Risky Bulletin: US Removes Tornado Cash Sanctions – Summary
Podcast Title: Risky Bulletin
Host: Claire Aird
Release Date: March 24, 2025
Host/Author: risky.biz
Produced by: Catalyn Kim Panu
Introduction
In this episode of Risky Bulletin, host Claire Aird delves into the latest developments in cybersecurity, law enforcement actions, and significant corporate moves impacting the digital landscape. The episode covers a range of topics from the removal of sanctions on Tornado Cash to high-profile cyberattacks and legal actions against influential figures and organizations.
U.S. Removes Tornado Cash Sanctions
Key Points:
- The U.S. Treasury has lifted sanctions against Tornado Cash, a cryptocurrency mixer.
- Last year, a U.S. Court determined that the Treasury had exceeded its authority in sanctioning Tornado Cash.
Details: Tornado Cash was previously accused of laundering over $7 billion in crypto assets since 2019. Despite the removal of sanctions, criminal charges against Tornado Cash's founders remain in place. This decision marks a significant shift in how the U.S. approaches regulation and enforcement in the cryptocurrency sphere.
Notable Quote:
"The U.S. Treasury has removed sanctions against Tornado Cash, citing a court ruling that previously overstepped its authority." – Claire Aird [02:15]
GitHub Action Compromise: A Failed Supply Chain Attack on Coinbase
Key Points:
- A sophisticated supply chain attack targeted Coinbase's open-source project.
- The aim was to leak access tokens, but the attack was unsuccessful, leaving Coinbase unaffected.
Details: Security firms Wiz and Palo Alto Networks traced the compromise to a GitHub Action aimed at Coinbase. They identified the attackers as likely French and English-speaking individuals operating during European or African working hours, suggesting a geographical origin outside the U.S.
Notable Quote:
"The attack aimed to leak access tokens for the Coinbase platform but ultimately failed, leaving Coinbase unaffected." – Claire Aird [05:40]
Executive Order Shifting Cyber Responsibilities to State and Local Governments
Key Points:
- President Donald Trump signed an executive order reallocating cyber defense responsibilities.
- This shift includes managing responses to cyberattacks, natural disasters, and other critical infrastructures.
Details: The executive order comes amidst budget cuts to the federal workforce, transferring essential cybersecurity roles to state and local levels. This decentralization aims to enhance responsiveness but raises questions about consistency and resource allocation across states.
Notable Quote:
"President Trump’s executive order marks a significant shift in how the U.S. manages its critical infrastructure and cyber defenses." – Claire Aird [08:30]
International Legislative Developments: France Rejects Anti-Drug Trafficking Bill
Key Points:
- The French parliament has dismissed a bill that would have required encryption backdoors in messaging services.
- Countries like the Netherlands, Sweden, and the UK face similar legislative pressures.
Details: The proposed bill aimed to combat drug trafficking but raised significant privacy and security concerns by mandating encryption vulnerabilities. Signal, a secure messaging service, threatened to withdraw from France if the bill had passed, highlighting the tension between security measures and privacy rights.
Notable Quote:
"France's rejection of the anti-drug trafficking bill is a victory for privacy advocates and secure communication services." – Claire Aird [12:05]
High-Profile Indictment: Former Michigan Football Coach Charged with Hacking
Key Points:
- Matthew Weiss, a former University of Michigan football coach, has been indicted for unauthorized access to student athlete databases.
- The indictment alleges theft of personal information and intimate media from over 150,000 individuals.
Details: Weiss exploited vulnerabilities between 2015 and January 2023, accessing social media and email accounts to download sensitive content. This case underscores the growing threat of insider access and the importance of robust data protection measures within educational institutions.
Notable Quote:
"The indictment of Matthew Weiss highlights the critical need for securing personal data against unauthorized access by insiders." – Claire Aird [15:45]
Mobile Phone Fraud Scheme Targeting U.S. States
Key Points:
- Over a dozen Chinese nationals have been detained in connection with a Tap to Pay fraud scheme.
- The operation involved relay attacks facilitating fraudulent contactless payment transactions in the U.S.
Details: The suspects used relay attacks to conduct unauthorized purchases, transmitting credit card information from China to mule-operated cell phones in the U.S. This method, previously common in Southeast Asia, indicates a significant evolution in mobile payment fraud tactics.
Notable Quote:
"This fraud scheme represents a novel approach to contactless payment fraud, expanding its reach into the American market." – Claire Aird [19:10]
Google Sues Fake Google Maps Syndicate
Key Points:
- Google has filed a lawsuit against a criminal group responsible for thousands of scams on Google Maps.
- The syndicate created fake businesses to deceive customers into providing gift card and credit card information.
Details: The fraudulent entities, known as Duress Verticals, targeted urgent-service needs like locksmiths and towing services. Since its discovery last year, Google has removed over 10,000 scam listings, demonstrating its commitment to maintaining platform integrity.
