real time prompt validation.You're going to be securing the prompt itself. Where do you think that fits in?AC: We always include it in the model, because ultimately, the prompt issues to us are AI specific issues. Nothing in the application infrastructure data is AI specific, because these exist, obviously, for non-applications. For us, when we talk about prompt, it always sits inside the M part of the model.SP: So, Google's secure AI framework is something that we can all look for and read. It's a thorough and interesting read, and I recommend to our audience to do that later. But you guys have just covered a wide variety of different things already when I asked the first question.So, if I'm a CIO or a CISO, what should I be evaluating? How do I evaluate the security of a new AI tool during the procurement phase when you have just given me all these different things to try to evaluate? Anton, why don't you start with that one?Watch the archived State of AI in Cybersecurity: Beyond the Hype live virtual event on-demand today.About the AuthorBrandon TaylorDigital Editorial Program ManagerBrandon Taylor enables successful delivery of sponsored content programs across Enterprise IT media brands: Data Center Knowledge, InformationWeek, ITPro Today and Network Computing.See more from Brandon TaylorNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeReportsMore Reports

John Edwards, Technology Journalist & AuthorNovember 22, 20245 Min ReadAlessandro Grandini via Alamy Stock PhotoAIrevolutionizes just about everything. Photography is no exception.AI is a powerful tool, says Conor Gay, vice president of business operations at MarathonFoto, a firm specializing in marathon race photography. When used appropriately, it can enhance great photography and create incredible designs, he explains in an email interview. "When used carelessly, it can cause confusion, misinformation, or just plain ruin a photo."AI helps photographers realize a creative vision, observes John McNeil, founder and CEO of John McNeil Studio, a San Francisco-area based creative firm. "It's an incredibly powerful tool, helping even less-than-professional photographers create more professional images," he notes in an online interview. "Features such as exposure correction, auto enhance, and auto skin tone, allow just about anyone to take great pictures."Johnny Wolf, founder and lead photographer at Johnny Wolf Studio, a New York-based corporate photography studio, says that AI allows him to explore complex concepts in pre-production and create realistic mockups for client approval, all without even having to touch a camera. "It gives me the ability to quickly test and iterate on ideas without having to invest time and resources," he explains via email. "This results in a more focused discovery phase with clients and leads to fewer revisions during the editing process."Related:Efficiency and QualityAI tools enable greater efficiency and higher quality when capturing images, automatically detecting subjects, optimizing an image at the moment it's taken, says Chris Zacharias, founder and CEO of visual image studio Imgix. AI tools can identify subjects and objects within an image to allow greater precision in editing," he notes in an email interview. "We can remove unwanted elements or introduce new ones into a photograph in pursuit of a creative vision."Wolf says that AI's greatest impact has been automating the mundane. "Basic tasks, like whitening a subject's teeth, or cloning-out distracting background elements, used to involve a time-consuming masking process, which can now be done with one click," he explains. "With AI handling the drudgery of post-production, I'm free to dedicate more time and energy into creative exploration, improving my craft and delivering a more personalized and impactful final product."AI has allowed us to identify images faster and more accurately than ever before, Gay says. "In the past two years, we've