The ASUS backdoor Kaspersky disclosed recently has been independently confirmed by Symantec. Motherboard broke the story yesterday, and reporter Kim Zetter notes that it took ASUS some time to respond (and that their response didn't acknowledge Kaspersky's role in finding the compromised utility). Kaspersky calls the backdoor "Operation ShadowHammer." It spread through the ASUS Live Update Utility and gave attackers access to, and control over, infected machines. The Trojanized utility was hosted on ASUS's site and signed with an ASUS certificate, which Kaspersky says no doubt helped it evade detection.
57,000 has been widely quoted as the number of users hit, but that's just the number of Kaspersky installations detecting ShadowHammer. Kaspersky guesses the victim tally is around a million.
There's no attribution yet, beyond calling the attackers an "APT," which usually means a nation-state. Problems with the ASUS supply chain have been suspected for some time. As ITWire points out, Duo Security flagged issues with the OEM updater utility back in 2016.
The Washington Post has a useful review of the conclusions and implications of the Mueller investigation into Russian influence operations against US elections.
FEMA's data mishandling incident seems likely, the Washington Post says, to serve as a test case for the US Administration's stated determination to hold agencies responsible for this sort of misstep.
Bravo, Emsisoft, which has just released a decryptor for the recent round of PewDiePie-boosting ransomware. (The ransomware campaign was mounted by the YouTube "star's" "fans" in an effort to boost their hero's profile.)