Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Job Board Breach: Hackers Pilfer Millions of Resumes and Personal Data

Since early 2023, a clandestine threat group known as ResumeLooters has been systematically targeting employment agencies and retail companies, predominantly located within the Asia-Pacific (APAC) region. This group's nefarious activities, previously undocumented, have caught the attention of cybersecurity experts at Singapore-based Group-IB. Their analysis reveals a sophisticated operation aimed at stealing sensitive data for financial gain.

Between November and December 2023, ResumeLooters orchestrated attacks on approximately 65 websites, with a particular focus on job search platforms. Their modus operandi involves exploiting vulnerabilities such as SQL injection to breach databases, resulting in the theft of over 2 million user records. These records contain a treasure trove of personal information, including names, email addresses, phone numbers, and detailed employment histories.

Security researcher Nikita Rostovcev, in a report shared with The Hacker News, shed light on the group's techniques. He explained that ResumeLooters employ SQL injection attacks to infiltrate databases, often supplemented by cross-site scripting (XSS) infections on legitimate job search websites. These tactics enable the attackers to not only pilfer vast amounts of data but also potentially harvest administrator credentials.

Furthermore, Group-IB's investigation uncovered evidence suggesting that ResumeLooters utilize a range of sophisticated tools to facilitate their operations. These tools include SQLmap for SQL injection, Metasploit for exploiting vulnerabilities, and BeEF (Browser Exploitation Framework) for additional penetration testing. Rogue JavaScript code is deployed to gather sensitive data and redirect users to credential-harvesting pages, demonstrating the group's technical prowess.

The primary motivation behind ResumeLooters' activities appears to be financial gain. The stolen data is promptly advertised and auctioned off in Telegram channels dedicated to illicit activities. This underscores the need for robust cybersecurity measures to protect against such targeted attacks.

Source: https://thehackernews.com/2024/02/hackers-exploit-job-boards-in-apac.html

Caitlin Joyce (CaitlinG) Galanza | News
Created: February 12 2024 | Updated: on 2/12/24
Comments

  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi