Tag: jobs
-
AI chatbot’s simple ‘123456’ password risked exposing personal data of millions of McDonald’s job applicants
Security researchers found two flaws in an AI-powered chatbot used by McDonald’s to interact with job applicants. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/11/ai-chatbots-simple-123456-password-risked-exposing-personal-data-of-millions-of-mcdonalds-job-applicants/
-
McDonald’s AI Hiring Tool McHire Leaked Data of 64 Million Job Seekers
Major security flaw in McDonald’s AI hiring tool McHire exposed 64M job applications. Discover how an IDOR vulnerability… First seen on hackread.com Jump to article: hackread.com/mcdonalds-ai-hiring-tool-mchire-leaked-job-seekers-data/
-
McDonald’s McHire Vulnerability Leaked Data of 64 Million Job Seekers
Major security flaw in McDonald’s McHire platform exposed 64M job applications. Discover how an IDOR vulnerability and weak… First seen on hackread.com Jump to article: hackread.com/mcdonalds-mchire-vulnerability-job-seekers-data-leak/
-
US Treasury Department sanctions individuals and entities over illegal IT worker scheme
How not to hire a North Korean IT spy (Apr 14, 2025)North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike report (Aug 6, 2024)North Korean hackers impersonated recruiters to steal credentials from over 1,500 developer systems (Jan 30, 2025)> First seen on csoonline.com Jump to article: www.csoonline.com/article/4019820/us-treasury-department-sanctions-individuals-and-entities-over-illegal-it-worker-scheme.html
-
McDonald’s AI Hiring Bot Exposed with ‘123456’ Password, Millions of Job”‘Seekers’ Data at Risk
A shocking security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of millions of job applicants, after security researchers discovered they could access the entire database using the laughably weak password >>123456.
-
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai. First seen on wired.com Jump to article: www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
-
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai. First seen on wired.com Jump to article: www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
-
Trump seeks unprecedented $1.23 billion cut to federal cyber budget
Tags: attack, cisa, cyber, cybersecurity, data, government, infrastructure, jobs, network, nist, office, risk, risk-management, service, strategy, technology, threatCynthia Brumfield / CSO(The chart is based on White House data provided for 2017, 2018, 2019, 2020, 2021, 2022, and 2023. Numbers for 2024, 2025, and 2026 reflect adjustments that Trump’s OMB made for 2024 and 2025.)The administration’s cybersecurity budget cuts are not evenly distributed among federal agencies. In fact, according to crosscut tables released…
-
Chinese Data Leak Reveals Salt Typhoon Contractors
China’s Hack-For-Hire Scene Disgorges Another Leak. The Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details. First seen on govinfosecurity.com Jump to…
-
Chinese Data Leak Reveals Salt Typhoon Contractors
China’s Hack-For-Hire Scene Disgorges Another Leak. The Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details. First seen on govinfosecurity.com Jump to…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…
-
How 1ST Airport Taxis Is Redefining Secure Smart Travel
In an era where the convergence of convenience and cybersecurity defines modern transport services, 1ST Airport Taxis LTD emerges not just as a leading UK-based private hire operator but as a technological innovator in secure and intelligent transport solutions. With deep historical roots in Luton and a footprint that spans across major airports including Heathrow,…
-
Will AI Gut the Cybersecurity Talent Pipeline?
Automation Saves Time But Risks Hollowing Out Critical Early-Career Roles. Time travel can seem like an unofficial requirement for cybersecurity job seekers, with would-be employers demanding mid-tier chops for entry-level positions. Come back in a few years, they say, after you’ve gained experience. But organizations can’t assume the pipeline will fix itself. First seen on…
-
Threat Actors Turn Job Offers into Scams, Causing Over $264 Million in Losses in 2024
In an era marked by a persistent cost-of-living crisis and economic uncertainty, many individuals are seeking side hustles or better-paying jobs to make ends meet. However, threat actors are exploiting this desperation with sophisticated employment scams, netting over $264 million in losses as reported to the FBI in 2024 alone. These scams, often under-reported, thrive…
-
Has CISO become the least desirable role in business?
