Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials inside AWS.

• BEC scammers impersonate CEOs of targeted companies and request an aging report and clients’ email addresses from employees.
• In this way, the scammers will obtain a company’s customer names, outstanding balances, and contact information.

Facebook must pay a record-breaking $5 billion fine as part of a settlement with the Federal Trade Commission, by far the largest penalty ever imposed on a company for violating consumers' privacy rights.

• The vulnerability tracked as CVE-2019-1579 impacts all companies that use the GlobalProtect software, including the ride-sharing platform Uber.
• The impacted versions include PAN-OS 7.1.18, PAN-OS 8.0.11, and PAN-OS 8.1.2.

FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents. 

Equifax will dish out as much as $700 million on the heels of its infamous 2017 data breach that impacted 150 million customers.

Ad injection and other "man-in-the-middle" techniques will have a tougher time installing themselves onto PCs.

44 per cent of Internet users admit having shared their passwords or stored them in visible places.

Frankly, I'm surprised. Is it the revelation that Juniper had "unauthorized code" in their Netscreen product? Is it that a third party could reportedly remotely access these systems? Is it that VPN traffic could be decrypted?

I'm seeing in the news today that a subset of Twitter users have been receiving notifications that they may well be the targets of surveillance by nation state actors. Step one, let's all take a deep breath.

A group of computer scientists at the Massachusetts Institute of Technology has developed the most secure SMS text messaging system.

Tens of millions of users would be unable to access HTTPS websites that only use SHA-2-signed certificates, Facebook and Cloudflare have warned
Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm.

A vital part of the Commodity Futures Trading Commission’s Data Protection Initiative has been completed, CFTC Commissioner Dawn Stump announced this week.

Cryptographic key reuse is rampart in European payment terminals, allowing attackers to compromise them en masse.

Security firm Zscaler discovered a malicious campaign based on a new strain of the Spy Banker banking malware.

FireEye says it has discovered a type of malware designed to steal payment card data that can be very difficult to detect and remove.
The cybercriminal group behind the malware, which FireEye nicknamed "FIN1," is suspected of being in Russia and has been known to target financial institutions.

The malware, which FIN1 calls Nemesis, infected an organization that processes financial transactions, which FireEye did not identify.

A criminal named Hacker Buba after asking UAE bank for $3 million ransom started leaking customer data online.

A new strain of PoS malware dubbed Pro PoS Solution is available for sale in the underground forums.