24 matches found
Be careful responding to unexpected job interviews
One of our customers was contacted on LinkedIn about a job offer. The initial message was followed up by an email: “Thank you for your interest in the Senior Construction Manager position at company. After reviewing your background, we were impressed with your experience and would like to invite...
EUVD-2014-1989
Malware in sbrugna...
EUVD-2014-1988
Malware in sbrugna...
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter...
LinkedIn: “See who’s interested in working for your company” - security issue
A security vulnerability was identified in the "See who's interested in working for your company" feature of LinkedIn Recruiter. The vulnerability allowed recruiters to view profiles of members interested in working for certain companies. A fix was deployed to production within one month...
warrenohrecruiter.com Cross Site Scripting vulnerability OBB-3189060
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
chesapeakerecruiter.com Cross Site Scripting vulnerability OBB-3126104
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
auburnrecruiter.com Cross Site Scripting vulnerability OBB-3119293
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting
The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks. As a candidate, add the following payload on the Social Network option: javascript:alert1 As a recruiter, access the candidate page an...
glenviewrecruiter.com Cross Site Scripting vulnerability OBB-2308625
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Hackers Target Defense Contractors' Employees By Posing as Recruiters
The United States Cybersecurity and Infrastructure Security Agency CISA has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed 'BLINDINGCAN ,' the advanced remo...
New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs
Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task in which testing candidates' domain knowledge is a core component of the hiring process. A common practice is for each organization to put togethe...
careers.asbgroup.co.nz XSS vulnerability
Vulnerable URL: https://careers.asbgroup.co.nz/recruiter/p=0=bkcgi3d624k7&b3e;t-a-lg1'%22%26%25promptString.fromCharCode88, 83, 83, 80, 79, 83, 69, 68...
CVE-2014-1930
Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...
CVE-2014-1931
The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests...
Design/Logic Flaw
Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...
CVE-2014-1931
The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests...
CVE-2014-1930
Visibility Software Cyber Recruiter prior to version 8.1.00 is vulnerable due to an improper HTTPS transport/response header configuration that permits browser-history access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx, enabling an attacker to obtain sensitive information from an unatten...
CVE-2014-1931
The CVE-2014-1931 issue affects Visibility Software Cyber Recruiter prior to version 8.1.00. The login page returns different responses to invalid password-retrieval attempts depending on which data elements are incorrect, enabling potential information disclosure about-account information throug...
Visibility Software Cyber Recruiter authentication bypass vulnerability
Overview Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages. Description CWE-305: Authentication Bypass by Primary Weakness:Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages allowi...