Cisco has fixed a vulnerability in their business careers portal that may have exposed personal information of trucks.
The networking giant sent an email affected users in which it is stated that "limited information on job applications set" leaked mobile version of the website, which shows a "configuration incorrect security" placed after system maintenance on a third party site.
An anonymous researcher reported the flaw. Cisco says it has found no evidence of another unauthorized access, but "an instance of unexplained abnormal connection to the server" during the time that the data was exposed was found.
Cisco indicates that borked security settings were in place between August and September 2015, and again in July and August 2016.
It indicates that the data presented may have included real names and connection; Passwords; physical and email addresses, phone numbers; The answers to security questions; Education and professional users; Cover letters and resumes.
Any hacker who aspire the data also won the voluntary information of candidates, including sex, race, veteran status and disability and disability.
"After knowing this, the adjustment was corrected immediately and passwords on the site that have been restored," said Cisco customers in the notices sent to the Attorney General of California
Cisco says the disclosure shows its "commitment to trust and transparency," noting that it is alerting users to the possibility of their personal information has been exposed because users often reuse the same password on multiple websites.
He did not mention that the information is perfect fodder for social engineering attacks in which criminals can use personal information to impersonate victims exceeds validation checks the identity of the account holder.
Cisco said users can put fraud alerts free 90-day bills if they wish. ......
No comments:
Post a Comment
Note: only a member of this blog may post a comment.