Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196PUBLISHED: 2023-05-26Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879PUBLISHED: 2023-05-26GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
User Rank: Strategist
10/12/2017 | 9:13:35 AM
HR generalists and recruiters are mostly not competent (not equipped, to be nice) to recruit security professionals.
Another major problem is that positions are not properly and consistently categorized. I can see two positions with near IDENTICAL veribiage, and when I inquire on compensation, there can be a $10k, $20k, $30k or more difference. The detail here is that HR doesn't have context to know if they are filling a firewall admin or security/SOC analyst v filling an ISSO or Security Engineer or Security Architect (or CISO). When they realize they really want an ISSO or Security Engineer, they are going to have to up their game $25k or so.
Part of this stems from Infosec not defining the differences between technical security (e.g. firewall) and infosec management (e.g. ISSO, CISO). DoD has a policy defining these (by associated certifications), but I dont think that is widely known.
My attempt to train the recuiter-seekers is to re-work my resume to list the Roles I fulfill, Qualifications and certifications, Goals and Skills. The lastly, Experience/Job list. Word search only will get then so far; they are going to have to read my story before they get to review former employers. You would be amazed how many interviews are not interviews - only review of former employment. Ridiculous waste of my time. Listen to what I am telling you (I AM the Expert, after all).
Oh, and how did that HR miss the clues of "'didn't look into your eyes'" as a possible indicator of extreme competence? Just read "Girl with the Dragon Tattoo" to gain some insight.
I can only hope this gets cross-posted to some HR/Recruiting sites.....