Federal Reserve Chair Jerome Powell and his colleagues, facing an economy slowing as the Covid-19 outbreak worsens, are considering whether to alter their asset purchase program to provide more support for growth. . .
Economists say the Fed may deliver fresh guidance on its asset purchases, now $120 billion a month, tying how long the buying will continue to substantial progress in meeting its goals of full employment and 2% inflation. That would be a stronger commitment than the existing pledge to maintain purchases “over coming months.”
Market Reaction
The decision on asset purchases is likely to affect trading in Treasury securities. A failure to extend the maturity of Treasury buying or increase purchases could help to lift the 10-year Treasury yield to 1% or higher.
Since late March the 10-year yield has moved between 0.5% -- a trough reached in August -- and just under 1%. It nearly broke this upper barrier in the first few days of December, after a tepid employment report lifted hopes for more government spending as virus cases mounted.
What Bloomberg Economists Say...
“Bloomberg Economics does not expect the central bank to lean further on policy-accommodation levers at the December meeting, but the risks are tilting in that direction in the near term.”
-- Carl Riccadonna and Yelena Shulyatyeva (economists)
The Goof we call the Mayor of Mesa who always finds himself leading from behind. The City Council last meeting of the year was supposed to be - as recorded in public - December 8th to took a few weeks off for The Holidays (or so they said).
A FLASHBACK TO 2019
Q: What has been your favorite accomplishment during your time as mayor?
A:It’s been fun to be the mayor of Mesa for the last four and a half years because the economy is doing great. Good things are happening on a daily basis in our city
On the agenda for this Study Session 1 Discussion: THERE WERE NO PUBLIC DETAILS POSTED 1-a Discuss mitigating the spread of COVID-19 by prohibiting the use of City-owned facilities by out-of-state sports teams and groups
PLEASE MAKE SURE TO WATCH THE START OF THIS UPLOADED VIDEO STREAMED INTO THE LOWER CHAMBERS @ 4:00 pm
The Chambers are packed with people NOT OBSERVING THE SAFE-DISTANCE PRECAUTIONS
Now he's scrambling in a last-ditch mustering for something he threw on the calendar TO DO NOTHING, except to start off with what Jivin' John calls "setting-the-stage" for a rambling rushed flurry of what he said were letters he received in the first week of December.
The screenshot featured from Mesa Channel shows only a small part of a jumbled mess of issues.
The world's 18th richest person wants everyone to know what she is doing - as an
example for others to follow and "share the wealth". According to Bloomberg, Scott's total contributions this year are close to six billion dollars.
MacKenzie Scott Gives Away $4.2 Billion in Four Months
is giving away her fortune at an unprecedented pace, donating more than $4 billion in four months after announcing $1.7 billion in gifts in July.
The world’s 18th-richest person outlined the latest contributions in a blog post Tuesday, saying she asked her team to figure out how to give away her fortune faster. Scott’s wealth has climbed $23.6 billion this year to $60.7 billion, according to the Bloomberg Billionaires Index, as Amazon.com Inc., the primary source of her fortune, has surged.
“This pandemic has been a wrecking ball in the lives of Americans already struggling,” she wrote in the post on Medium.
“Economic losses and health outcomes alike have been worse for women, for people of color and for people living in poverty. Meanwhile, it has substantially increased the wealth of billionaires.”
The headline opening is serious. Everything is compromised, The "supply chain attack" is widespread -
SolarWinds boasts over 300,000 customers, including 425 Fortune 500 companies, all ten of the top ten telcos, the Pentagon, State Department, NSA, DOJ, and the White House.
Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg.
[...]
The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick - often referred to as a “supply chain attack” - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.
A full report by FireEye (which was also a victim of this hacking) details the process used to gain illicit access, which involved leveraging bogus signed components crafted by the hackers and distributed by an unaware SolarWinds.
The widespread hacking campaign may have begun as early as March of this year. That it was only discovered now means the fallout from this will continue for months to come.
We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.
Here's how the backdoor works, according to FireEye:
SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.
After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.
SolarWinds boasts over 300,000 customers, including 425 Fortune 500 companies, all ten of the top ten telcos, the Pentagon, State Department, NSA, DOJ, and the White House. Its long list of customers (which now returns a 404 error) all but ensures every passing hour will add another victim to the list.
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 21-01, “Mitigate SolarWinds Orion Code Compromise”.
SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems. Disconnecting affected devices, as described below in Required Action 2, is the only known mitigation measure currently available.
CISA has determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action
According to SolarWinds' post-attack-discovery SEC filing, it believes only a small percentage of its customers are affected. But even a fraction of its users is still a gobsmacking number of potential victims.
On December 13, 2020, SolarWinds delivered a communication to approximately 33,000 Orion product customers that were active maintenance customers during and after the Relevant Period. SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000.
The attack is serious and widespread enough that the DHS's cybersecurity arm has issued a warning -- one that says the only proven way to mitigate damage at this point is to disconnect affected hardware from the internet and pull the plug on Orion software. The CISA (Cybersecurity and Infrastructure Security Agency) Emergency Directive says this is a persistent threat -- one not easily patched away
In addition to CISA, government officials also suspect breaches at the US Postal Service and the Department of Agriculture. And the Defense Department is in the process of assessing its own exposure, if any. If any of its components have been breached, it has yet to be publicly reported.
The Russian government is denying involvement, but the evidence seems to point to "Cozy Bear," the offensive hacking wing of Russia's intelligence services. Unfortunately, SolarWinds' dominance in the network management field made it that much easier for the attack to scale. And with CISA compromised, the government's attempts to mitigate damage will be slowed as its own cybersecurity wing attempts to rid itself of a persistent threat.
Microsoft to quarantine SolarWinds apps linked to recent hack starting tomorrow
After only showing detection alerts, Microsoft moves to block trojanized SolarWinds apps from running, opening the door for some IT issues for some of its customers
The attack is serious and widespread enough that the DHS's cybersecurity arm 
