Archive for January 6, 2023

#PSA: If You Have A Playstation 5… You May Want To Orient It Horizontally

Posted in Commentary with tags on January 6, 2023 by itnerd

This is one of those design flaws that needs to result in some people being fired. I say that because it has come to light that Sony’s Playstation 5 appears to have a design fault that can take months to appear and the failure that is a result of this design flaw only seems to happen if you use the console while it’s in a vertical orientation:

As Wololo reports, hardware repair specialists working on PS5 consoles that fail to boot are finding the problem is caused by the liquid metal thermal interface Sony used on the custom AMD Zen 2 CPU. 

When the PS5 is oriented in a vertical position, over time the liquid metal is moving and spilling out on to the components surrounding the CPU. This also means the liquid metal is no longer evenly spread across the chip it’s meant to help cool.

To back this up, Twitter user @68Logic, who runs a hardware repair store in France, has told PS5 owners not to use the console in a vertical position:

It will be interesting to see if and how Sony responds to these reports. Because if this is an issue that is frequent enough to warrant attention from the tech media, Sony may be in for a recall or a class action lawsuit. At the moment they’ve said nothing. But I suspect that the may not be able to stay silent for long. In the meantime, if you’re a PS5 owner, you may want to use it in a horizontal orientation just to be safe. Issues may not happen to every PS5, but the fact that this is gaining the attention of repair shops and the tech media means that this problem is not an isolated one.

PurpleUrchin Cryptomining Campaign Detailed In New Report

Posted in Commentary with tags on January 6, 2023 by itnerd

Late yesterday I came across a report about the PurpleUrchin threat actor group. Here’s a quick synopsis about them:

The PurpleUrchin cryptomining campaign, first uncovered in October 2022, is characterized as a freejacking operation. While doing our own investigation of this threat actor, Unit 42 researchers found evidence that PurpleUrchin threat actors employed Play and Run tactics, using cloud resources and not paying the cloud platform vendor’s resource bill.

PurpleUrchin actors performed these Play and Run operations through the creation and use of fake accounts, with falsified or potentially stolen credit cards. These fake accounts held a pending unpaid balance. Although one of the largest unpaid balances we found was $190 USD, we suspect the unpaid balances in other fake accounts and cloud services used by the actors could have been much larger due to the scale and breadth of the mining operation.

The report goes into the details of their “play and run” scheme including the fact that:

  • Some of the automated account creation cases bypassed CAPTCHA images using simple image analysis techniques. 
  • The threat actors created fake accounts with stolen or fake credit cards.
  • The creation of more than 130,000 user accounts on various cloud platform services like HerokuTogglebox and GitHub was observed.

Crane Hassold, Director of Threat Intelligence at Abnormal Security had this to say:

“While the tactics described in the report rely on creating a large number of fake accounts and exploiting free trials, the same techniques could be used to leverage resources in an organization’s compromised cloud environment to accomplish the same goals. This is one of the reasons cloud credentials are so valuable in today’s underground cybercrime economy; they can be exploited in dozens of different ways.”

The report makes for some interesting reading and I would encourage you to read it as I can see how this sort of attack could be used for other means other than crypto mining. Thus organizations need to have the means to defend against these sorts of attacks.