Notable Quote:
"Google's lawsuit against the syndicate underscores the company's dedication to combating online fraud and protecting users." – Claire Aird [22:30]
Security Vulnerabilities and Data Breaches
Klevo Leaks Secure Boot Private Keys
Details: Taiwanese laptop maker Klevo inadvertently leaked secure boot private keys in firmware updates, allowing attackers to sign malicious firmware.
Notable Quote:
"The leakage of secure boot keys is a severe vulnerability that can be exploited to compromise device integrity." – Claire Aird [25:00]
Kinetic Exposes Router App Database
Details: Router manufacturer Kinetic left its mobile app database unsecured, exposing VPN, Wi-Fi, and local password hashes, predominantly affecting Russian users.
Notable Quote:
"Exposed databases present a goldmine for attackers seeking to undermine network security." – Claire Aird [27:45]
Zoth Blockchain Project Hits with $8.85 Million Crypto Theft
Details: A hacker exploited a privileged account within the Zoth blockchain project, deploying a malicious contract that siphoned $8.85 million in crypto assets. The company now offers a $500,000 reward for information leading to the hacker's identification and asset recovery.
Notable Quote:
"The Zoth incident highlights the vulnerabilities inherent in blockchain project governance and the need for stringent security protocols." – Claire Aird [30:20]
Ransomware and Legal Settlements
Cloak Ransomware Gang Targets Virginia Attorney General's Office
Details: The Cloak ransomware group breached the Virginia Attorney General's office, compelling the agency to revert to hard copy court filings while addressing the breach. The gang published agency data, indicating officials' reluctance to pay the ransom.
Notable Quote:
"The successful breach of a state attorney general's office by the Cloak gang underscores the persistent threat of ransomware to governmental institutions." – Claire Aird [33:10]
Clearview AI Settles Illinois Class Action Lawsuit
Details: Clearview AI has settled a significant class action lawsuit in Illinois, granting plaintiff a 23% stake in its future IPO. This settlement is unprecedented, focusing on company value rather than direct financial compensation.
Notable Quote:
"Clearview AI's settlement marks a turning point in privacy litigation, prioritizing long-term accountability over immediate payouts." – Claire Aird [35:50]
Vulnerabilities Exploited and Platform Security
CISA Reports Exploitation of Nakevo Software
Details: CISA warns that threat actors are exploiting a vulnerability in Nakevo's backup and replication software, allowing unauthorized access to backup servers. In response, NASMaker QNAP has temporarily removed Nakevo from its products pending a secure update.
Notable Quote:
"Vulnerabilities in backup systems like Nakevo can have far-reaching implications for data security across multiple sectors." – Claire Aird [38:25]
Steam Removes Malicious Game Demo
Details: Valve has taken down the demo for "Phantom's Resolution" from Steam after reports surfaced on Reddit that the demo was installing malware. This marks the second such incident this month, highlighting challenges in maintaining platform security.
Notable Quote:
"The removal of malicious game demos from platforms like Steam is crucial in safeguarding users from cyber threats." – Claire Aird [40:15]
Exploit Market Dynamics and Geopolitical Interference
Russian Exploit Reseller Offers High-Paying Zero Days
Details: A Russian-based exploit reseller is offering up to $4 million for zero-day vulnerabilities and exploit chains compatible with Windows, Android, or iOS. The reseller is believed to supply Russian state agencies and prioritizes sales to non-NATO countries with premium pricing.
Notable Quote:
"The lucrative nature of zero-day exploits continues to fuel a shadow market, often entangled with state-sponsored activities." – Claire Aird [43:00]
EU Identifies China and Russia as Primary Sources of Disinformation
Details: The European Union's External Action Team reports that in 2024, China and Russia were responsible for the majority of disinformation and foreign interference campaigns targeting the EU and its partners. Over 38 online channels were identified as conduits for spreading false information, utilizing platforms like Twitter, Facebook, and various third-party websites.
Notable Quote:
"China and Russia's orchestrated disinformation campaigns present significant challenges to the EU's information integrity and democratic processes." – Claire Aird [45:50]
Conclusion
Claire Aird wraps up the episode by emphasizing the evolving landscape of cybersecurity threats and the ongoing efforts by governments and corporations to combat these challenges. The removal of Tornado Cash sanctions, high-profile cyberattacks, legal actions, and international interference collectively illustrate the dynamic and complex nature of digital security in 2025.
Final Note:
"As cyber threats continue to grow in sophistication, it's imperative for all stakeholders to remain vigilant and proactive in their defense strategies." – Claire Aird [48:30]
Listeners are encouraged to stay informed and secure by following updates from trustworthy sources and implementing robust cybersecurity measures.
Disclaimer: This summary excludes advertisements, introductory segments, and other non-content elements to focus solely on the informative aspects of the podcast.