And don't forget the paperwork after, says Chocolate Factory Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software.…

After he was demoted and fired, idiot logged into office PC from home and wiped storage systems An IT guy, who was tasked with locking out ex-employees from the company network, has been jailed after he logged in after being fired and wiped an office's computer storage drives.…

One thing to let people rent your home, quite another to let them access your private comms Airbnb says it has fixed a baffling bug in its website that briefly caused some of its users to be shown messages belonging to others when viewing their account inboxes.…

Ugly: And it's all about video game robberies at this stage Two people have been arrested in Malaysia as part of America's crackdown on the Chinese government's hackers.…

Extortionware is bad but it never killed anyo... never mind A woman in Germany died after a ransomware infection prevented her hospital from giving her emergency treatment.…

No way to sugarcoat this: New York AG eclairs the 2015 data theft matter settled Dunkin' Donuts today settled a lawsuit in which it was accused of hushing up the fact hackers siphoned its customers' personal information from its systems in 2015.…

And have you tried simply asking hackers to not hack? The NSA has published online a guide for IT admins to keep systems free of bootkits and rootkits.…

You've got less than 42 hours to regenerate your certs Digicert says, come Saturday, July 11, it will revoke tens of thousands of encryption certificates issued by intermediaries that were not properly audited.…

Last November: These ISPs know too much! June: God bless the ISPs Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced.…

Plus: Zoom fixes code-execution security bugs Mozilla has emitted security updates for Firefox to address eight CVE-listed security flaws, five of them considered to be high-risk vulnerabilities.…

Microsoft, BIND, Google, Cloudflare, Amazon, others fix up software or offer workarounds A new vulnerability has been found in the design of the world's domain-name system that potentially can be exploited to flood websites off the internet.…

Decrypted configuration bitstream can be siphoned from chips via side-channel flaw A newly disclosed vulnerability in older Xilinx FPGAs can be exploited to simplify the process of extracting and decrypting the encrypted bitstreams used to configure the chips.…

Static analyzer proves its worth with discovery of null-pointer error A static analysis feature set to appear in GCC 10, which will catch common programming errors that can lead to security vulnerabilities, has scored an early win – it snared an exploitable flaw in OpenSSL.…

Antisocial network sought surveillance tech to boost its creepy Onavo Protect app, it is claimed NSO Group – sued by Facebook for developing Pegasus spyware that targeted WhatsApp users – this week claimed Facebook tried to license the very same surveillance software to snoop on its own social-media addicts.…

More than a dozen dodgy websites spotted masquerading as the real deal, HTTPS certs and all What's old is new again as infosec bods are sounding the alarm over a fresh wave of homoglyph characters being used to lure victims to malicious fake websites.…

Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites If you saw a link to mybrowser.microsoft.com, would you have trusted it? Downloaded and installed an Edge update from it? How about identityhelp.microsoft.com to change your password?…

And it only took, er, four and a half months for people to see sense Criminal charges have been dropped against two infosec professionals who were arrested during a sanctioned physical penetration test gone wrong.…

Redmond's own security tools could be abused by hard-to-block file-scrambling software nasties The encryption technology Microsoft uses to protect Windows file systems can be exploited by ransomware.…

Another day, another critical set of flaws A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software.…

House of Larry delivers massive update for 93 products Oracle has released a sweeping set of security patches across the breadth of its software line.…

Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder Vid  Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. If you haven't taken mitigation steps by now, you're about to have a bad time.…

Congratulations, you've won a secret backdoor Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.…

Data Center Network Manager bugapalooza with three must-fix flaws Cisco is kicking off 2020 with the release of a crop of patches for its Data Center Network Manager.…

Uni brains pitch smart math for speeding up establishment of circuits in anonymizing onion network Academics in Germany say they've found a way to make Tor and similar onion networks more efficient and lower their latency.…

End 2019 with a Patch Tuesday from Microsoft, Adobe, SAP and Intel With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs.…

OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to tampering flaw, we're told A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.…

Protest organizers come under fire from network traffic barrage China is reportedly using the 'cannon' capabilities of its massive domestic internet to try and take down anti-government websites in Hong Kong.…

No passwords, banking details, but enough info to convincingly phish someone Adobe has pulled offline a public-facing poorly secured Elasticsearch database containing information on 7.5 million Creative Cloud customers.…

