Cybersecurity News
Bank of England paid £3m in 'golden goodbyes' over 15 months
Rise in settlements in 2019 included those paid to departing tech security staff shortly before major breach
The Bank of England paid departing staff almost £3m in “golden goodbyes” over 15 months, at the same time as an exodus of workers from its information security team.
Settlement payments to former staff surged to £2.3m in 2019, according to data provided to the Guardian under freedom of information laws. The Bank confirmed that former information security staff received some of the payments.
Continue reading...China is now blocking all encrypted HTTPS traffic using TLS 1.3 and ESNI
Block was put in place at the end of July and is enforced via China's Great Firewall internet surveillance technology.Digital Clones Could Cause Problems for Identity Systems
Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.DEF CON: New tool brings back 'domain fronting' as 'domain hiding'
After Amazon and Google stopped supporting the censorship-evading domain fronting technique on their clouds in 2018, new Noctilucent toolkit aims to bring it back in a new form as "domain hiding."Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
Reddit Attack Defaces Dozens of Channels
The attack has defaced the channels with images and content supporting Donald Trump.Hacking the PLC via Its Engineering Software
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.Attackers Horn in on MFA Bypass Options for Account Takeovers
Legacy applications don't support modern authentication -- and cybercriminals know this.
400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.Have I Been Pwned Set to Go Open-Source
Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.
Hackers are defacing Reddit with pro-Trump messages
BREAKING: Massive hack hits Reddit.Researcher Finds New Office Macro Attacks for MacOS
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.BEC Campaigns Target Financial Execs via Office 365
A series of business email compromise campaigns has been targeting executives of more than 1,000 companies, most recently in the US and Canada.Bulgarian police arrest hacker Instakilla
Hacker accused of hacking and extorting companies, selling stolen data online.Facebook open-sources one of Instagram's security tools
In the first half of 2020, Pysa detected 44% of all security bugs in Instagram's server-side Python code.Week in security with Tony Anscombe
ESET highlights new research at Black Hat 2020 – What to if your data was stolen in the Blackbaud breach
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
IoT Security During COVID-19: What We've Learned & Where We're Going
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.Hackers Dump 20GB of Intel’s Confidential Data Online
Chipmaker investigates a leak of intellectual property from its partner and customer resource center.
Augmenting AWS Security Controls
Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.
Stadeo: Deobfuscating Stantinko and more
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware
The post Stadeo: Deobfuscating Stantinko and more appeared first on WeLiveSecurity