Summary7 min read

Risky Bulletin: US Removes Tornado Cash Sanctions – Summary

Podcast Title: Risky Bulletin
Host: Claire Aird
Release Date: March 24, 2025
Host/Author: risky.biz
Produced by: Catalyn Kim Panu

Introduction

In this episode of Risky Bulletin, host Claire Aird delves into the latest developments in cybersecurity, law enforcement actions, and significant corporate moves impacting the digital landscape. The episode covers a range of topics from the removal of sanctions on Tornado Cash to high-profile cyberattacks and legal actions against influential figures and organizations.

U.S. Removes Tornado Cash Sanctions

Key Points:

The U.S. Treasury has lifted sanctions against Tornado Cash, a cryptocurrency mixer.
Last year, a U.S. Court determined that the Treasury had exceeded its authority in sanctioning Tornado Cash.

Details: Tornado Cash was previously accused of laundering over $7 billion in crypto assets since 2019. Despite the removal of sanctions, criminal charges against Tornado Cash's founders remain in place. This decision marks a significant shift in how the U.S. approaches regulation and enforcement in the cryptocurrency sphere.

Notable Quote:

"The U.S. Treasury has removed sanctions against Tornado Cash, citing a court ruling that previously overstepped its authority." – Claire Aird [02:15]

GitHub Action Compromise: A Failed Supply Chain Attack on Coinbase

Key Points:

A sophisticated supply chain attack targeted Coinbase's open-source project.
The aim was to leak access tokens, but the attack was unsuccessful, leaving Coinbase unaffected.

Details: Security firms Wiz and Palo Alto Networks traced the compromise to a GitHub Action aimed at Coinbase. They identified the attackers as likely French and English-speaking individuals operating during European or African working hours, suggesting a geographical origin outside the U.S.

Notable Quote:

"The attack aimed to leak access tokens for the Coinbase platform but ultimately failed, leaving Coinbase unaffected." – Claire Aird [05:40]

Executive Order Shifting Cyber Responsibilities to State and Local Governments

Key Points:

President Donald Trump signed an executive order reallocating cyber defense responsibilities.
This shift includes managing responses to cyberattacks, natural disasters, and other critical infrastructures.

Details: The executive order comes amidst budget cuts to the federal workforce, transferring essential cybersecurity roles to state and local levels. This decentralization aims to enhance responsiveness but raises questions about consistency and resource allocation across states.

Notable Quote:

"President Trump’s executive order marks a significant shift in how the U.S. manages its critical infrastructure and cyber defenses." – Claire Aird [08:30]

International Legislative Developments: France Rejects Anti-Drug Trafficking Bill

Key Points:

The French parliament has dismissed a bill that would have required encryption backdoors in messaging services.
Countries like the Netherlands, Sweden, and the UK face similar legislative pressures.

Details: The proposed bill aimed to combat drug trafficking but raised significant privacy and security concerns by mandating encryption vulnerabilities. Signal, a secure messaging service, threatened to withdraw from France if the bill had passed, highlighting the tension between security measures and privacy rights.

Notable Quote:

"France's rejection of the anti-drug trafficking bill is a victory for privacy advocates and secure communication services." – Claire Aird [12:05]

High-Profile Indictment: Former Michigan Football Coach Charged with Hacking

Key Points:

Matthew Weiss, a former University of Michigan football coach, has been indicted for unauthorized access to student athlete databases.
The indictment alleges theft of personal information and intimate media from over 150,000 individuals.

Details: Weiss exploited vulnerabilities between 2015 and January 2023, accessing social media and email accounts to download sensitive content. This case underscores the growing threat of insider access and the importance of robust data protection measures within educational institutions.

Notable Quote:

"The indictment of Matthew Weiss highlights the critical need for securing personal data against unauthorized access by insiders." – Claire Aird [15:45]

Mobile Phone Fraud Scheme Targeting U.S. States

Key Points:

Over a dozen Chinese nationals have been detained in connection with a Tap to Pay fraud scheme.
The operation involved relay attacks facilitating fraudulent contactless payment transactions in the U.S.

