The U.S. government takes down another dark web forum, Western Digital suffers a cyberattack and the fastest acting ransomware to date. Here are the latest threats and advisories for the week of April 7, 2023.   By John Weiler  Threat Advisories and Alerts  Websites Built with Elementor Pro and WooCommerce under Attack  Millions of WordPress websites using the popular Elementor Pro website builder and the WooCommerce plugin have been exposed to a serious security vulnerability. The flaw, which affects Elementor Pro versions 3.11.6 and earlier, allows malicious actors to change the default user privileges to include administrator access. The vulnerability was patched in a March 22 update, but the number of reported incidents indicates that most website administrators have yet to

With more than 14,000 new Certified in Cybersecurity members joining (ISC)² last year and an additional 180,000+ Candidates gearing up to earn their first certification, (ISC)² will be supporting these cyber newcomers every step of the way.   Recently, the Center for Cyber Safety and Education held its first Birds of a Feather: Newbies in Cyber webinar to promote an open dialogue and space for those leaning toward a career in cybersecurity, career changers and anyone interested in joining the field with questions. Within this conversation, we heard many of the questions and concerns that have been echoed across our social channels and in the (ISC)² Community as well. Please see below for some helpful guidance and resources for those

UK government potentially skimps on senior cyber role salary as the NCSC calls for more investment in people, Microsoft talks up the potential for ChatGPT and the US moves to ban spyware.  By Joe Fay  U.K. Treasury Tries to Drive Down Inflation with Paltry Cybersecurity Salary  The U.K.’s Treasury department is looking for an “experienced” Head of Cyber Security willing to work for £55,500. The successful candidate will be “working at the heart of Government in a time of momentous change and offering a level of exposure and challenge that is hard to find anywhere else”. Amongst other things, they will supervise specialist security processes and the provision of device security throughout the organization. Commentators have lambasted the proposed salary,

We all learn differently. And we all have different schedules and needs when it comes to certification training. In the past, finding the time to train has been limiting for some. Enter adaptive online training, a new and innovative way to prep for certification that uses artificial intelligence (AI) to tailor the learning journey to each individual’s needs. It provides a non-linear, personalized learning experience that works well for busy professionals who want to upskill without having to rely on traditional linear learning models, which can be restrictive about time and pace. How it works (ISC)² is leading the way in rolling out this flexible learning option for certification training. Official (ISC)² Online Training uses AI-led adaptive learning to provide

In the latest of several recent announcements, the U.S. body responsible for cybersecurity is making a clear shift towards pre-emptive over reactionary reporting, alerting and advice for organizations.  By John E. Dunn  A defining characteristic of ransomware attacks is the element of surprise. By the time the victim receives the ransom note, it is usually already too late to contain an incident. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a new pilot project, the Pre-Ransomware Notification Initiative, which it hopes will be able to notify more victims before this happens.  The premise is that attackers often linger inside networks for some time before striking. This offers a window of opportunity, according to CISA:  “These early warnings can enable