The new Kremlinological subdiscipline of threat-actor tracking yields (in WIRED) a scorecard of infrastructure hacking suspects: Havex-purveyor Energetic Bear, Sandworm (Fancy Bear's GRU cousin), and Palmetto Fusion.
Yesterday was (still) patch Tuesday, and both Microsoft and Adobe issued security updates for their products. Microsoft's fifty-five security fixes included patches to two vulnerabilities Preempt Security found in Microsoft's NT LAN Manager (NTLM). Experts advise users of NTLM to address these issues as soon as possible. Adobe's patches addressed Flash Player (one fixed a remote-code execution bug) and Adobe Connect for Windows.
"After review and careful consideration," the US General Services Administration has removed Kaspersky from Schedule 70 (IT) and Schedule 67 (Photographic Equipment and Related Supplies and Services). It's not, as some have reported, an outright ban, and there's no statement on the GSA site that connects the removal with allegations that Kaspersky's in bed with Russia's FSB, but that's how the general media are treating the matter. Agencies will remain free to hire Kaspersky under other contract vehicles, but the action does remove an easy avenue for the company to sell into the Federal Government. Kaspersky denounces the Bloomberg story about the company's alleged connection to FSB as a politically motivated hack job. Congressional interest in restricting Kaspersky continues unabated, and some observers see the GSA action as a Trump administration shot across Russia's bow.
Investigation of election influence operations continues in the US: Donald Trump Jr.'s campaign season email exchanges with Russian sources of opposition research receive foreseeable scrutiny.