Details: The suspects used relay attacks to conduct unauthorized purchases, transmitting credit card information from China to mule-operated cell phones in the U.S. This method, previously common in Southeast Asia, indicates a significant evolution in mobile payment fraud tactics.

Notable Quote:

"This fraud scheme represents a novel approach to contactless payment fraud, expanding its reach into the American market." – Claire Aird [19:10]

Google Sues Fake Google Maps Syndicate

Key Points:

Google has filed a lawsuit against a criminal group responsible for thousands of scams on Google Maps.
The syndicate created fake businesses to deceive customers into providing gift card and credit card information.

Details: The fraudulent entities, known as Duress Verticals, targeted urgent-service needs like locksmiths and towing services. Since its discovery last year, Google has removed over 10,000 scam listings, demonstrating its commitment to maintaining platform integrity.

Notable Quote:

"Google's lawsuit against the syndicate underscores the company's dedication to combating online fraud and protecting users." – Claire Aird [22:30]

Security Vulnerabilities and Data Breaches

Klevo Leaks Secure Boot Private Keys

Details: Taiwanese laptop maker Klevo inadvertently leaked secure boot private keys in firmware updates, allowing attackers to sign malicious firmware.

Notable Quote:

"The leakage of secure boot keys is a severe vulnerability that can be exploited to compromise device integrity." – Claire Aird [25:00]

Kinetic Exposes Router App Database

Details: Router manufacturer Kinetic left its mobile app database unsecured, exposing VPN, Wi-Fi, and local password hashes, predominantly affecting Russian users.

Notable Quote:

"Exposed databases present a goldmine for attackers seeking to undermine network security." – Claire Aird [27:45]

Zoth Blockchain Project Hits with $8.85 Million Crypto Theft

Details: A hacker exploited a privileged account within the Zoth blockchain project, deploying a malicious contract that siphoned $8.85 million in crypto assets. The company now offers a $500,000 reward for information leading to the hacker's identification and asset recovery.

Notable Quote:

"The Zoth incident highlights the vulnerabilities inherent in blockchain project governance and the need for stringent security protocols." – Claire Aird [30:20]

Ransomware and Legal Settlements

Cloak Ransomware Gang Targets Virginia Attorney General's Office

Details: The Cloak ransomware group breached the Virginia Attorney General's office, compelling the agency to revert to hard copy court filings while addressing the breach. The gang published agency data, indicating officials' reluctance to pay the ransom.

Notable Quote:

"The successful breach of a state attorney general's office by the Cloak gang underscores the persistent threat of ransomware to governmental institutions." – Claire Aird [33:10]

Clearview AI Settles Illinois Class Action Lawsuit

Details: Clearview AI has settled a significant class action lawsuit in Illinois, granting plaintiff a 23% stake in its future IPO. This settlement is unprecedented, focusing on company value rather than direct financial compensation.

Notable Quote:

"Clearview AI's settlement marks a turning point in privacy litigation, prioritizing long-term accountability over immediate payouts." – Claire Aird [35:50]

Vulnerabilities Exploited and Platform Security

CISA Reports Exploitation of Nakevo Software

Details: CISA warns that threat actors are exploiting a vulnerability in Nakevo's backup and replication software, allowing unauthorized access to backup servers. In response, NASMaker QNAP has temporarily removed Nakevo from its products pending a secure update.

Notable Quote:

"Vulnerabilities in backup systems like Nakevo can have far-reaching implications for data security across multiple sectors." – Claire Aird [38:25]

Steam Removes Malicious Game Demo

Details: Valve has taken down the demo for "Phantom's Resolution" from Steam after reports surfaced on Reddit that the demo was installing malware. This marks the second such incident this month, highlighting challenges in maintaining platform security.

Notable Quote:

"The removal of malicious game demos from platforms like Steam is crucial in safeguarding users from cyber threats." – Claire Aird [40:15]

Exploit Market Dynamics and Geopolitical Interference

Russian Exploit Reseller Offers High-Paying Zero Days

Details: A Russian-based exploit reseller is offering up to $4 million for zero-day vulnerabilities and exploit chains compatible with Windows, Android, or iOS. The reseller is believed to supply Russian state agencies and prioritizes sales to non-NATO countries with premium pricing.

