GPU pixel theft, public private conversations with Bard, and other cybersecurity events

We’ve collected the most important news from the world of cybersecurity this week.

Two independent hackers claim to have hacked Sony

Sony has announced that it is investigating a potential cyber attack on its systems after two different hackers claimed responsibility for the hack. This is reported by Bleeping Computer.

Initially, the ransomware group RansomedVC made a statement about the successful compromise of “all Sony systems” and the theft of 260 GB of data. As proof, they published samples of about 2 MB in size, including a PowerPoint presentation, some Java source code files, and Eclipse screenshots IDE.

The attackers immediately put the dump up for sale for $2.5 million because, according to them, “Sony refused to pay the ransom.”

However, after some time, another hacker under the nickname MajorNelson also took responsibility for the leak. The files he published weigh 3.14 GB and contain, among other things, Sony certificates, a device emulator for generating licenses, and data from the Creators’ Cloud platform.

Journalists were unable to independently verify the veracity of the statements of any of the attackers.

Pending the investigation, Sony declined to comment on the situation.

Canada’s largest airline admits to employee data breach

The personal information of some Air Canada employees was “briefly” exposed to an unauthorized party.

According to the statement, the attackers gained limited access to the internal system containing the personal data of some of the company’s employees.

However, the incident did not affect flight control systems, and the attackers did not gain access to customer information.

Air Canada has contacted all affected parties and has contacted law enforcement.

The company is now operating as normal.

None of the hacker groups have yet claimed responsibility for this incident.

GPUs were vulnerable to browser-based data theft attacks

​​Researchers from four US universities have found that all six major GPU vendors are vulnerable to the GPU.zip attack, which allows malicious sites to read sensitive visual data, including usernames and passwords.

First they brought you hertzbleed, now comes a new GPU-side channel attack, GPU Zip!

It takes about 30 Minutes on AMD GPUs, but the technique allows an attacker on one domain to read the pixels displayed by another website!

Full paper in the comments. pic.twitter.com/cXMRiN4LKE

— LaurieWired (@lauriewired) September 27, 2023

The leak occurs during data compression performed by both integrated and discrete GPUs to improve performance.

This allows you to bypass the domain restriction rule, allowing a malicious site to view the content or final visual product of a legitimate page.

During the experiment, scientists used the Chrome browser to steal pixels that made up the name of one of the users of the Wikipedia portal. The speed of the attack directly depends on the performance of the GPU. On AMD Ryzen 7 4800U GPUs it took 30 minutes, on Intel Core i7-8700 it took 215 minutes with an accuracy of 97.5% and 98.3%, respectively.

According to preliminary data, the testing mode affected integrated GPUs from AMD, Apple, Arm, Intel and Qualcomm, as well as one discrete GPU from Nvidia.

An Intel representative said in a media comment that the problem is not with the processor, but with the use of third-party software.

Dialogues from the Bard chatbot were included in the general Google search results

Users’ private conversations with Google’s Bard chatbot appeared in public search results. The problem was brought to the attention of SEO consultant Gagan Gotra.

Haha 😂 Google started to index share conversation URLs of Bard 😹 don’t share any personal info with Bard in conversation, it will get indexed and may be someone will arrive on that conversation from search and see your info 😳

Also Bard’s conversation URLs are ranking as… pic.twitter.com/SKGXJD9KEJ

— Gagan Ghotra (@gaganghotra_) September 26, 2023

As it turned out later, the private dialogues that appeared in the search results had previously been shared with other users using the “Share” function. However, for some reason, Google did not block search engines from indexing this content.

By default, all conversations with Bard are private.

The tech giant has already admitted the mistake and has begun blocking the indexing of such chats.

Bard allows people to share chats, if they choose. We also don’t intend for these shared chats to be indexed by Google Search. We’re working on blocking them from being indexed now.

— Google SearchLiaison (@searchliaison) September 26, 2023

Fraudulent investment applications discovered in the App Store

Attackers distribute fraudulent applications in the App Store under the guise of investment cryptocurrency platforms and mini-games to test financial literacy. This was reported by Kaspersky Lab.

After installing the program, the user is redirected to a phishing page on which a project is advertised allegedly from a large resource mining company with the promise of monthly earnings from 100,000 to 150,000 rubles.

To participate, you must fill out a form indicating your full name, email address and phone number. Subsequently, the potential victim receives a call during which he is persuaded to invest in a dubious project.

Attackers have learned to bypass moderation in the App Store: first they download a clean stub application, and then add the malicious functions they need in an update.

The fake programs have now been removed from the store.

Bloggers were attacked via Telegram under the guise of advertisers

Phishers are trying to lure credentials from the Telegram accounts of Russian-speaking bloggers, offering them advertising cooperation on behalf of a large online retail company.

As Kaspersky Lab found out, attackers adhere to the standard business communication scheme for such interactions: they negotiate conditions, prices, and select goods.

At a certain stage, the blogger is asked to register on the affiliate program website, indicating his full name, email address, number of subscribers and channel coverage, as well as a phone number.

After this, the victim is automatically redirected to a fake Telegram authorization form and asked to enter a one-time code to log into the account. The need for such information is explained by the supposedly new requirements of the advertising law.

In fact, with the help of this data, attackers seize an account in the messenger and all Telegram channels linked to it.

Also on ForkLog:

What to read this weekend?

An article about how the myths about NFTs as a scam were born and why they are easily debunked.

Found an error in the text? Select it and press CTRL+ENTER