Gaming news, articles & updates| SC Media

Gaming

Skip-2.0 backdoor malware provides ‘magic password’ to access MSSQL accounts

Researchers today revealed their discovery of what they believe to be the first publicly documented case of a backdoor targeting Microsoft SQL Server (MSSQL) databases – attributing the malware to the threat actor Winnti Group. Dubbed “skip-2.0,” the malware is installed in memory and provides attackers with a “magic password” that allows them to connect…

New 'Rombertik' malware destroys master boot record if analysis function detected

Major software vendor compromised with previously undocumented PortReuse backdoor

A thorough investigation into reputed Chinese APT actor Winnti Group turned up a previously undocumented backdoor that was used to compromise a popular Asian mobile hardware and software vendor — perhaps as a prelude to launching a major supply chain attack against its users. Dubbed PortReuse, the modular malware is a passive network implant that…

Attackers leveraging WS-Discovery protocol to amplify attacks

A recently discovered distributed denial of service technique that abuses the Web Services Dynamic Discovery specification is being executed in the wild by multiple threat actors to amplify the effects of their attacks, researchers have warned. The technique is a User Datagram Protocol (UDP) Amplification technique that involves spoofing requests to the WS-Discovery service. WS-Discovery…

Pair of vulnerabilities could have enabled takeover of EA gamer accounts

Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Gaming industry has become popular target of credential stuffing attacks: study

A company’s recent analysis of credential abuse activity over a 17-month period uncovered roughly 55 billion credential stuffing attack attempts against various online services, roughly 12 billion of which targeted the gaming industry. Researchers at Akamai Technologies revealed the data in their latest State of the Internet/Security report, which specifically focuses on web attacks and…

Fixed Fortnite flaws could have enabled account takeovers

A series of vulnerabilities in the hugely popular online survival game Fortnite could have allowed malicious actors to take over players’ accounts, prompting developer Epic Games to fix the issues before a major incident transpired, according to researchers who discovered the program. Had the flaws been exploited, attackers could have victimized gamers by viewing their…