Cyber Security Today – Some CISO salaries are up, LockBit gang has troubles and crooks take advantage of poorly-secured WordPress sites

Share post:

Some CISO salaries are up, LockBit gang has troubles and crooks take advantage of poorly-secured WordPress sites. Welcome to Cyber Security Today. It’s Monday, August 22nd, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  The salaries of chief information security officers in the United States continue to rise. According to the annual CISO survey conducted by executive search firm Heidrick and Struggles, the median cash compensation of the American CISOs it surveyed in the spring was US$584,000. That was up 15 per cent over last year and 23 per cent over 2020. Median salaries were up four per cent in the United Kingdom as well. The survey also questioned the salaries of CISOs in Germany. Note that more than two-thirds of the respondents in the three countries worked for big firms that pulled in US$5 billion or more in revenue. The survey also questioned CISOs in a broader number of countries about organizational issues. Only eight per cent of respondents report directly to the CEO. The rest report to the CIO, CTO or another executive. Eighty-eight per cent said they also report to the full board, or a committee of the board. The LockBit ransomware gang started releasing data over the weekend it says was stolen from security company Entrust in July. At least it did temporarily. On Sunday it was reported that LockBit’s data leak site was offline. LockBit claims it’s because of a denial of service attack. Did Entrust strike back? No one knows. Entrust is a big provider of identity verification solutions for payment cards, customers and employees. According to Security Week, Entrust has admitted threat actors accessed HR, finance and marketing information. Entrust says there’s no evidence that the operation or security of its products has been impacted. Hackers take advantage of poorly-secured WordPress websites in a number of ways. According to researchers at Securi, the latest is to make fake CloudFlare denial of service warning messages pop up on users’ screens. When the user clicks on a prompt to download a verification code to access the site, malware is downloaded instead. How? An attacker gets into the WordPress site and installs a JavaScript program that compromises the website. The lesson is that WordPress administrators have tighten security. First, make sure all site software is up to date. Second, anyone who can access a WordPress site should be forced to use a strong password, backed up by multifactor authentication. Third, place your website behind a firewall. And fourth, regularly monitor your WordPress code for compromise. Companies in the hospitality and travel sectors, including hotels, are being warned a criminal group is targeting them. The overwhelming number of phishing messages aimed at targeted firms by this group are written in Portuguese or Spanish. However, some are written in English. That means the number of American and Canadian targets could increase. Dubbed TA558 by researchers at Proofpoint, this group has recently begun sending emails with links to infected web pages or infected documents. Phishing messages may refer to a reservation or a phony QuickBooks invoice. Data theft appears to be the motive. Employees in the hospitality and travel sectors — in fact, any sector — should be careful handling messages with links and attachments. Better to ask advice than be victimized. Finally, more malicious apps have been found in the Google Play Store. Researchers at BitDefender recently found 35 bad applications. The job of most of them is to serve ads to victims. What’s different about many of these apps is that after installation on a device they hide. How? By renaming themselves and changing their icon so it’s harder for you to find and delete them. For example, an app called ‘GPS Location Maps’ changes its label to ‘Settings.’ Google tries hard to screen apps. Most in the Play Store are good. But crooks sometimes slip by the defences. So remember: Don’t install apps you really don’t need; delete apps you no longer use; be wary of apps with a large number of downloads but few or no reviews; and be wary of apps that after installation request special permissions, such as access to the accessibility controls. That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon The post Cyber Security Today – Some CISO salaries are up, LockBit gang has troubles and crooks take advantage of poorly-secured WordPress sites first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

AI Engages In Deceptive Marketing: Hashtag Trending for Tuesday, December 3, 2024

Hashtag Trending is brought to you this week by Elisa: A Tale of Quantum Kisses a science fiction,...

AI vs Ghost Engineers: Hashtag Trending for Monday, Dec. 2, 2024

Hashtag Trending is brought to you this week by Elisa: A Tale of Quantum Kisses, a science fiction...

AI Chat Bot Exposes 300,000 Records: Cyber Security Today for Monday, December 2, 2024

This week’s programs are brought to you by the book Elisa: A Tale of Quantum Kisses. Pre-release of...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways