Risky Biz News: Trump campaign points finger at Iran for hack-and-leak
08:06 Share

The Trump campaign points the finger at Iran for a hack and leak. The FBI arrests another laptop farmer helping North Korea. An AMD processor flaw goes back two decades. And a soccer club gets BEC scammed for a player's transfer fee. This is Risky Business News, prepared by Katalin Kimpanu and read by me, Claire Aird. Today is the 12th of August, and this podcast episode is brought to you by Corelight.

In today's top story, the Trump campaign claims Iranian government hackers stole a trove of sensitive campaign documents and leaked them to Politico. A persona using the name Robert used an AOL email address to send the documents to Politico in July. The documents allegedly contained vetting materials for J.D. Vance and Marco Rubio that were compiled by the Trump team as he chose his running mate.

Trump campaign spokesperson Steve Chung said a Microsoft report published last week was related to the incident. Chung's statement implies that the Trump campaign was hacked by Iranian cyber espionage group APT35. According to Microsoft and Sequoia, the group is part of Iran's Islamic Revolutionary Guard Corps intelligence and cyber unit, the IRGCIO.

Neither Microsoft or the US government have confirmed the Trump campaign's attribution, but former CISA director Chris Krebs says it is, and I quote, the real deal.

In other news, the Russian and Venezuelan governments have blocked access to the Signal Secure messaging app. Russia's communications watchdog says it blocked the service because it was being used for terrorist and extremist purposes. The block in Venezuela comes days after the Maduro regime also blocked Twitter. Protests broke out across Venezuela after President Maduro claimed victory in the country's election without providing any evidence that he actually won.

Dozens of protesters have been killed by the military and more than 1,000 protesters have been arrested in their homes. Signal says users can enable the censorship circumvention feature to get around the block.

The United Nations Ad Hoc Committee on Cybercrime has unanimously passed a proposed reform of its Cybercrime Treaty after three years of negotiations. It now moves to a vote in the General Assembly later this year where it's expected to pass. The treaty's draft was originally proposed by Russia and has been heavily criticised by human rights organisations ever since.

Two US senators have introduced a bill that would require federal contractors to run vulnerability disclosure programs. US federal agencies are already required to run bug bounty programs, but the new bill extends the same requirement to their contractors. A similar bill passed in the House in May. The new bill is sponsored by Senators Mark Warner, Chairman of the Senate Select Committee on Intelligence, and James Lankford, a member of the Senate Committee on Homeland Security and Governmental Affairs.

The U.S. has arrested and charged a 38-year-old Tennessee man for allegedly running a laptop farm for North Korean IT workers. U.S. officials say Matthew Isaac Newt was part of a scheme to help North Korean programmers pose as American-based employees. The workers would apply for remote jobs in the U.S. and have their work laptops sent to Newt's Nashville residence. Newt would install remote access software on the laptops and help the workers appear to be based in the U.S.,

Officials say the suspect made over $250,000 from hosting the laptop farm. Newt is the second suspect arrested in the FBI's crackdown on North Korean laptop farms. An Arizona woman was detained on similar charges in May. The Finnish court has sentenced three brothers to nearly three years in prison for an extortion scheme targeting lock manufacturer Assa Abloy.

Anssi, Henri and Pauli Pukkari found vulnerability in Abloy Smart Locks in 2021. The trio anonymously contacted the vendor and threatened to publish details about the bugs unless they were paid a 37 million euro bounty. Officials say the brother who orchestrated the scheme formerly worked as a police officer in the city of Tampere, Finland.

Qatari soccer club Al Garafa has fallen victim to a BEC scam after it sent a player's transfer fee to the bank account of a Vietnamese scam group. The hack was discovered at the start of the month when Romanian soccer club FCSB didn't receive the final €1 million payment for the transfer of midfielder Florinel Koman. The club had sold Koman to Al Garafa earlier this year for €6.25 million.

Qatari officials discovered the hack when the FCSB asked why they hadn't made the final payment.

Security researcher Vangelis Stikas has helped six companies avoid paying hefty ransoms after he found vulnerabilities in the web panels used by the Everest and Black Cat ransomware gangs. Stikas was able to provide decryption keys for two companies and notify four before the encryption process could get underway. The vulnerabilities included the use of default passwords for back-end databases, exposed file directories and unsecured API endpoints.

AMD has released firmware updates for CPUs that are impacted by a vulnerability known as Synclose. The new attack was discovered by security firm IOactive and impacts the system management mode, a highly privileged mode, inside AMD CPUs. The Synclose attack allows threat actors to bypass security protections and install low-level rootkits with the help of the SMM. Synclose impacts nearly all of AMD's processors.

Two security researchers have found vulnerability in Ecovacs vacuum and lawnmower robots that could be used to hijack the devices. The main issue is a bug that allows threat actors to connect to any Ecovacs system via Bluetooth up to 130 metres away. From here, attackers can expand access and take control of the devices via the internet.

The two researchers say Ecovacs never replied to their emails and that the vulnerabilities are likely still unfixed. The pair will present their findings at DEF CON.

Security researchers from SafeReach Labs have discovered 10 vulnerabilities impacting Google's QuickShare peer-to-peer data transfer utility. The vulnerabilities can allow threat actors to remotely write files to a user's Android or Windows system without authentication or the user's permission. They can also be used to take over the Windows system's Wi-Fi connections. Google has release patches for all reported issues.

AWS says it'll start issuing CVE identifiers for vulnerabilities reported in its cloud services. To receive a CVE, Amazon says bug reports must have a CVSS severity score of 4 or higher. AWS joins Microsoft as the second cloud vendor to issue CVEs for cloud bugs.

The DoD's Defence Advanced Research Projects Agency has appointed Peter Mudge-Zatko as its new Chief Information Officer. Zatko returns to DARPA after 11 years in the private sector. He previously served as Cyber Program Manager between 2010 and 2013 and as Twitter's Head of Security between 2017 and 2020.

And finally, cybersecurity firm Trend Micro is exploring a sale. According to Reuters, the company is valued at around $6.5 billion and is working with investment bankers to search for a buyer. Trend Micro recently reported a 13% year-on-year increase in the second quarter net sales. And that is all for this podcast edition. Today's show was brought to you by our sponsor, CoreLite. Find them at corelite.com. Thanks for your company.