Slavik Markovich, CEO of Descope joins Dave to discuss his career as a serial entrepreneur. Before Descope, he co-founded and was the CEO of Demisto, a leader in the SOAR industry, which was acquired by Palo Alto Networks in 2019 for $560M, where he then served as SVP of Products. Before co-founding Demisto, Slavik was VP & CTO of database technologies at McAfee. He joined McAfee via the acquisition of Sentrigo, a database security startup he co-founded and served as CTO for. He goes into depth of his career changes throughout the years and how that has helped lead him to where he is now in his career. He shares that as a CEO and found of multiple companies he values time and hard workers. He says ” I think we really stress the importance of, uh, of responsibility. So if, if you kinda take something, you, you make sure to finish it and on time, if you promise to do something, you do that. And so that’s really important for us.” We thank Slavik for sharing his story with us. Read More
Verizon insider data breach hits over 63,000 employees
Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. […] Read More
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
[[{“value”:”RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access.
The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Hackers Stolen 2M+ User’s Data Via XSS & SQL Injection Attacks
[[{“value”:”
A large-scale cyber attack was launched to steal and market confidential user information, focusing mainly on the APAC region’s employment agencies and retail firms.
A group of hackers called ResumeLooters initiated a campaign aimed at job seekers. The hackers’ identities remain unknown, and their primary objective was to target and exploit vulnerabilities in the job-seeking process.
Group-IB, a cybersecurity company, recently discovered that a group of hackers, ResumeLooters, compromised 65 websites during November and December 2023.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Like GambleForce, ResumeLooters primarily targets the Asia-Pacific – over 70% of known victims are located in the region (India, Taiwan, Thailand, Vietnam, and other countries, as seen below in Figure 2).
ResumeLooters
ResumeLooters SQL injection & XSS as Attack Vectors
The threat actor attempts to steal user databases that may include names, phone numbers, emails, DOBs, information about job seekers’ experience, employment history, and other sensitive personal data.
By employing XSS Attacks, the hackers intended to load additional malicious scripts from the associated malicious infrastructure and display phishing forms on legitimate resources.
By using SQL injections, the group has stolen data from 65 websites. The stolen files contained 2,188,444 rows, of which 510,259 were user data stolen from job search websites.
To launch attacks, they used various penetration testing tools such as sqlmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL (Asset Reconnaissance Lighthouse), and Dirsearch.
ResumeLooters tried to inject XSS scripts into all possible web forms of the targeted websites.
Malware Infrastructre
“Throughout our research, we found several pieces of evidence supporting the first version. The attackers’ server, among other pieces of stolen data, stored a file named AdminJobApprovalGrid.aspx_2023_11_23_02_02_39.html.”
The attackers created a fake employer profile on one of the legitimate websites identified by Group-IB (https://jobs[redacted]co/company-detail/248). Within one of the fields in this profile, ResumeLooters could inject the XSS script referencing 8r[.]ae, which is also displayed on the site’s main page.
According to Group-IB, the malicious server is 139.180.137[.]107. We found logs of several penetration testing tools on this server, including sqlmap.
The emergence of ResumeLooters underscores the pernicious potential of a select few publicly available tools. Its impact is a cautionary tale for organizations seeking to protect sensitive information.
Such tools pose a severe threat to data confidentiality, integrity, and availability and require a multi-layered approach to safeguard against such attacks.
Follow us on LinkedIn for the latest cybersecurity news, whitepapers, infographics, and more. Stay informed and up-to-date with the latest trends in cybersecurity.