Tags: advisory, ai, business, cio, ciso, control, corporate, cybersecurity, data, dora, finance, governance, international, jobs, network, office, regulation, resilience, risk, sap, skills, startup, threatGeorge Gerchow, CSO, Bedrock Security George Gerchow / Bedrock Security”I’ll never report to a CTO or CFO again. I have to have seat at the table,” he says emphatically. Otherwise, he says, you become frustrated “because you’re not in control of your own destiny. You’re parsing everything to this other person who’s a leader in…
-
Skills gaps send CISOs in search of managed security providers
Tags: access, awareness, business, ciso, compliance, control, cyber, cybersecurity, detection, governance, group, infrastructure, intelligence, jobs, monitoring, msp, mssp, network, penetration-testing, risk, risk-assessment, service, skills, strategy, threat, tool, training, update, vulnerabilitySecurity operations centers (SOCs)Cloud platform managementSIEM and log monitoringFramework-based cybersecurity management functionsThreat intelligence feeds and analysisVulnerability scanning and patch managementEndpoint detection and response (EDR)Firewall and network security managementCompliance tracking and audit support”MSPs already have the infrastructure and staff in place to deliver these services efficiently, and at scale,” Richard Tubb, who runs the MSP community…
-
Former and current Microsofties react to the latest round of layoffs
Tags: jobs‘JFC, again?’ First seen on theregister.com Jump to article: www.theregister.com/2025/07/04/former_and_current_microsofties_react_layoffs/
-
New hires, new targets: Why attackers love your onboarding process
In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/04/attackers-onboarding-process-video/
-
Microsoft to Lay Off 9,000 Employees, Affecting 4% of Workforce
Microsoft announced that it will lay off approximately 9,000 employees worldwide, representing nearly 4% of its global workforce of 228,000 as of June 2024. This move marks the company’s second significant round of job cuts this year, following the elimination of about 6,000 positions in May, and brings the total number of layoffs since May…
-
Securing the next wave of workload identities in the cloud
Tags: access, api, breach, cloud, computing, control, credentials, data-breach, identity, infrastructure, iot, jobs, kubernetes, mfa, password, risk, service, tool, vulnerability, zero-trustExtending zero trust to workloads: Applying zero trust beyond just passwords is crucial. On the human side, MFA and conditional access are standard. For workloads, we implemented a similar approach using tokens, certificates and continuous checks. When one service calls another, it presents a cryptographic token or certificate, and the target service verifies it each…
-
Ghost in the Machine: A Spy’s Digital Lifeline
Tags: access, ai, attack, authentication, best-practice, cloud, communications, control, country, crypto, cyber, data, encryption, endpoint, framework, government, Hardware, identity, infrastructure, intelligence, jobs, law, linux, mfa, military, network, resilience, risk, software, spy, strategy, technology, threat, tool, vpn, windows, zero-trust -
US DOJ makes progress combatting North Korean remote IT worker schemes
Any organization is at risk: During a media briefing, senior DOJ and FBI officials noted that at least one of the organizations that had unknowingly contracted the illicit workers was a government contractor, but, they said, anyone in the US posting jobs for remote workers is at risk.”The threat posed by DPRK operatives is both…
-
US DOJ announces progress combatting North Korean remote IT worker schemes
Any organization is at risk: During a media briefing, senior DOJ and FBI officials noted that at least one of the organizations that had unknowingly contracted the illicit workers was a government contractor, but, they said, anyone in the US posting jobs for remote workers is at risk.”The threat posed by DPRK operatives is both…
-
How to Chart an Exposure Management Leadership Path for You, Your Boss and Your Organization
Tags: access, attack, automation, breach, business, ciso, cloud, container, cybersecurity, data, defense, exploit, identity, incident response, iot, jobs, kubernetes, ransom, regulation, risk, security-incident, service, soc, threat, tool, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we share some tips on how to lead the move to exposure management. You can read the entire Exposure Management Academy series here. For years, organizations poured resources into reactive…
-
Gefährliche Lücke in Brother-Druckern
Tags: access, authentication, bug, ceo, cve, cvss, cybersecurity, data-breach, firmware, jobs, network, service, update, vulnerability, wifiEine Schwachstelle in Brother-Druckern zur Umgehung der Authentifizierung kann mit einer anderen Lücke gekoppelt werden, um Code auf den betroffenen Geräten remote auszuführen.Brother Industries hat mit einer kritischen Sicherheitslücke zu kämpfen, die Hunderte verschiedener Druckermodelle betrifft. Diese Schwachstelle ermöglicht in Verbindung mit einer weiteren Lücke die Ausführung von nicht authentifiziertem Remote-Code (RCE) auf den Geräten.Das…
-
Gefährliche Lücke in Brother Druckern
Tags: access, authentication, bug, ceo, cve, cvss, cybersecurity, data-breach, firmware, jobs, network, service, update, vulnerability, wifiEine Schwachstelle in Brother Druckern zur Umgehung der Authentifizierung kann mit einer anderen Lücke gekoppelt werden, um Remotecode auf den betroffenen Geräten auszuführen.Brother Industries hat mit einer kritischen Sicherheitslücke zu kämpfen, die Hunderte verschiedener Druckermodelle betrifft. Diese Schwachstelle ermöglicht in Verbindung mit einer weiteren Lücke die Ausführung von nicht authentifiziertem Remote-Code (RCE) auf den Geräten.Das…