Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25135PUBLISHED: 2023-02-03
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are...
CVE-2022-4634PUBLISHED: 2023-02-03All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0123PUBLISHED: 2023-02-03Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-0124PUBLISHED: 2023-02-03Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-24613PUBLISHED: 2023-02-03
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend bin...
User Rank: Strategist
10/12/2017 | 9:13:35 AM
HR generalists and recruiters are mostly not competent (not equipped, to be nice) to recruit security professionals.
Another major problem is that positions are not properly and consistently categorized. I can see two positions with near IDENTICAL veribiage, and when I inquire on compensation, there can be a $10k, $20k, $30k or more difference. The detail here is that HR doesn't have context to know if they are filling a firewall admin or security/SOC analyst v filling an ISSO or Security Engineer or Security Architect (or CISO). When they realize they really want an ISSO or Security Engineer, they are going to have to up their game $25k or so.
Part of this stems from Infosec not defining the differences between technical security (e.g. firewall) and infosec management (e.g. ISSO, CISO). DoD has a policy defining these (by associated certifications), but I dont think that is widely known.
My attempt to train the recuiter-seekers is to re-work my resume to list the Roles I fulfill, Qualifications and certifications, Goals and Skills. The lastly, Experience/Job list. Word search only will get then so far; they are going to have to read my story before they get to review former employers. You would be amazed how many interviews are not interviews - only review of former employment. Ridiculous waste of my time. Listen to what I am telling you (I AM the Expert, after all).
Oh, and how did that HR miss the clues of "'didn't look into your eyes'" as a possible indicator of extreme competence? Just read "Girl with the Dragon Tattoo" to gain some insight.
I can only hope this gets cross-posted to some HR/Recruiting sites.....