Netizens' traffic flowing out of box could have been sniffed by miscreants Analysis  NordVPN spent today attempting to downplay a security breach in which someone sneaked into one of its servers for purposes unknown.…

Uncle Sam calls on tech giants to open up platforms for government snooping The US government is renewing its efforts to talk tech firms out of using end-to-end encryption methods that would keep police from snooping on conversations.…

Pixel, S-Series, Moto Z3 among vulnerable gear Google is warning owners of some popular Android devices to keep a close eye on their gear following the release of an exploit for an unpatched flaw.…

Update now to stop webpages snooping on recently used credentials LastPass has fixed a security bug that potentially allowed malicious websites to obtain the username and passphrase inserted by the password manager on the previously visited site.…

Install incoming update to avoid having your boxes hijacked The widely used Exim email server software is due to be patched today to close a critical security flaw that can be exploited to potentially gain root-level access to the machine.…

The fix for the fix is in Apple has issued an update to address a potentially serious security flaw it re-opened in the latest version of iOS.…

Plus a Cisco bug, dentists bitten by malware, and France takes down a worm Roundup  This week ended with a bang, thanks to some Twitter hackers.…

Crooks fail to hijack infosec bloke's site to dress it up as a legit Euro bank login page Exclusive  Think you have bad luck? Imagine being the script kiddie who inadvertently tried and failed to pwn an Akamai security pro.…

20 WebKit flaws among latest batch of bug fixes On Monday Apple released a fresh round of security fixes for a load of its operating systems and applications.…

API blunder exposes data, fix incoming from Lenovo Lenovo is emitting an emergency firmware patch for Iomega NAS devices after the network-attached storage boxes were discovered inadvertently offering millions of files to the internet via an insecure software interface.…

Border cops accused of loading tourists' mobiles up with snoop app in Muslim area Authorities in a tumultuous region of China are ordering tourists and other visitors to install spyware on their smartphones, it is claimed.…

We'll be over there bashing our head on the wall while you read this Roundup  As June turns over to July, here are some additional bits of security news besides our regular infosec coverage.…

Patch, punch, it's the first of the month Google today posted a fresh round of Android security fixes.…

Can't spell SupportAssist without 'ass' and 'u' – other makers may be hit, too Updated  Dell's troubleshooting software SupportAssist, bundled with the US tech titan's home and business computers, has a security flaw that can be exploited by malware and rogue logged-in users to gain administrator powers.…

Tehran's hackers are 'wiping' infected machines as tensions spike, fresh sanctions approved Hackers operating on behalf of the Iranian government have turned destructive, the US Department of Homeland Security has claimed.…

Revealed: Long-running espionage campaign targets phone carriers to snoop on VIPs' location, call records Hackers infiltrated the networks of at least ten cellular telcos around the world, and remained hidden for years, as part of a long-running tightly targeted surveillance operation, The Register has learned. This espionage campaign is still ongoing, it is claimed.…

150,000 personal records on people, including US veterans, upset with their healthcare In what has become a depressingly common occurrence, the personal information of hundreds of thousands of people may have fallen into the wrong hands because yet another organization did not secure a cloud-hosted database.…

Your quick guide to hacks, patches and scandal Roundup  Here's a quick roundup of recent infosec news beyond what we've already reported.…

For FIPS sake! Yubico is recalling one of its YubiKey lines after the authentication dongles were found to have a security weakness.…

That story we broke in May? It is still true – and perhaps even worse than first thought The US Customs and Border Patrol today said hackers broke into one of its bungling technology subcontractors – and made off with images of people and their vehicle license plates as they passed through America's land border.…

Kaspersky warns of fake 'dirty agent' scam circulating Fraudsters are posing as CIA investigators gone rogue in emails to marks, offering to take bribes to drop bogus investigations into the recipients and claims of online pedophilia, according to Kaspersky.…

Updates are on the way… if you have a Google device, at least Google has released its June bundle of security vulnerability patches for Android, with fixes for 22 CVE-listed flaws included.…

Officials want to upgrade rules from device searching to message interception Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.…

Rogue employee takes blame, seems he ain't no Fortinet son Fortinet this week agreed to pay the US government $545,000 to settle claims it allowed employees to peddle Chinese-made gear that would eventually end up being illegally supplied to federal agencies.…