Notable Quote:

"The lucrative nature of zero-day exploits continues to fuel a shadow market, often entangled with state-sponsored activities." – Claire Aird [43:00]

EU Identifies China and Russia as Primary Sources of Disinformation

Details: The European Union's External Action Team reports that in 2024, China and Russia were responsible for the majority of disinformation and foreign interference campaigns targeting the EU and its partners. Over 38 online channels were identified as conduits for spreading false information, utilizing platforms like Twitter, Facebook, and various third-party websites.

Notable Quote:

"China and Russia's orchestrated disinformation campaigns present significant challenges to the EU's information integrity and democratic processes." – Claire Aird [45:50]

Conclusion

Claire Aird wraps up the episode by emphasizing the evolving landscape of cybersecurity threats and the ongoing efforts by governments and corporations to combat these challenges. The removal of Tornado Cash sanctions, high-profile cyberattacks, legal actions, and international interference collectively illustrate the dynamic and complex nature of digital security in 2025.

Final Note:

"As cyber threats continue to grow in sophistication, it's imperative for all stakeholders to remain vigilant and proactive in their defense strategies." – Claire Aird [48:30]

Listeners are encouraged to stay informed and secure by following updates from trustworthy sources and implementing robust cybersecurity measures.

Disclaimer: This summary excludes advertisements, introductory segments, and other non-content elements to focus solely on the informative aspects of the podcast.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
The US Removes Tornado Cash sanctions, the White House shifts cyber responsibility to state and local governments, a Michigan football coach is indicted for hacking and Google sues a Maps scam syndicate. This is the Risky Bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 24th of March and this podcast episode is brought to you by Sublime Security, an email security platform that's not a black box. In today's top story, the U.S. treasury has removed sanctions against the Tornado Cash cryptocurrency mixer. Last year, a US Court ruled that the treasury overstepped its authority when it sanctioned the service in September 2022. Tornado Cash has been accused of laundering more than $7 billion worth of crypto assets since 2019. The criminal charges against Tornado Cash's founders have not been withdrawn. In other news, last Week's changed files GitHub Action Compromise was part of a supply chain attack targeting cryptocurrency exchange Coinbase. The ultimate target for the attack was a Coinbase open Source Project Agent kit. The aim was to leak access tokens for the Coinbase platform, according to security firms Wiz and Palo Alto Networks. The attack failed and Coinbase was unaffected. Wiz claims to have identified the attacker as French and English speaking, with working hours corresponding to the those in Europe or Africa. US President Donald Trump has signed an executive order shifting responsibility for managing critical infrastructure from federal agencies to state and local governments. Those responsibilities include defending and responding to cyber attacks, wildfires, hurricanes and other events. The executive order comes amid ongoing cuts to the US Federal government workforce. The French parliament has rejected an anti drug trafficking bill that would have mandated encryption backdoors in messaging services. France is one of several European countries that's considered similar laws with the others, including the Netherlands, Sweden and the UK Signal has said it would withdraw its service in France if the law passed. The U.S. department of justice indicted a former University of Michigan football coach on hacking related charges. Officials claim Matthew Weiss gained unauthorised access to student athlete databases and collected the personal information of more than 150,000 people. Weiss allegedly used that stolen data to access social media and email accounts of more than 3,000 students, where he downloaded intimate photos and videos. The offences allegedly took place between 2015 and January 2023. Authorities in two US states have detained more than a dozen Chinese nationals who were allegedly part of a Tap to Pay mobile phone fraud scheme. The suspects allegedly used relay attacks to conduct fraudulent contactless payment card transactions. The transactions were done by mules in America using cell phones, but the credit card Information was being relayed to the phones from China. The mules purchased gift cards and other products. This style of payment card relay fraud had previously only been seen in Southeast Asia. Google has filed a lawsuit against a criminal group that ran thousands of scams on Google Maps. The group created fake companies called Duress Verticals. These are companies offering the types of services people usually need in a hurry, like locksmiths or car towing services. When a prospective customer contacts the fake company, the operator scams them by demanding gift card or credit card details. Google discovered the syndicate last year and has removed more than 10,000 scam listings so far. Taiwanese white label laptop maker Klevo has leaked secure boot private keys in its firmware updates. Attackers can use the leaked keys to sign malicious firmware. Security firm Binaly found private keys in 15 firmware images corresponding to 10 laptop models, most of which are gigabyte branded. Router maker Kinetic left its mobile app database exposed without a password. Passwords configured in home network routers were leaked, including vpn, wi fi and local password hashes. Most of the affected routers are located in Russia. A hacker has stolen $8.85 million worth of crypto assets from the Zoth blockchain project. The attacker gained access to a privileged account and deployed a malicious contract that withdrew the platform's funds. The company is offering a $500,000 reward to anyone who can identify the hacker and recover the stolen assets. The Cloak ransomware gang has taken credit for breaching the Virginia attorney general's office last week. The agency has taken down its computer network and has instruct to use hard copy court filings while they deal with the attack. The Cloak gang has published the agency's data, which suggests officials decline to pay the ransom. Clearview AI has settled a class action lawsuit in the state of Illinois granting plaintiffs a 23% stake in its future IPO. This marks the first time a major privacy lawsuit has been settled for a stake in the company's future value rather than an agreed dollar amount. The settlement comes a month after Clearview's CEO resign. CISA says threat actors are exploiting a vulnerability in the Nakevo backup and replication software. The vulnerability allows attackers to retrieve a backup server's password or the backup files themselves. Nakevo silently patched the bug without responding to the researchers who found it and only acknowledged the issue a week after it was disclosed. NASMaker QNAP says it's temporarily removed the Nakevo backup system from its products until it receives a fixed version from the company. Steam has removed the demo of an upcoming game named Phantom's Resolution for installing malware on user devices. Valve has removed the game after reports on Reddit that the demo was installing an infostealer. This is the second malicious game removed from Steam this month, a rare occurrence for the usually clean platform. A Russian exploit reseller is offering up to $4 million for Telegram zero days and exploit chains. The exploits must run on Windows, Android or iOS. The company is suspected of supplying Russian state agencies and has previously declared it only sells exploits to non NATO countries. It regularly offers higher prices than rival vendors, mostly due to its association with Russian authorities. And finally, the EU says China and Russia were behind most of the disinformation and foreign interference campaigns targeting the EU and partner countries in 2024. The EU's External Action Team has uncovered over 38 online channels involved in the spread of disinformation across the eu. Twitter, Facebook and third party websites were the most used channels to spread disinformation and that is all for this podcast edition. Today's show was brought to you by our sponsor, Sublime Security. Buy them at Sublime Security thanks to your company.

