Bloomberg doubles down on its report of Chinese hardware supply chain seeding, with on-the-record corroboration from Sepio Systems. Sepio is quoted as saying that it found the malicious implants in equipment belonging to one of its clients, a telecommunications company it can't name because of a nondisclosure agreement. AT&T, Verizon, and Sprint told Bloomberg they're not affected. Motherboard reports that CenturyLink, Cox, and Comcast also denied being the affected telco.
Norway's National Security Authority also said, according to Bloomberg, that it has been "aware of an issue" with respect to Supermicro devices since June, but that it couldn't confirm the specifics of Bloomberg's report. The US Department of Homeland Security denied investigating the matter, but Bloomberg notes that the investigation mentioned in their report would be one conducted by the FBI. The FBI has declined to comment. There's no consensus yet as to whether Bloomberg's report is true, and the story is still developing. Apple has sent a strongly worded, direct, and detailed denial of the alleged incident to Congress. The US Senate Commerce Committee is considering hearings on the matter.
Ukraine's state fiscal service has been under denial-of-service attack since Monday.
The US Government Accountability Office reported yesterday that its investigation finds Defense Department weapon systems remain vulnerable to cyberattack.
SEC Consult researchers have found critical vulnerabilities in Xiongmai Technology's widely used and inexpensive DVRs and security cameras.
Intel's ninth-generation core processors include hardware protection against two Spectre and Meltdown vulnerability variants. Microsoft's patches address JET Database Engine bugs.