The Register

1. Fighting BEC and EAC: Why whack-a-mole won’t work

   No organisation is immune: Nearly nine in ten experienced these attacks last year

   Sponsored  Business Email Compromise (BEC) and Email Account Compromise (EAC) are the most expensive cyber threats facing businesses around the globe. The FBI’s Internet Crime Complaint Center (IC3) reports that both scams have resulted in worldwide losses of $26 billion since 2016 – with $1.7 billion in the last year alone.…

2. F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren't internet-facing while you ready a patch

   Not to worry, there are only *searches* several thousand devices apparently exposed online

   Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs.…

3. Holy Guacamole! Researchers find Apache remote desktop software was silently pwnable for snooping on sessions

   Best get updating pronto, folks

   The Apache Project's popular Guacamole open-source remote desktop software contained vulns allowing remote attackers to steal login creds and hijack targeted machines, researchers have said.…

4. Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up

   Continental capers lead to 750 UK arrests

   French and Dutch police have boasted of infiltrating and killing off encrypted chat service EncroChat, alleging it was used by organised crime gangs to plot murders, sell drugs, launder criminal profits and more.…

5. Hold off that rush into the July 4 weekend – you may need this: Microsoft patches pwn-by-picture pitfalls in Win 10

   Redmond also praised for blocking malware control systems on its clouds

   Microsoft has emitted a pair of security patches to address flaws in Windows 10 that can be potentially exploited by miscreants to hijack PCs. A victim simply needs to be tricked into opening a file containing a specially crafted image on a vulnerable system.…

6. Users who don't understand how to encrypt their emails won't do it

   Focus on usability to avoid buyer’s remorse, Echoworx advises

   Sponsored  In its raw form, email isn't the most secure channel for carrying national secrets. It was originally designed for plain text, and plenty of modern mainstream email systems still don't support encryption out of the box. So if you're someone like Edward Snowden, you'll want to make darn sure that your correspondent knows how to use encryption.…

7. Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely

   VPN gear vulnerable to remote hijackings

   Cisco has patched a cross-site scripting vulnerability in two VPN routers it sells to small businesses and branch offices.…

8. Details of Beijing's new Hong Kong security law signal end to more than two decades of autonomy

   Legislation to root out subversion, terrorism and collusion with foreign forces following year of civil unrest

   China's mainland government has enforced a sweeping national security law in Hong Kong, increasing its hold on the territory in what HK's chief exec, Carrie Lam, has described as the "most important development" in the former British colony's history since its handover.…

9. Tune in and watch live right here this week – it's your email encryption wake-up call

   Make a secure digital transformation possible

   Webcast  Most businesses tell us that they think email encryption is a priority that's part of their digital transformation and cloud migration. But not many of them use the security mechanism consistently.…

10. Things that happen every four years: Olympic Games, Presidential elections, and now new Mac ransomware

    EvilQuest targets Mac pirates, poses as legit network security and music tools

    Security bods are sounding the alarm following the discovery of a rare brand-new strain of Mac ransomware.…