The Register

1. UK Cyber Security Centre's scary new story: One phish, two phish, Russia phish, Iran phish

   Nice people on LinkedIn want to harvest logins from politicians, boffins, and defense types

   The UK's National Cyber Security Centre (NSCS) has warned of two similar spear-phishing campaigns, one originating from Russia, the other from Iran.…

2. Google slays thousands of fake news vids posted by pro-China group Dragonbridge

   If you yell 'death to America' and no one watches the video, does it make a sound?

   Google's Threat Analysis Group (TAG) has burned more than 50,000 spammy fake news stories and other content posted by the pro-China 'Dragonbridge' gang.…

3. Bloke allegedly stole, sold private info belonging to 'tens of millions' globally

   If true, was it worth the $500k and prison jumpsuit?

   A man suspected of stealing personal data belonging to tens of millions of people worldwide and selling that info on cybercrime forums has been arrested by Dutch police.…

4. Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched

   You know when we all said quit using MD5? We really meant it

   Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center (NCSC) and patched by Microsoft last year, according to Akamai's researchers.…

5. Microsoft closes another door to attackers by blocking Excel XLL files from the internet

   More of them used by baddies since Redmond blocked VBA macros

   Microsoft in March will start blocking Excel XLL add-ins from the internet to shut down an increasingly popular attack vector for miscreants.…

6. Cybersecurity professionals upskill in Brazil and Mexico

   SANS Institute meets fast-growing demand for cyber security training in Latin America

   Sponsored Post  The scale of cybersecurity threats facing Latin America was brought into focus by recently when it published details of NICKEL, a "China-based threat actor". The malware was used to attack global organisations with "a large amount of activity" targeting Central and South America, including Mexico and Brazil.…

7. Go to security school, GoTo – theft of encryption keys shows you need it

   Ongoing probe into cloud storage attack finds customer data exfiltrated

   Remote access outfit GoTo has admitted that a threat actor exfiltrated an encryption key that allowed access to "a portion" of encrypted backup files.…

8. Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws

   You know the drill: patch before criminals use these bugs in vRealize to sniff your systems

   VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. …

9. Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole

   Also: Yay for Data Privacy Day!

   Apple has issued an emergency patch for older kit to fix a WebKit security flaw that Cupertino warns is under active attack.…

10. Fujitsu: Quantum computers no threat to encryption just yet

    Heavily hyped tech bound for some sort of milestone by decade end

    Research conducted by Fujitsu suggests there is no need to panic about quantum computers being able to decode encrypted data – this is unlikely to happen in the near future, it claims.…