PlayStation 4 Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/playstation-4/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 15 Jul 2021 16:10:45 +0000 en-US hourly 1 https://wordpress.org/?v=84976 200474804 Ukrainian law enforcement discovered a mining farm consisting of thousands of PlayStation 4 consoles https://gridinsoft.com/blogs/ukrainian-mining-farm/ https://gridinsoft.com/blogs/ukrainian-mining-farm/#respond Thu, 15 Jul 2021 16:10:45 +0000 https://blog.gridinsoft.com/?p=5706 Last week, Ukrainian law enforcement officers discovered a huge mining farm in Vinnytsa after they noticed a large-scale electricity leak. It turned out that the attackers mined cryptocurrency right in one of the former warehouses of Vinnitsaoblenergo JSC, having illegally connected to the network. Law enforcers say that this is an illegal mining farm they… Continue reading Ukrainian law enforcement discovered a mining farm consisting of thousands of PlayStation 4 consoles

The post Ukrainian law enforcement discovered a mining farm consisting of thousands of PlayStation 4 consoles appeared first on Gridinsoft Blog.

]]>
Last week, Ukrainian law enforcement officers discovered a huge mining farm in Vinnytsa after they noticed a large-scale electricity leak. It turned out that the attackers mined cryptocurrency right in one of the former warehouses of Vinnitsaoblenergo JSC, having illegally connected to the network.

Law enforcers say that this is an illegal mining farm they discovered on the territory of the country: as a result, almost 5,000 pieces of equipment were seized. So, during searches at farm and at the address of residence of its organizers, 3,800 game consoles were seized (as you can see in the photo, this is a PlayStation 4), more than 500 video cards, 50 processors, as well as documentation on electricity consumption accounting, phones, flash drives and so on.

Ukrainian mining farm

According to preliminary data, the sum of losses from the operation of such a farm could be from 5 to 7 million UAH ($183-256 thousand) per month. At the same time, the “leakage” of such an amount of electricity could lead to poor consequences, for example, some quarters of Vinnitsa could remain without electricity.

Representatives of Vinnitsaoblenergo JSC have already stated that the company had nothing to do with an illegal farm, and “equipment designed for cryptocurrency mining has never worked in the premises belonging to the company”.

Interestingly, the local media writes that law enforcement officers most likely found not a mining farm, but a farm of game bots (hence the abundance of PlayStation 4 Slim, which are not very good for mining), which, for example, could grind the in-game currency and upgrade accounts for the football simulator FIFA.

Users of Western resources noted that the photo shows PS4 Slim, which are extremely ineffective for mining cryptocurrency due to their low capacity. They say that for such an operation it would be more expedient to use the PS4 Pro. In addition, there were disks sticking out of the consoles, well, it didn’t fit in with the cryptocurrency version.Ukrainian media write.

The SBU representatives confirmed that the attackers bred bots to sell accounts in FIFA 21. The bots actually earned in-game currency during the time spent in the game, then to spend it on cards with football players in Ultimate Team mode, and then they sold accounts with decent sets of rare cards at various trading platforms. And such a product is in great demand, because the legal receipt of the strongest cards requires tenfold, even hundredfold higher sums compared to a quick purchase of an already pumped account.

It is still unknown whether the owners of the bot farm managed to recoup their investments – more than 30,000,000 hryvnia (more than $1 million) were spent on the consoles only, not forgetting about half a thousand video cards.

Criminal proceedings under Part 2 of Art. 188-1 (theft of water, electrical or thermal energy through its unauthorized use) has already been opened. Attackers face up to three years in prison.

Let me remind you that I also talked about the fact that the Ukrainian cyber police in cooperation with Binance detained operators of 20 cryptocurrency exchangers.

The post Ukrainian law enforcement discovered a mining farm consisting of thousands of PlayStation 4 consoles appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/ukrainian-mining-farm/feed/ 0 5706
PlayStation Now bug allowed execution of arbitrary code on Windows https://gridinsoft.com/blogs/playstation-now-bug-allowed-execution-of-arbitrary-code-on-windows/ https://gridinsoft.com/blogs/playstation-now-bug-allowed-execution-of-arbitrary-code-on-windows/#respond Tue, 08 Dec 2020 22:47:39 +0000 https://blog.gridinsoft.com/?p=4830 A critical bug that has been fixed in the PlayStation Now app for Windows could be used by malicious sites to execute arbitrary code. Let me remind you that this service is already used by over 2,000,000 people. The vulnerability was discovered this summer by cybersecurity expert Parsia Hakimian and reported through the recently launched… Continue reading PlayStation Now bug allowed execution of arbitrary code on Windows

The post PlayStation Now bug allowed execution of arbitrary code on Windows appeared first on Gridinsoft Blog.

]]>
A critical bug that has been fixed in the PlayStation Now app for Windows could be used by malicious sites to execute arbitrary code. Let me remind you that this service is already used by over 2,000,000 people.

The vulnerability was discovered this summer by cybersecurity expert Parsia Hakimian and reported through the recently launched official PlayStation bug bounty program on HackerOne. The issue affected PS Now version 11.0.2 and earlier on computers running Windows 7 SP1 or later.

The researcher found that due to problems connecting to the application via a web socket, sites opened in any browser could send requests to the application and load malicious URLs, which could then trigger arbitrary code execution on the system.

The PlayStation Now application version 11.0.2 is vulnerable to remote code execution (RCE). Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable websocket connection.posted Parsia Hakimian on HackerOne.

Essentially, the app set up a local web socket server that did not check the source of incoming requests, which allowed sites to send PlayStation Now requests. To successfully exploit this error, attackers must convince the PS Now user, whose device they want to hack, to open a specially crafted malicious site. For example, by sending a link to such a resource in a phishing email, leaving it on the forum, on the Discord channel, and so on.

In addition, the Electron AGL app launched by PlayStation Now may have been instructed to load specific sites using commands sent to the server’s web socket. AGL could also be used to run local applications. Moreover, the AGL Electron application allowed JavaScript to trigger new processes on loaded web pages, essentially making the code run as well.

Currently, the critical bug has already been fixed, and Hakimian received a reward of $15,000 for his discovery, despite the fact that the vulnerability did not fall under the conditions of the bug bounty: it affected a Windows application, and involved not one of target systems, included in the program (PlayStation 4 and PlayStation 5 systems, operating systems, accessories, or PlayStation Network.).

My $15K PlayStation bug has finally been disclosed. My one and only tip is to read every single @taviso bug. This is essentially two of his public bugs chained together.posted by Parsia Hakimian on Twitter.

Let me remind you that the researcher accidentally found a 0-day bug in Windows 7 and Windows Server 2008.

The post PlayStation Now bug allowed execution of arbitrary code on Windows appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/playstation-now-bug-allowed-execution-of-arbitrary-code-on-windows/feed/ 0 4830