Here are the week’s most important cybersecurity headlines.
- Two independent hackers claimed responsibility for breaching Sony.
- Canada’s largest airline admitted a data breach affecting employees.
- Graphics processing units were vulnerable to a browser-based data-exfiltration attack against GPUs.
- Conversations from Google’s Bard chatbot appeared in Google’s public search results.
Two independent hackers claim Sony breach
Sony said it is investigating a potential cyberattack on its systems after two separate hackers claimed responsibility for the breach. This is reported by Bleeping Computer.
Initially, the group RansomedVC claimed successful compromise of “all Sony systems” and theft of 260 GB of data. As proof, they published samples around 2 MB in size, including a PowerPoint presentation, some Java source code files, and screenshots of the Eclipse IDE.
The attackers promptly put the dump up for sale for $2.5 million, claiming “Sony refused to pay the ransom.”
However, after some time another hacker, known as MajorNelson, also claimed responsibility for the leak. The files published by him amount to 3.14 GB and include Sony certificates, a device emulator for generating licenses, and data from the Creators’ Cloud platform.
Journalists were unable to independently verify the claims of either attacker.
Sony declined to comment while the investigation was ongoing.
Canada’s largest airline admitted a data breach affecting employees
Personal data of some Air Canada employees was exposed to an unauthorised party for a short period.
According to the statement, the attackers gained limited access to an internal system containing personal data of some company employees.
The incident did not affect flight-management systems, and the attackers did not gain access to customer information.
Air Canada has contacted all affected parties and reported the incident to law enforcement authorities.
The company is now operating normally.
No hacker group has claimed responsibility for this incident yet.
GPUs were vulnerable to a browser-based data-theft attack
Researchers from four American universities found that all six major GPU vendors are vulnerable to the GPU Zip attack, which allows malicious sites to read the confidential visuals, including usernames and passwords.
First they brought you hertzbleed, now comes a new GPU-side channel attack, GPU Zip!
It takes about 30 Minutes on AMD GPUs, but the technique allows an attacker on one domain to read the pixels displayed by another website!
Full paper in the comments. pic.twitter.com/cXMRiN4LKE
— LaurieWired (@lauriewired) September 27, 2023
The leak occurs through data compression performed by both integrated and discrete GPUs to enhance performance.
This allows bypassing the правило ограничения домена, enabling a malicious site to view the content or final visual product of a legitimate page.
In the Chrome browser experiment, researchers exfiltrated the pixels forming the name of a Wikipedia user. The attack speed scales with GPU performance. On an AMD Ryzen 7 4800U, it took 30 minutes, on an Intel Core i7-8700 — 215 minutes, with accuracies of 97.5% and 98.3%, respectively.
Preliminary data suggest that tested were integrated GPUs from AMD, Apple, Arm, Intel and Qualcomm, as well as one discrete Nvidia GPU.
A representative from Intel told the media that the issue lies not with the processor, but with the use of third-party software.
Bard conversations indexed in public search results
Private user conversations with Google’s Bard chatbot appeared in public search results. This was highlighted by SEO consultant Gagan Gotra.
Haha ? Google started to index share conversation URLs of Bard ? don’t share any personal info with Bard in conversation, it will get indexed and may be someone will arrive on that conversation from search and see your info ?
Also Bard’s conversation URLs are ranking as… pic.twitter.com/SKGXJD9KEJ
— Gagan Ghotra (@gaganghotra_) September 26, 2023
As later revealed, the private dialogues that appeared in search results were previously shared with other users using the ‘Share’ feature. For some reason, Google did not block indexing of this content by search engines.
By default, all Bard conversations are confidential.
The tech giant has acknowledged the error and begun blocking indexing of such chats.
Bard allows people to share chats, if they choose. We also don’t intend for these shared chats to be indexed by Google Search. We’re working on blocking them from being indexed now.
— Google SearchLiaison (@searchliaison) September 26, 2023
Fraudulent investment apps detected in the App Store
Attackers distribute fraudulent apps in the App Store posing as cryptocurrency investment platforms and micro-games to test financial literacy. This was reported by Kaspersky Lab.
After installation, users are redirected to a phishing page advertising a project supposedly from a major resource-extraction company, promising monthly earnings of 100,000 to 150,000 rubles.
Participation requires filling out a form with full name, email address and phone number. Subsequently, the victim receives a call encouraging investment in the dubious project.
The attackers have learned to bypass App Store moderation: they first upload a clean stub app, and later, in an update, add the malicious features they need.
The fake apps have since been removed from the store.
Bloggers targeted via Telegram posing as advertisers
Phishers attempt to harvest Telegram credentials from Russian-language bloggers, offering promotional partnerships on behalf of a major online-retail company.
As Kaspersky Lab found, the attackers follow the standard business-like script for such engagements: negotiate terms, price, and select products.
At a certain stage the blogger is asked to register on a partner-program site, providing full name, email address, subscriber count, channel reach, and a phone number.
After this, the victim is automatically redirected to a fake Telegram login form and asked to enter a one-time code to sign in. The need for such information is allegedly justified by new advertising-law requirements.
In reality, with these details the attackers seize control of the Telegram account and all channels linked to it.
Also on ForkLog:
- Russian footballer lost 2.3 million rubles on buying cryptocurrency.
- A Thai court extended the detention of suspects in Binance money laundering.
- Report: damage from hacks and scams in Q3 amounted to $889 million.
- Former IcomTech head admitted involvement in a cryptocurrency pyramid.
- Founder of AirBit Club crypto pyramid sentenced to 12 years in prison.
- Ethereum wallet linked to the Sinaloa cartel sanctioned by the US.
- Microsoft plans to integrate a crypto wallet into Xbox leaked.
- Unknown drained $7.9 million from HTX hot wallet.
- Lawyers assess Sam Bankman-Fried’s chances in court.
- Wallets of Bitmama defendant discovered in crypto-fraud case.
- Russian actor lost about $260,000 on fraudulent Bitcoin investments.
- The US trained Ukraine to identify sanctions-evasion through cryptocurrencies.
- Media reported possible escape of JPEX organizers.
- Upbit conducted operations with fake tokens Aptos.
- Mixin Network suffered a $200 million breach.
- Hacked Lazarus wallets contained $42.5 million in Bitcoin.
What to read this weekend?
A piece on how myths about NFTs as scams originated and why they are easy to debunk.