The Register

1. Sure looks like someone's pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes

   It's a crook-eat-crook world out there

   It appears someone is pirating the infamous REvil ransomware by tweaking its files for their own purposes.…

2. SEC still digging into SolarWinds fallout, nudges undeclared victims

   US markets watchdog sniffs around potential insider trading, data violations relating to hack

   US markets watchdog the Securities and Exchanges Commission (SEC) has begun a probe into last year's SolarWinds cyberattack, in a bid to find out who else might have been compromised.…

3. 'Set it and forget it' attitude to open-source software has become a major security problem, says Veracode

   Study finds a whole sea of outdated third-party libraries

   There's a minefield of security problems bubbling under the surface of modern software, Veracode has claimed in its latest report, thanks to developers pulling third-party open-source libraries into their code bases – then never bothering to update them again.…

4. There's no 'Skype' in Teams: Microsoft lets signing key for its Debian Skype repository slip gently into the night

   Summer Solstice: A time for dancing, druids, and certificate errors

   Microsoft's inattentive approach to Linux has continued unabated, with reports that the signing key for its Debian Skype repository has expired.…

5. Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

   The 'S' in 'IoT' stands for 'security'

   Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack – unless upgraded to a patched version of the OS.…

6. MI5 still risks breaking the law on surveillance data through poor controls – years after it was first warned

   Yet spy agency overseer IPCO seems to be working as the public hoped

   Exclusive  MI5's storage of personal data on espionage subjects is still facing "legal compliance risk" issues despite years of warnings from spy agency regulator IPCO, a Home Office report has revealed.…

7. US Air Force announces plan to assassinate molluscs with hypersonic missile

   No word on whether top brass considered just shelling them into submission

   The United States Air Force (USAF) has issued a strangely specific threat to certain mollusc species living in the area of an upcoming weapons test.…

8. To CAPTCHA or not to CAPTCHA? Gartner analyst says OK — but don’t be robotic about it

   Picking street signs from a matrix of images is out, cleverer challenges are OK

   Poll  Analyst firm Gartner has advised in favour of the use of CAPTCHAs — but recommends using the least-annoying CAPTCHAs you can find.…

9. Do you want speed or security as expected? Spectre CPU defenses can cripple performance on Linux in tests

   All depends on whether your workload is making a lot of system calls or not

   The mitigations applied to exorcise Spectre, the family of data-leaking processor vulnerabilities, from computers hinders performance enough that disabling protection for the sake of speed may be preferable for some.…

10. APNIC left a dump from its Whois SQL database in a public Google Cloud bucket

    File was supposed to be private. It was not. And it was out in the open for months

    The Asia Pacific Network Information Centre (APNIC), the internet registry for the region, has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, facing the public internet for three months.…