Top 10 Stories

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code. View full story ORIGINAL SOURCE: Bleeping Computer

Berkeley boffins reckon the Dyn-based Internet of Things attack that took down Brian Krebs' Website in 2016 cost device owners over $US320,000. Since the 2016 hit on KrebsOnSecurity involved devices in their tens of thousands, the costs to individuals (in power consumption and bandwidth charges) only ends up a handful of dollars per hacked device.The entire thing-owner cost the Berkeley researchers estimated was US$323,973.75. View full story ORIGINAL SOURCE: The Register

Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. This is a major game-changing moment in the realm of IoT and router malware. Until today, equipment owners could always remove IoT malware from their smart devices, modems, and routers by resetting the device. View full story ORIGINAL SOURCE: Bleeping Computer

Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. This is a major game-changing moment in the realm of IoT and router malware. Until today, equipment owners could always remove IoT malware from their smart devices, modems, and routers by resetting the device. View full story ORIGINAL SOURCE: Bleeping Computer

The new bunch of Spectre-like flaws revealed last week won't be patched for at least 12 days. German outlet Heise, which broke news of the eight Spectre-like vulnerabilities last week has now reported that Intel wants disclosure of the flaws delayed until at least May 21. “Intel is now planning a coordinated release on May 21, 2018. New microcode updates are due to be released on this date”, Jürgen Schmidt reported on May 7. View full story ORIGINAL SOURCE:...

The new bunch of Spectre-like flaws revealed last week won't be patched for at least 12 days. German outlet Heise, which broke news of the eight Spectre-like vulnerabilities last week has now reported that Intel wants disclosure of the flaws delayed until at least May 21. “Intel is now planning a coordinated release on May 21, 2018. New microcode updates are due to be released on this date”, Jürgen Schmidt reported on May 7. View full story ORIGINAL SOURCE:...

The cloud-security firm Avanan reported testing this flaw, called baseStriker, against Office 365, Office 365 with ATP and Safelinks, Office 365 with Proofpoint MTA, Office 365 with Mimecast MTA and Gmail and found only the Mimecast and Gmail are protected. Those using the other configurations are all vulnerable. Microsoft and Proofpoint have been informed, Avanan said. View full story ORIGINAL SOURCE: SC Magazine

An unidentified hacker has breached Bycyklen —Copenhagen's city bikes network— and deleted the organization's entire database, disabling the public's access to bicycles over the weekend. The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." View full story ORIGINAL SOURCE:...

Deloitte plans to spend $580m on its own cyber security defences over the next three years as pressure increases on the ‘big four’ accounting firms to fend off attacks that could jeopardise client data. View Full Story ORIGINAL SOURCE: Financial Times

Study from NTT Security also finds ransomware infections grew by 350 percent last year Manufacturing was the sector most attacked by cyber-criminals in the UK last year, a report from NTT Security has found, mirroring warnings from other agencies including the UK’s National Cyber Security Centre (NCSC). View Full Story ORIGINAL SOURCE: Silicon