Risky Bulletin: US Removes Tornado Cash Sanctions – Summary

Podcast Title: Risky Bulletin
Host: Claire Aird
Release Date: March 24, 2025
Host/Author: risky.biz
Produced by: Catalyn Kim Panu

Introduction

U.S. Removes Tornado Cash Sanctions

Key Points:

The U.S. Treasury has lifted sanctions against Tornado Cash, a cryptocurrency mixer.
Last year, a U.S. Court determined that the Treasury had exceeded its authority in sanctioning Tornado Cash.

Notable Quote:

"The U.S. Treasury has removed sanctions against Tornado Cash, citing a court ruling that previously overstepped its authority." – Claire Aird [02:15]

GitHub Action Compromise: A Failed Supply Chain Attack on Coinbase

Key Points:

A sophisticated supply chain attack targeted Coinbase's open-source project.
The aim was to leak access tokens, but the attack was unsuccessful, leaving Coinbase unaffected.

Notable Quote:

"The attack aimed to leak access tokens for the Coinbase platform but ultimately failed, leaving Coinbase unaffected." – Claire Aird [05:40]

Executive Order Shifting Cyber Responsibilities to State and Local Governments

Key Points:

President Donald Trump signed an executive order reallocating cyber defense responsibilities.
This shift includes managing responses to cyberattacks, natural disasters, and other critical infrastructures.

Notable Quote:

"President Trump’s executive order marks a significant shift in how the U.S. manages its critical infrastructure and cyber defenses." – Claire Aird [08:30]

International Legislative Developments: France Rejects Anti-Drug Trafficking Bill

Key Points:

The French parliament has dismissed a bill that would have required encryption backdoors in messaging services.
Countries like the Netherlands, Sweden, and the UK face similar legislative pressures.