been able to get more images into runners' galleries, typically within 24 hours of their finish," he notes. "AI has also allowed us to capture more unique shots and angles."Related:Gay adds that AI can also capture relevant photo data that can be used by race partners and sponsors. "We're now able to identify sponsor-branding that appears in our photos, and even capture data around apparel and footwear." The technology is also used to enhance images. "We see different weather and lighting conditions throughout the day," he notes. "AI allows us to enhance these images to their highest quality."AI's power, control, flexibility, and possibilities are absolutely incredible, McNeil states. "Photoshop was a game changer 30 years ago, and in less than three years, AI makes things like histograms and layers seem positively quaint."The DownsideAI's ethical implications are significant, and will require discussion, consideration, and action by a wide range of stakeholders and organizations, Zacharias says. "There's much to consider, and the impacts are already being felt."Maintaining authenticity is a top concern, Gay says. "Especially in our industry, runners work tirelessly to complete their races," he notes. "The idea of someone being able to create a fake finish line moment with AI discredits the hard work each athlete puts into their race." Gay says his goal is to document runners' journeys on race day and to be as accurate as possible.Related:McNeil worries that there may now be too much reliance on AI. "The term 'well fix it in post' used to be a lazy joke people would make on set," he says. "Today, it's literally the process." Yet such an attitude can lead to images that are poorly crafted, uninventive, and looking like they were generated by AI. "Ultimately, as creative people and artists, we need to be more critical about the work we're putting into the world."While photo manipulation is nothing new, AI's ability to instantly generate photography that's indistinguishable from reality has led to a frightening inflection point, Wolf warns. "Anyone with an agenda and a web browser can now create and disseminate AI-generated propaganda as a real-time response to events," he explains. "If society can no longer trust photos as evidence of truth, we'll retreat further into our echo chambers and consume content that has been generated to reinforce our views."Looking ForwardArtists have always adapted and leveraged new tools and technologies to create novel forms of self-expression, Zacharias says. "The coming years will see a lot of discussion about what is real or authentic," he notes. "At the end of the day, AI is and will continue to be a tool, and it is we humans who will define what the soul of the medium is."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeReportsMore Reports

James Gunns DC Universe kicks off next month, with the debut of the new animated seriesCreature Commandoson Max.The show, created by Gunn and based on the DC comic, features a team of monsters who agree to work for the U.S. government and Amanda Waller. (Yes, Viola Davis is voicing Waller on the series.) It is the first official entry in the new DC film and TV universe overseen by Gunn that will continue next year with a newSuperman film, also directed by Gunn.Also coming to Max in December: AFriends-themed game show calledFast Friends, the streaming premiere of Clint Eastwoods awesomeJuror #2, and a new season of the comedy seriesBookie.Also, Maxs press release for the month also claimsBeetlejuice Beetlejuice is coming to the service in December as well but doesnt give a specific date for its debut. So stay tuned, I guess.Heres the full list (minus Beetlejuice Beetlejuice) of whats coming to streaming in December 2024 on Max:December 1Cedar Rapids (2011) Clash of the Titans (2010) Cop Out (2010) Death Race (2008) Glee The 3D Concert Movie (2011) Hamlet 2 (2008) How I Live Now (2013) Invisible Stripes (1939) It All Came