job hiring sites hacker

Introduction：

1、Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data ♂

　　Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data.

　　Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65 websites compromised between November 2023 and December 2023.

　　The stolen files are estimated to contain 2,188,444 user data records, of which 510,259 have been taken from job search websites. Over two million unique email addresses are present within the dataset.

　　"By using SQL injection attacks against websites, the threat actor attempts to steal user databases that may include names, phone numbers, emails, and DoBs, as well as information about job seekers' experience, employment history, and other sensitive personal data," security researcher Nikita Rostovcev said in a report shared with The Hacker News.

　　"The stolen data is then put up for sale by the threat actor in Telegram channels."

　　Group-IB said it also uncovered evidence of cross-site scripting (XSS) infections on at least four legitimate job search websites that are designed to load malicious scripts responsible for displaying phishing pages capable of harvesting administrator credentials.

　　ResumeLooters is the second hacking group after GambleForce that has been found staging SQL injection attacks in the APAC region since the latter's public disclosure in late December 2023.

　　A majority of the compromised websites are based in India, Taiwan, Thailand, Vietnam, China, Australia, and Turkey, although compromises have also been reported from Brazil, the U.S., Turkey, Russia, Mexico, and Italy.

　　The modus operandi of ResumeLooters involves the use of the open-source sqlmap tool to carry out SQL injection attacks and drop and execute additional payloads such as the BeEF (short for Browser Exploitation Framework) penetration testing tool and rogue JavaScript code designed to gather sensitive data and redirect users to credential harvesting pages.

　　The cybersecurity company's analysis of the threat actor's infrastructure reveals the presence of other tools like Metasploit, dirsearch, and xray, alongside a folder hosting the pilfered data.

　　The campaign appears to be financially motivated, given the fact that ResumeLooters have set up two Telegram channels named 渗透数据中心 and 万国数据阿力 as of last year to sell the information.

　　"ResumeLooters is yet another example of how much damage can be made with just a handful of publicly available tools," Rostovcev said. "These attacks are fueled by poor security as well as inadequate database and website management practices."

Related questions

To prepare for the Motius GmbH front-end developer hiring test on HackerRank, focus on the following structured approach: 1. Core JavaScript Mastery - ES6+ Features: Arrow functions, destructuring, spread/rest operators, template literals. - Asynchronous Programming: Promises, async/await, handling API calls with `fetch`. - Closures & Scope: Understand lexical scoping and closure usage. - Prototypes & OOP: Object inheritance, classes, `this` keyword behavior. - Array Methods: `map`, `filter`, `reduce`, `sort` for data manipulation. Example Problem: Implement a debounce function to limit API calls on input: ```javascript function debounce(func, delay) { let timeoutId; return (...args) => { clearTimeout(timeoutId); timeoutId = setTimeout(() => func(...args), delay); }; } ``` 2. DOM Manipulation & Events - Dynamic Element Creation: Generate and update DOM elements programmatically. - Event Handling: Delegation, propagation, and performance optimization. - Form Validation: Real-time validation using input events. Example Problem: Render a sorted list from an array: ```javascript function renderUsers(users) { const sorted = users.sort((a, b) => a.age - b.age); const ul = document.createElement('ul'); sorted.forEach(user => { const li = document.createElement('li'); li.textContent = `${user.name}: ${user.age}`; ul.append(li); }); document.body.append(ul); } ``` 3. CSS & Responsive Design - Layout Techniques: Flexbox, Grid, positioning. - Media Queries: Adapt layouts for mobile/desktop. - CSS Variables: Theming (e.g., dark/light mode). Example Code: Center a div using Grid: ```css .container { display: grid; place-items: center; height: 100vh; } ``` 4. React Fundamentals - Functional Components & Hooks: `useState`, `useEffect`, `useContext`. - State Management: Lift state up, context API for global state. - Component Lifecycle: Fetch data in `useEffect`. Example Component: Fetch and display data: ```jsx function UserList() { const [users, setUsers] = useState([]); const [loading, setLoading] = useState(true); useEffect(() => { fetch('https://api.example.com/users') .then(res => res.json()) .then(data => { setUsers(data); setLoading(false); }); }, []); return loading ? : (

{users.map(user =>
• {user.name}
)}

); } ``` 5. Algorithms & Problem-Solving - Arrays/Strings: Reversing, searching, filtering. - Efficiency: Optimize for time/space complexity. - Recursion & Dynamic Programming: Basic problems like Fibonacci. Example Problem: Find the first non-repeating character in a string: ```javascript function firstNonRepeatingChar(s) { const freq = {}; for (const char of s) freq[char] = (freq[char] || 0) + 1; for (const char of s) if (freq[char] === 1) return char; return null; } ``` 6. Web APIs & Best Practices - RESTful Calls: Use `fetch` with error handling. - Web Storage: `localStorage` vs. `sessionStorage`. - Security: Sanitize inputs to prevent XSS. Example API Call: ```javascript async function fetchData(url) { try { const res = await fetch(url); if (!res.ok) throw new Error('Network error'); return await res.json(); } catch (err) { console.error(err); return null; } } ``` 7. Testing & Debugging - Unit Tests: Basics with Jest/React Testing Library. - DevTools: Debugging, performance profiling. 8. Practice & Strategy - HackerRank Challenges: Focus on front-end problems under timed conditions. - Mock Projects: Build components like pagination, modals, or dynamic forms. - Edge Cases: Handle empty states, network errors, and invalid inputs. --- Final Tips: - Read Instructions Carefully: Clarify requirements before coding. - Test Code: Use sample inputs to verify logic. - Optimize for Readability: Clean code with meaningful variable names. By systematically addressing these areas, you'll be well-prepared for the test. Good luck! 馃殌