Your GPU knows your secrets
Researchers from Ben-Gurion University and the University of Lille published a paper demonstrating a new GPU fingerprinting method called DrawnApart. This can create a “reliable and robust device signature” using variations in speed from multiple execution units in a GPU, looking at the time to render graphics primitives using the WebGL API. This is based on manufacturing differences in identical GPUs, so unlike typical browser-based fingerprinting, would distinguish machines with identical hardware and software configurations. Using a top-end fingerprint linking algorithm, DrawnApart extended median tracking times from 17.5 days to 28 days.
UPnP behind Eternal Silence router campaign
The connectivity protocol Universal Plug and Play is at fault for another malware campaign dubbed Eternal Silence. Researchers at Akamai spotted attackers using a UPnProxy vulnerability to create malicious proxies on over 45,000 routers. This opens the door to installing cryptominers or launching further wormable attacks across a network. The researchers warn that Eternal Silence gets around network segmentation, and can generally only be seen by scanning endpoints and auditing NAT tables. Infected routers also need to be reset or flashed to get back to normal.
DeFi platform hacked for $80 million
In an incident report, Qubit Finance disclosed that malicious actors exploited a security flaw within the smart contract code of the company’s blockchain, letting the attackers not deposit anything, but withdraw the equivalent of $80 million in Binance Coin. Qubit usually acts as a settlement processing provider between various blockchain providers, letting people withdraw a different cryptocurrency than they deposited. The company is now offering the hackers a $250,000 bug bounty to encourage them to return the funds.
The top three industries for ransomware
According to data gathered by the threat intelligence firm Trellix, between July and September 2021, the banking, utilities, and retail industries were the most targeted by ransomware organizations. These three sectors accounted for 58% of all observed attacks. The report found that ransomware gangs have adapted methods over time to target “ the most sensitive data and services,” noting that education, government and industrial services remained prominent targets. It should be noted that many of the groups behind major ransomware attacks during the time looked at in this study have either disappeared or gone dark, with new organizations emerging to fill the void.
(ZDNet)
Thanks to our episode sponsor, Pentera
Apple opens the door for unlisted apps
The company now allows developers to publish unlisted apps on the App Store. These can be shared with private links and will not appear in search. This isn’t meant to be a replacement for its TestFlight beta system, and there is no invite-only mechanism for unlisted apps. It’s more seen as being used for apps required internally by organizations that don’t necessarily need to be searched for by the public. Developers can request to move published apps to unlisted, although all old links to them will still work. .
Messenger hit with prize phishing campaign
Finland’s National Cyber Security Centre issued a warning about the new campaign currently active in the country. Targeted victims receive a message claiming to be from a friend asking for their phone number, under the pretext its to enter them into a prize drawing. This “drawing” will send an SMS code to their phone, which the friend asks for. This is used to log into the victim’s Facebook account, change their password and email. From their the scammers reach out to the victim’s network. The agency warned it appears the scammers have recently gotten more ambitious, asking for credit card and banking information to transfer prize payments.
Meta suspends registration for analytics tool
Meta paused new users from joining its CrowdTangle social media tracking tool, although new users can still be added to existing company accounts. The tool can be used to analyze public content available on Facebook, Instagram and Reddit. Meta disbanded the CrowdTangle team last year, moving the tool under its new data and transparency team. The company said user registrations were suspended due to staff shortages caused by the reorganization. No word on how long registration will be paused.
(Reuters)
Grindr disappears from Chinese app stores
The iOS App Store and Android app markets operated by Tencent and Huawei no longer list the dating app Grindr in China. App researchers at Qimai noted the iOS version was removed on January 27th, its unclear when Android apps were removed. 9to5Mac’s source say the iOS app was removed by Grindr’s parent company. Grindr users in China reported issues with the app over the past several weeks, often unable to send messages or add likes. Competitor LGBTQ dating apps remain available in the country. Grindr was sold by the Chinese video game development company Kunlun Tech to a group of US-based investors in March 2020. Ahead of the Winter Olympics, the Cyberspace Administration of China announced a month long crack down on online rumors, pornography and illegal content.
(9to5Mac)