True (1940)11. Jupiter Ascending (2015)Warner Bros.loading...READ MORE: The Best Sequel Titles EverJupiter Ascending (2015) Key Largo (1948) Kid Galahad (1937) King of the Underworld (1939) Lightning Strikes Twice (1951) Lord of the Rings (1978) Man from God's Country (1958) Marine Raiders (1944) Marked Woman (1937) Meet Me in St. Louis (1944) Megamind (2010) Mr. Poppers Penguins (2011) National Velvet (1944)Ninja Assassin (2009)Overland Telegraph (1951)Passage to Marseille (1944)Person to Person (2017)Pistol Harvest (1952)Results (2015)Riders of the Range (1950)Saddle Legion (1952)San Quentin (1937)So This Is Paris (1926)Stagecoach Kid (1949)State's Attorney (1932)Strike Up the Band (1940)Take This Waltz (2012)Teen Titans Go! 400th Episode (Warner Bros. Animation)Warner Bros.Warner Bros.loading...The Goonies (1985) The Hobbit (1977) The Maltese Falcon (1941) The Oklahoma Kid (1939) The Return of Doctor X (1939) The Return of the King (1980) The Roaring Twenties (1939) The Secret Fury (1950) The Shop Around the Corner (1940) The Threat (1949) The Two Mrs. Carrolls (1947) The Wagons Roll at Night (1941) The Woman on Pier 13 (1950) They Drive by Night (1940) Tomorrow is Another Day (1951) White Bird in a Blizzard (2014) White God (2015) Words and Music (1948) You Can't Get Away with Murder (1939)December 390 Day: The Last Resort (Between the Sheets), Season 2 (TLC) 90 Day: The Last Resort, Season 2 (TLC) Hard Knocks: In Season with the AFC North (HBO Original) Kids Baking Championship: Frosting the Snowman (Food Network) Mecum Full Throttle: Las Vegas NV 2024MaxMaxloading...December 5Creature Commandos, Season 1 (Max Original) Roadworthy Rescues, Season 3December 6Batwheels, The Great Christmas Caper, Season 2 (Cartoon Network) Mini Beat Power Rockers, Season 4 Mini Beat Power Rockers: A Villain's Carol (2024) Teen Titans Go!, Season 8, Episodes 30-34 (Cartoon Network) The Official DC Podcast (Max Original) Tiny Toons Looniversity: Winter In Blunderland, Season 2 (Cartoon Network)SUPERMAN, Christopher Reeve, 1978. Warner Brothers/courtesy Everett CollectionAlamy Stock Photoloading...December 7Super/Man: The Christopher Reeve Story (HBO Original) Evolve and Flex, Episode 1December 8A Season to Remember (OWN) Motortrend: Mecum Presents: The 2025 Kissimmee Preview Show Motortrend: Mecum Presents: The Steve McQueen 917KDecember 9999 Murderer Calling, Season 1 (discovery+)December 10Nature of the Crime (HBO Original)December 12Bookie, Season 2 (Max Original) Fear Thy Neighbor, Season 10 & 11 (ID) Lost in the Amazon: The Rescue That Shocked the World (Max Original) Was I A Sex Object? (Max Original)HBO MaxHBO Maxloading...December 13Batwheels, Season 2 Episodes 22-37 (Cartoon Network)December 14Evolve and Flex, Episode 2December 15Frozen Planet II, Season 2 (discovery+) Mistletoe & Matrimony (OWN)December 16Truck U, Season 20 Two Guys Garage, Season 23 Very Scary People, Season 6 (ID) White House Christmas (HGTV)December 17Dr. Sanjay Gupta Reports: Is Ozempic Right For You? (CNN)December 19Fast Friends (Max Original) Rose Matafeo: On and On and On (Max Original) Texas Cheerleader Murder Plot (ID) The Head, Season 3 (Max Original)Warner Bros.Warner Bros.loading...December 20Juror #2 (Max Original) X-Rated Queen, Season 1 (Max Original)December 21Evolve and Flex, Episode 3December 22Build for Off-Road, Season 1 24-Karat Christmas (OWN)December 23Alien Files: Reopened, Season 1December 27Building Outside the Lines, Season 2 (Magnolia Network) In with the Old, Season 7 (Magnolia Network) The Flipping El Moussas, Season 2 (HGTV)December 28Evolve and Flex, Episode 4 Mecum Full Throttle: Kansas City MO 2024December 30Home Town, Season 9 (HGTV) Teen Titans Go!, Season 8, Episodes 35-37 (Cartoon Network) Yellowstone Wardens, Season 6 (Animal Planet)25 Movies That Changed Completely During ProductionThese films started looking one way and wound up looking very different by the time they were actually released.

