Investigation into the Manchester terror attack continues. Authorities in the UK are increasingly approaching the conclusion that the attack wasn't the work of an isolated fanatic, but rather one carried out with some degree of encouragement, inspiration, and support from others. French and US leaders have expressed solidarity with the UK, and promise closer intelligence cooperation. In hearings yesterday before the US Senate, NSA Director Rogers gave clear (if properly veiled) assurance that the US was conducting extensive cyber operations against ISIS. ISIS has of course praised the attack as an inspiration, and claimed the bomber as a "soldier of the Caliphate."
Symantec's attribution of the WannaCry attacks to North Korea is being picked up by other observers, with some dissenting voices being raised. The dissent is founded largely on grounds of a priori caution, attribution of this kind being necessarily circumstantial. But they also cite evidence in the code pointing to the possibility that the Lazarus Group's spoor Symantec followed was the result of some unknown third-party copying earlier malware. The mixed nature of the attack also baffles some: were the attackers stumblebums who copied malware ineptly and simply delivered it via the slick EternalBlue exploit, or were they playing some deeper game?
EnSilo today released a patch for one of the unpatched EternalBlue Microsoft vulnerabilities: ESTEEMAUDIT, which afflicts WindowsXP and Windows Server 2003.
Trend Micro yesterday patched its Trend Micro ServerProtect for Linux 3.0 (with a hat tip to Core Security, whose researchers found and reported the bug.)