Notable Quote:

"France's rejection of the anti-drug trafficking bill is a victory for privacy advocates and secure communication services." – Claire Aird [12:05]

High-Profile Indictment: Former Michigan Football Coach Charged with Hacking

Key Points:

Matthew Weiss, a former University of Michigan football coach, has been indicted for unauthorized access to student athlete databases.
The indictment alleges theft of personal information and intimate media from over 150,000 individuals.

Notable Quote:

"The indictment of Matthew Weiss highlights the critical need for securing personal data against unauthorized access by insiders." – Claire Aird [15:45]

Mobile Phone Fraud Scheme Targeting U.S. States

Key Points:

Over a dozen Chinese nationals have been detained in connection with a Tap to Pay fraud scheme.
The operation involved relay attacks facilitating fraudulent contactless payment transactions in the U.S.

Notable Quote:

"This fraud scheme represents a novel approach to contactless payment fraud, expanding its reach into the American market." – Claire Aird [19:10]

Google Sues Fake Google Maps Syndicate

Key Points:

Google has filed a lawsuit against a criminal group responsible for thousands of scams on Google Maps.
The syndicate created fake businesses to deceive customers into providing gift card and credit card information.

Notable Quote:

"Google's lawsuit against the syndicate underscores the company's dedication to combating online fraud and protecting users." – Claire Aird [22:30]

Security Vulnerabilities and Data Breaches

Klevo Leaks Secure Boot Private Keys

Details: Taiwanese laptop maker Klevo inadvertently leaked secure boot private keys in firmware updates, allowing attackers to sign malicious firmware.

Notable Quote:

"The leakage of secure boot keys is a severe vulnerability that can be exploited to compromise device integrity." – Claire Aird [25:00]

Kinetic Exposes Router App Database

Details: Router manufacturer Kinetic left its mobile app database unsecured, exposing VPN, Wi-Fi, and local password hashes, predominantly affecting Russian users.

Notable Quote:

"Exposed databases present a goldmine for attackers seeking to undermine network security." – Claire Aird [27:45]

Zoth Blockchain Project Hits with $8.85 Million Crypto Theft

Notable Quote:

"The Zoth incident highlights the vulnerabilities inherent in blockchain project governance and the need for stringent security protocols." – Claire Aird [30:20]

Ransomware and Legal Settlements

Cloak Ransomware Gang Targets Virginia Attorney General's Office

Notable Quote:

"The successful breach of a state attorney general's office by the Cloak gang underscores the persistent threat of ransomware to governmental institutions." – Claire Aird [33:10]

Clearview AI Settles Illinois Class Action Lawsuit

Notable Quote:

"Clearview AI's settlement marks a turning point in privacy litigation, prioritizing long-term accountability over immediate payouts." – Claire Aird [35:50]

Vulnerabilities Exploited and Platform Security

CISA Reports Exploitation of Nakevo Software

Notable Quote:

"Vulnerabilities in backup systems like Nakevo can have far-reaching implications for data security across multiple sectors." – Claire Aird [38:25]

Steam Removes Malicious Game Demo

Notable Quote:

"The removal of malicious game demos from platforms like Steam is crucial in safeguarding users from cyber threats." – Claire Aird [40:15]

Exploit Market Dynamics and Geopolitical Interference

Russian Exploit Reseller Offers High-Paying Zero Days

Notable Quote:

"The lucrative nature of zero-day exploits continues to fuel a shadow market, often entangled with state-sponsored activities." – Claire Aird [43:00]

EU Identifies China and Russia as Primary Sources of Disinformation

Notable Quote:

"China and Russia's orchestrated disinformation campaigns present significant challenges to the EU's information integrity and democratic processes." – Claire Aird [45:50]

Conclusion

Final Note:

"As cyber threats continue to grow in sophistication, it's imperative for all stakeholders to remain vigilant and proactive in their defense strategies." – Claire Aird [48:30]

Listeners are encouraged to stay informed and secure by following updates from trustworthy sources and implementing robust cybersecurity measures.

Disclaimer: This summary excludes advertisements, introductory segments, and other non-content elements to focus solely on the informative aspects of the podcast.