What happened to bullhorn.com?
The corporate marketing site bullhorn.com is run on WordPress, and a third party exploited a WordPress vulnerability to host malware on the site. Note that the Bullhorn corporate website is hosted by a third party website hosting provider, and at no time was any customer data accessed in Bullhorn applications.
When did this happen?
The malware was only accessible from 3AM EDT and 10:15AM EDT on July 19, 2021, and a computer running up-to-date anti-virus software should have flagged the pop-up as potential malware.
How did Bullhorn discover the issue?
Bullhorn security services monitoring our resources 24/7 noticed suspicious activity early on the morning of Monday, July 19th. Further investigation uncovered the source to be associated with the hosted bullhorn.com website.
What should I do if I think malware may have been installed on my computer?
It’s unlikely that any of your users have been impacted, but out of an abundance of caution, you should make sure that your antivirus software is up to date.
Can my IT team take any further steps in addition to updating anti-virus software?
We recommend blocking the domains below where possible, and examining logs for these indicators:
Is my ATS data secure? What about other Bullhorn applications?
The security breach has nothing to do with any Bullhorn application, and any data in Bullhorn applications was not impacted by the exploit. Bullhorn applications are hosted on an entirely different infrastructure, totally separate from the corporate website.
What are you doing to prevent this kind of occurrence in the future?
We have increased our security monitoring of the corporate website, and are working closely with our current hosting provider to ensure that any vulnerabilities on the WordPress platform are patched as soon as possible on an ongoing basis.
We are also reviewing alternative hosting arrangements for our website that may provide a more stable and secure infrastructure.