Where to start! The biggest news of the week by far is that Donald Trump has tested positive for Covid-19, which is a security story in the sense that it's an everything story. As of Friday evening, Trump had been transported to Walter Reed Medical Center for treatment. While the situation has countless ripple effects, the deployment of the US Navy's so-called doomsday planes was not, contrary to at least one viral tweet, one of them. That happens all the time.
Believe it or not, the first presidential debate of the season was just a few days ago. Trump closed out the proceedings with an extended run of voting misinformation, managing an impressive 11 lies in a span of eight minutes. His performance also underscored the limits of focusing on how platforms moderate content, given that Trump will say pretty much whatever on a national stage. And speaking of, well, all of that, we also reviewed Where Law Ends, a new book by former Mueller probe prosecutor Andrew Weissmann about where the investigation went wrong.
In other government news, Russia's Fancy Bear hackers appear to have been behind a hack of a US federal agency that the government recently announced. It's not clear which agency, though, or what data they grabbed. And we took a look at a quirk in Georgia law that could push the Senate election results into 2021. And we took a closer look at the election threats that US intelligence officials are actually worried about.
Hackers managed to break into Facebook accounts and steal $4 million dollars that they spent on ads. Researchers figured out how to put ransomware on a coffee maker. And a ransomware attack hobbled a major US hospital chain.
Finally, we ticked through all of the new privacy and security settings in Android 11 that are worth checking out right now.
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
The Treasury Department Cracks Down on Ransomware Payments
The US Treasury Department has sanctioned multiple alleged ransomware hackers in recent years, most notably the Russian sports car fanatics behind the aptly named Evil Corp. This week, it made clear to US companies that paying millions of dollars of ransoms to those groups, which also include various North Korean and Iranian actors, will invite hefty fines from the federal government. That puts companies like Garmin, an Evil Corp victim this summer, in a bit of a bind. If they don't pay up, they may not be able to recover their systems, or the hackers might leak their sensitive customer data. If they do, even through a third-party mediator, they could find themselves in deep trouble stateside.
A Grindr Bug Would Have Let Hackers Take Over Accounts
Account takeover bugs are never ideal, but they're especially troubling when they're found in a dating app like Grindr. Adding to the concern is that it was a relatively trivial bug to exploit; Grindr's password reset page leaked password reset tokens, which would ultimately have made it pretty simple for an attacker to break into any account they knew the associated email address for. Grindr has since patched the bug.
Android Has a Major Joker Malware Problem
Joker malware is a family of tainted apps that sign you up for pricey subscriptions and can snoop on your texts and contact lists. It's not a new threat; it's been around for at least four years. Which is why it's maybe all the more surprising that it still haunts Android to this day, sneaking into apps that have have been downloaded from the Google Play Store hundreds of thousands of times in the last few months alone. One reason they're able to get past Android's defenses: The malicious code is only added hours or days after you download the app, so it can go through Google's initial scans clean.
The FBI Made a Short Film for Some Reason
OK, well, it's no Threat Level Midnight. But the FBI has made a short film of its very own, for some reason. The Nevernight Connection is a fictionalized account of former CIA officer Kevin Mallory, who in 2019 was sentenced to 20 years in prison for spying on behalf of the Chinese government. It offers a valuable lesson in the consequences of both espionage and modest production values.