Here are a few more bits of infosec news to occupy the weekend.
The way the Cook, he grumbles
Apple boss Tim Cook is still not over the Bloomberg hit piece on Super Micro that named the iGiant as a possible spying victim.
Speaking in an interview this week, the Apple CEO said he wants the news biz to issue a retraction of its story. After weeks of questioning as to how China allegedly snuck spyware onto server boards used by Apple and 30 others.
"There is no truth in their story about Apple," Cook told BuzzFeed. "They need to do that right thing and retract it."
Bloomberg is so far standing firm and backing everything that was reported.
NSA spills out billions for ████████ and ████████
The NSA has just approved a new set of contracts that will provide its IT admins, and the contractors that work with them, billions in budgeting.
According to NextGov, a total of $6.7bn have been earmarked for a number of projects, including a massive IT overhaul deal known as Greenway.
Unfortunately, there aren't many more specifics of the deal to report, because - well - this is the NSA we're talking about. Most of the specifics for the contracts have been classified, so the details are being kept quiet.
What we do know, however, is that AT&T, General Dynamics, and ManTech International were among the lucky providers who will be dividing up the considerable payday.
Roughly 75,000 individuals' personal records have been siphoned off by hackers from systems operated by the US government's Centers for Medicare and Medicaid Services. It sounds as though accounts belonging to brokers and agents were compromised by crooks who made off with the information.
Connecticut city coughs up $2,000 to ransomware crooks
Experts say it's not a good idea to pay out ransomware demands. Apparently the city of West Haven, CT, never got that message.
The Associated Press reports that the New England town caved to the demands of cybercriminals who were demanding $2,000 to restore access to nearly two dozen of its servers.
The report notes that thus far there is no indication that any personal or employee data was compromised, though the Department of Homeland Security has been called in to investigate the matter.
While in this case it seems the city got its data back and avoided an expensive recovery project, it has been found that, more often than not, you will end up losing some or all of your data even if you do pay a ransom. Instead, experts advise maintaining regular backups that can be used to restore locked machines.
Yet another Russian charged with election meddling
Once again the DOJ is naming a Russian national it says has been looking to interfering in US elections.
This time, the target is a woman named Elena Alekseevna Khusyaynova was said to have been the main accountant for the influence campaign known as 'Project Lakhta". It is alleged the woman was the brains behind the efforts to move some $35m from Russia into US political campaigns under the guise of activist groups and shell companies.
"The strategic goal of this alleged conspiracy, which continues to this day, is to sow discord in the US political system and to undermine faith in our democratic institutions,” said US Attorney Zachary Terwilliger.
“This case demonstrates that federal law enforcement authorities will work aggressively to investigate and prosecute the perpetrators of unlawful foreign influence activities, and that we will not stand by idly while foreign actors obstruct the lawful functions of our government."
Apple called out for ignoring bug reports
Google Project Zero researcher Ian Beer had some harsh words for Apple at the tail end of a recent bug report.
In his disclosure of some bugs recently patched in iOS 12, Beer called Cupertino out for not fully disclosing the security issues it addressed with its last security update and, in doing so, failed to properly inform users and explain why they should be installing updates.
"Apple are still yet to assign CVEs for these issues or publicly acknowledge that they were fixed in iOS 12," Beer wrote. "In my opinion a security bulletin should mention the security bugs that were fixed. Not doing so provides a disincentive for people to update their devices since it appears that there were fewer security fixes than there really were."
Android Titan M security chips not so new?
Earlier this week, Google disclosed details on some of the security hardware it uses to secure new Android handsets. Among the tech is Titan M, a chip that helps prevent tampering with firmware.
Register reader Stanislav writes in to inform us that the tech might not be so new and cutting edge, after all. In fact, he points to an analysis he wrote back in June detailing a similar set up on-chip security features that were going into Chromebooks.
Unlike Android, the tech in Chromebooks is seen less as a security feature to protect users than a lock-out tool that would prevent Chromebook owners – or perhaps malware – from being able to fully wipe the device and install an OS of their choosing.
It's a nice example of how the same technology can be seen from two completely different viewpoints just based on the form factor of the device. ®