North Korea denies involvement in March's cyber campaign against South Korean companies. South Korea sticks by its attribution and continues to harden its cyber defenses. (Preventive measures taken by Korea Hydro and Nuclear Power will be of interest to those concerned with industrial control system security.) Anonymous-affiliated botmaster "Jester" claims to have taken down a new North Korean Internet connection.
WordPress and Joomla are under attack globally—check your passwords if you use these services. The hackers appear to use a dictionary attack: weak login credentials render you particularly vulnerable.
Last week's Hack-in-the-Box demonstration of an airliner remote hijacking exploit is at least partially debunked. The Android app hack, say avionics manufacturers, worked against training software only, and the US Federal Aviation Administration concurs—it wouldn't, the FAA says, work against actual flight management systems.
Microsoft concludes its MS13-036 patch, released last week, not only disables some security products, but crashes Windows 7. It's pulled the patch and advises users to uninstall it.
Kaspersky's Security Scan finds active malware on a large number of PCs protected by standard antivirus products.
It's the Americans' turn to make irenic noises in the running cyber espionage dispute between the US and China: Secretary of State Kerry says he welcomes Chinese investment in US infrastructure. Meanwhile the Open Group publishes a standard intended to protect the IT supply chain. The new standard was designed with a view to protecting against pre-installed malware like that found over the past year in Huawei and ZTE devices.