The Register

1. Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty

   EoP bug now free for the world to see after bounty was rejected

   A security bod angry at Valve's handling of bug reports has released a zero-day vulnerability affecting the games giant's flagship Steam app.…

2. The Joy of Six... critical security patches: Cisco small biz switches open to hijacking via web UI

   Plus UCS and other gear need updates

   Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

3. Finally. Thanks so much, nerds. Google, Apple, Mozilla end government* internet spying for good

   * Terms and conditions apply. Offer not valid outside Kazakhstan. Your home may be repossessed if you do not keep up payments

   On Wednesday, Google, Apple, and Mozilla said their web browsers will block the Kazakhstan root Certificate Authority (CA) certificate – following reports that ISPs in the country have required customers to install a government-issued certificate that enables online spying.…

4. Here's a top tip: Don't trust the new guy – block web domains less than a month old. They are bound to be dodgy

   Better to be aggressive and safe than sorry

   IT admins could go a long way towards protecting their users from malware and other dodgy stuff on the internet if they ban access to any web domain less than a month old.…

5. Microsoft: Reckon our code is crap? Prove it and $30k could be yours

   Doors on the Edge Insider Bounty Program flung open

   Having finally pushed out the first Beta preview of its Chromium-based browser, Microsoft has launched a bounty programme aimed at getting researchers to kick the tyres on its latest and greatest.…

6. Sorry script kiddies, hacktivism isn't cool anymore: No one cares about stuff that's easy-peasy to defend against

   So much for Beto O'Rourke's cow-related capers

   The youthful doings of US presidential wannabe Beto O'Rourke are in sharp decline, according to threat intel biz Recorded Future, which reckons folk have fallen out of love with hacktivism.…

7. Stuff like sophisticated government spyware is scary and all – but don't forget, a single .wmv file can pwn you via VLC

   Keep your media player, like other apps, up to date: 13 security flaws fixed

   VideoLAN has issued an update to address a baker's dozen of CVE-listed security vulnerabilities in its widely used VLC player software.…

8. 30+ countries, 160,000 emails, $4.2m in cyber-heists… maybe it's time for the Silence hacker crew to change its name

   Russian bank-hacking ring continues its global expansion

   The rapidly growing hacking crew dubbed Silence, has – in less than three years – gone from ransacking small regional banks in Eastern Europe to stealing millions from some of the largest international banks.…

9. No REST for the wicked: Ruby gem hacked to siphon passwords, secrets from web devs

   Developer account cracked due to credential reuse, source tampered with and released to hundreds of programmers

   An old version of a Ruby software package called rest-client that was modified and released about a week ago has been removed from the Ruby Gems repository – because it was found to be deliberately leaking victims' credentials to a remote server.…

10. Huawei goes all Art of War on us: Switches on 'battle mode' and vows to 'dominate the world'

    You listening, Trump?

    An internal memo to Huawei staff sent by boss Ren Zhengfei is long on military metaphors and warns that the company needs to go into "battle mode" to counter trade barriers put up by the United States.…