The Jerusalem Post reports that the International Atomic Energy Agency (IAEA) visited Natanz yesterday, quoting the agency as saying: "IAEA inspectors are continuing their verification and monitoring activities in Iran, and today have been at the Natanz enrichment site." The precise nature of the sabotage remains unclear, but the Intercept describes ways in which cutting power could have damaged the centrifuges.
TheHill reports that the North American Electric Reliability Corporation (NERC) is seeing an "unprecedented" level of cyber threat to the power grid. According to CyberScoop, about a quarter of the fifteen-hundred utilities sharing risk information with NERC downloaded compromised versions of the SolarWinds Orion platform.
The US Justice Department announced that the FBI, pursuant to a warrant, has gone into private sector systems to remove malicious webshells from Microsoft Exchange Server instances.
Yesterday was Patch Tuesday, and it was an unusually active one. Microsoft addressed a large number of vulnerabilities (one-hundred-eight bugs in total, including, as BleepingComputer points out, five zero days). NSA, which CBS News and others credit with disclosing some of the serious vulnerabilities to Microsoft, urges all organizations to apply the patches as soon as possible. CISA, the US Cybersecurity and Infrastructure Security Agency, has updated its Emergency Directive 21-02 to require that the Federal agencies it oversees immediately apply the Microsoft Exchange Server patches.
CISA has also issued an unusually large set of Advisories for industrial control systems.
The US Intelligence Community has released its Annual Threat Assessment, singling out China as the leading threat.