{"id":27267,"date":"2022-08-22T08:22:17","date_gmt":"2022-08-22T12:22:17","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=499016"},"modified":"2022-08-22T11:36:16","modified_gmt":"2022-08-22T15:36:16","slug":"cyber-security-today-some-ciso-salaries-are-up-lockbit-gang-has-troubles-and-crooks-take-advantage-of-poorly-secured-wordpress-sites","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-some-ciso-salaries-are-up-lockbit-gang-has-troubles-and-crooks-take-advantage-of-poorly-secured-wordpress-sites\/","title":{"rendered":"Cyber Security Today \u2013 Some CISO salaries are up, LockBit gang has troubles and crooks take advantage of poorly-secured WordPress sites"},"content":{"rendered":"<p>Some CISO salaries are up, LockBit gang has troubles and crooks take advantage of poorly-secured WordPress sites.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday, August 22nd, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24123774\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>The salaries<\/strong> of chief information security officers in the United States continue to rise. <a href=\"https:\/\/www.heidrick.com\/en\/insights\/compensation-trends\/2022-global-chief-information-security-officer-ciso-survey\" rel=\"noopener\">According to the annual CISO survey<\/a> conducted by executive search firm Heidrick and Struggles, the median cash compensation of the American CISOs it surveyed in the spring was US$584,000. That was up 15 per cent over last year and 23 per cent over 2020. Median salaries were up four per cent in the United Kingdom as well. The survey also questioned the salaries of CISOs in Germany. Note that more than two-thirds of the respondents in the three countries worked for big firms that pulled in US$5 billion or more in revenue. The survey also questioned CISOs in a broader number of countries about organizational issues. Only eight per cent of respondents report directly to the CEO. The rest report to the CIO, CTO or another executive. Eighty-eight per cent said they also report to the full board, or a committee of the board.<\/p>\n<p><strong>The LockBit ransomware gang<\/strong> started releasing data over the weekend it says was stolen from security company Entrust in July. At least it did temporarily. On Sunday it was reported that LockBit\u2019s data leak site was offline. LockBit claims it\u2019s because of a denial of service attack. Did Entrust strike back? No one knows. Entrust is a big provider of identity verification solutions for payment cards, customers and employees.<a href=\"https:\/\/www.securityweek.com\/ransomware-group-threatens-leak-data-stolen-security-firm-entrust\" rel=\"noopener\"> According to Security Week,<\/a> Entrust has admitted threat actors accessed HR, finance and marketing information. Entrust says there\u2019s no evidence that the operation or security of its products has been impacted.<\/p>\n<p><strong>Hackers take advantage<\/strong> of poorly-secured WordPress websites in a number of ways. <a href=\"https:\/\/blog.sucuri.net\/2022\/08\/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html\" rel=\"noopener\">According to researchers at Securi<\/a>, the latest is to make fake CloudFlare denial of service warning messages pop up on users\u2019 screens. When the user clicks on a prompt to download a verification code to access the site, malware is downloaded instead. How? An attacker gets into the WordPress site and installs a JavaScript program that compromises the website. The lesson is that WordPress administrators have tighten security. First, make sure all site software is up to date. Second, anyone who can access a WordPress site should be forced to use a strong password, backed up by multifactor authentication. Third, place your website behind a firewall. And fourth, regularly monitor your WordPress code for compromise.<\/p>\n<p><strong>Companies<\/strong> in the hospitality and travel sectors, including hotels, are being warned a criminal group is targeting them. The overwhelming number of phishing messages aimed at targeted firms by this group are written in Portuguese or Spanish. However, some are written in English. That means the number of American and Canadian targets could increase. Dubbed TA558<a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/reservations-requested-ta558-targets-hospitality-and-travel\" rel=\"noopener\"> by researchers at Proofpoint,<\/a> this group has recently begun sending emails with links to infected web pages or infected documents. Phishing messages may refer to a reservation or a phony QuickBooks invoice. Data theft appears to be the motive. Employees in the hospitality and travel sectors \u2014 in fact, any sector \u2014 should be careful handling messages with links and attachments. Better to ask advice than be victimized.<\/p>\n<p><strong>Finally,<\/strong> more malicious apps have been found in the Google Play Store. <a href=\"https:\/\/www.bitdefender.com\/blog\/labs\/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store\" rel=\"noopener\">Researchers at BitDefender recently found<\/a> 35 bad applications. The job of most of them is to serve ads to victims. What\u2019s different about many of these apps is that after installation on a device they hide. How? By renaming themselves and changing their icon so it\u2019s harder for you to find and delete them. For example, an app called \u2018GPS Location Maps\u2019 changes its label to \u2018Settings.\u2019 Google tries hard to screen apps. Most in the Play Store are good. But crooks sometimes slip by the defences. So remember: Don\u2019t install apps you really don\u2019t need; delete apps you no longer use; be wary of apps with a large number of downloads but few or no reviews; and be wary of apps that after installation request special permissions, such as access to the accessibility controls.<\/p>\n<p>That\u2019s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That\u2019s where you\u2019ll also find other stories of mine.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I\u2019m Howard Solomon<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-some-ciso-salaries-are-up-lockbit-gang-has-troubles-and-crooks-take-advantage-of-poorly-secured-wordpress-sites\/499016\">Cyber Security Today \u2013 Some CISO salaries are up, LockBit gang has troubles and crooks take advantage of poorly-secured WordPress sites<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on a survey of CISOs, LockBit ransomware gang data leak site is offline and crooks take advantage of poorly-secured WordP<\/p>\n","protected":false},"author":17,"featured_media":20701,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[],"class_list":["post-27267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/27267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=27267"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/27267\/revisions"}],"predecessor-version":[{"id":27276,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/27267\/revisions\/27276"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20701"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=27267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=27267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=27267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}