The very lastMuppetsprojectJim Hensonworked on before his deathis closing.Thats been the rumor for months, ever since Disney announced they were adding a whole new land based onMonsters Inc.to its Hollywood Studios theme park in Walt Disney World. But now its confirmed. An article on Disney Parks Blog states that to make way for the monsters, Kermit the Frog, Miss Piggy and more of their friendsmoving right alongto Sunset Boulevard!In other words, HensonsMuppet*Vision 3Dfilm will close in order to make room for the new land. The Muppets will instead become the newsubjects of the parks Rock n Roller Coaster, which opened in1999 and is currently themed around the band Aerosmith.Muppet*Vision 3Dfirst opened in 1991, and it is one of the oldestattractions atDisney Hollywood Studios (formerly Disney-MGM Studios) still in operation. It is particularly notable amongMuppet fans because it was one of Jim Hensons very last projects before his death.Although Henson died in 1990, before the attraction officially opened, he directed the film a 3D movie with additional in-theater effects as well as puppeteered Kermit the Frog and several other Muppet characters in it.Disney released this concept art for the new version of Rock n Roller Coaster:DisneyDisneyloading...READ MORE: Disney Is Building the First Spider-Man Roller CoasterAlthough theMuppet*Vision 3Dfilmwas also at Disneys California Adventure park for a time, it closed there in 2014. When the film closes in Florida, that will be the end of the attraction and perhaps the last time Muppet fans will be able to watch this very popular and beloved Henson project.The Disney Parks Blog does say that the company is having creative conversations and exploring ways to preserve the film and other parts of the experience for fans to enjoy in the future. That suggests the film could be made available on streaming or home video although without the various 3D and 4D in-theater effects, Im not sure it will be quite the same thing. (And if theyre removing the theater where it plays in order to make room forMonsters Inc.stuff, Im not sure how you could preserve the full experience.)Given thatRock n Roller Coaster is themed around a band that formally retired from touring earlier this year, it is more than overdue for some kind of update. At Walt Disney Studios Park in Paris, their version of the Rock n Roller Coaster has already been reskinned to be an Avengers ride. But the deal between Marvel and Universal for the latterssuper hero area at their Islands of Adventure theme parkensures that conceptis not allowed at Disneys Florida parks. Using the Muppetsinstead sounds like a fun alternative. Whether that lessens the sting of the closure ofMuppet*Vision 3Dfor hardcore Muppetfanatics remains to be seen.Disney did not announce closure dates forMuppet*Vision 3Dor the Aerosmith version ofRock n Roller Coaster yet, saying only theres still enough time to catch a super-stretchlimo to the Forum to enjoy Rock n Roller Coaster Starring Aerosmith and catch Muppet*Vision 3D again before their final curtain calls.Get our free mobile appAmazing Theme Park Rides Based on Movies That Were Never BuiltFiled Under: Disney, Jim Henson, The Muppets, Walt Disney WorldCategories: Longform, TV News

Posted Nov 22 Remote Senior Full Stack Engineer Localize View company profile & all jobs Full-TimeFull-Stack ProgrammingUSA OnlyTime zones: EST (UTC -5), CST (UTC -6)Localize is seeking an energetic, growth-minded Full Stack Engineer to join our US-based remote team.As a Localize engineer, youll be responsible for implementing new functionality within Localizes core product. On the frontend youll work on our React/Redux/Backbone SPA, and on the backend youll build RESTful APIs in Node/Express/MongoDB.As a key member of our remote engineering team, youll lead the development of many high impact product initiatives. Were looking for a strong engineer who works well on a small team and is excited about the opportunity to have a direct impact on improving customer experience.Responsibilities:Implement new features + functionality within Localizes core productBuild features and on the frontend within our React/Redux/Backbone SPADevelop REST APIs with Node/Express/Mongo that power the frontend SPABe actively involved in product and architecture decisionsCollaborate with other remote engineers and participate in peer code reviewsDiagnose production bugs throughout the development cycleTechnologies: Experience with these specific technologies a plus, but not strictly requiredFrontend: Javascript, React, Redux, Backbone, Handlebars, LessBackend: Javascript, Node, Express, MongooseDatastores: MongoDB (Mongoose.js ODM), Redis, S3Infrastructure: AWS: Elastic Beanstalk, EC2, Elasticache, Cloudfront, Route53, etcDevOps / Misc: Git/Github, Jira, CircleCI, MochaExperience and Qualifications:6+ years experience building, deploying, and maintaining production web applicationsExperience building complex Single Page ApplicationsExperience writing, maintaining, and integrating REST APIs written in Node/ExpressExperience working with MongoDB and an understanding of common patterns and data structuresExperience leading large development initiatives requiring collaboration + coordination with fellow engineersEnthusiastic about learning, working within, and architecting high impact productsStrong verbal and written communication skills. Related Jobs See more Full-Stack Programming jobs

Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AKST (UTC -9), HST (UTC -10)Full-time Excellent Benefits Signing Bonus Work from Anywhere in the US (except AL, CO, or LA)About the roleWe are looking for an ambitious Full Stack Senior Engineer who wants to make an impact at a mission-driven company. You are excited to work with a low-ego, highly collaborative team and take on a high level of responsibility across many projects.FreeWill has set compensation and a non-negotiation policy for fairness reasons (we don't think that an individual's pay should be determined by how comfortable they are negotiating). As a result, we like to be transparent and up front about the compensation. When we make an offer, we provide multiple options so that employees can choose between compensation packages that prioritize salary or stock options. The salary range for this role is $160,000-170,000. This role is also eligible for a signing bonus and will come with stock options and full benefits.ResponsibilitiesIndependently own the design and development of new featuresDrive technical initiatives that improve quality, efficiency, and sustainability for the teamWork on a modern stack, including React, TypeScript, Node.js, PostgreSQL, and AWSInteract closely with a diverse team across legal, growth, sales, design, and productMentor junior and mid-level engineers and share knowledge through code reviews, pair programming, 1-1 conversations, and broader team trainingsTechnical Skills5+ years building production systems for complex web applicationsExperience leading projects on teams consisting of multiple engineers, a product manager, and designerBusiness-to-Business and/or Business-to-Business-to-Consumer experience preferred, experience with fintech and/or estate planning a plusEarly startup experience strongly preferredProficient in web architecture including React, API design, and developer toolingFamiliar with TypeScript, Express, SQL, observability, performance optimization, continuous integration, automated testing, and cloud infrastructureHiring Process The hiring process for this role is as follows:Recruiter Phone Screen (30 minutes)Coding Screen: (45 minutes)Super Day Interviews: 4 Final Interviews with FreeWill team members (separate interviews- between 30 minutes and 1 hour)Offer (contingent on positive references)Please note that steps in the hiring process can and may change and the Recruiter will be your point of contact in sharing about any updates in terms of the process. If you are selected to move forward in this process, the Recruiter will share more details about the hiring process and interviewers. However, this is a good estimate of what you can expect. For most roles, our hiring processes take an average of 4-6 weeks.BenefitsIn addition to the immense personal and professional satisfaction youll gain from helping to raise $1T for high impact nonprofits in a kind and joyful work environment, full time employees at FreeWill are eligible for the following benefits:Work from homeUnlimited PTOFlexible hoursCompetitive salaryCommuter benefitsCompany stock options401kMedical/Dental/Vision (some single coverage medical plans are 100% employer paid, subsidized rates for spousal, parent-child, and family coverage)Short-term and long-term disability insuranceLife and AD&D insuranceFree One Medical membershipPaid parental leave for all parentsPerksRegular (virtual) team events$250 monthly co-working budget which can be used for local co-working spaces$300 annual budget to outfit your home office or cover utility bills$1,000 referral bonuses for growing our FreeWill community$1,000 annual professional development budgetFreeWill is an equal opportunity employer and we value diversity. We are committed to finding talent that is not determined on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law.We are a remote-first company thats able to hire in 47 states and D.C. Unfortunately, we are unable to hire in Colorado, Alabama, or Louisiana at this time. We also cant sponsor working visas, so all applicants will need to have work authorization in the US.Dont check off every box in the requirements listed above? Please apply anyway! Studies have shown that marginalized communities - such as women, LGBTQ+ and people of color - are less likely to apply to jobs unless they meet every single qualification. FreeWill is dedicated to building an inclusive, diverse, equitable, and accessible workplace that fosters a sense of belonging so if youre excited about this role but your past experience doesnt align perfectly with every qualification in the job description, we encourage you to still consider submitting an application. You may be just the right candidate for this role or another one of our openings!

L'attaque informatique la plus sophistique de l'Histoire

Chatted about coding, passion, and why I chose this path 10 years ago.