Gaming news, articles & updates| SC Media

Gaming

vulnerability

Modular backdoor sneaked into video game developers’ servers

A suspected Chinese APT group used a newly discovered modular backdoor to infect at least one video game developer’s build orchestration server and at least one other company’s game servers, researchers have reported. Although these attacks appear to have taken place prior to March, such incidents are now more important than ever to detect and…

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Roblox hacker enabled by insider threats; expert offers tips to curb rogue employees

A hacker reportedly used both bribery and social engineering to gain unauthorized access to a customer support system operated by the popular video game Roblox — illustrating why companies must be on the lookout for employees who fit the mold of an insider threat. The unnamed hacker told Motherboard that they paid one insider to…

Nintendo confirms 160,000 user accounts hacked

Nintendo has confirmed 160,000 user accounts have been accessed exposing a limited amount of PII and possibly access to Nintendo store accounts. The gaming company reported that starting in early April accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming, Nintendo online store accounts and grants access to…

NintendoSwitch

Hacker pleads guilty to stealing Nintendo secrets

A California hacker pleaded guilty last Friday in federal court to one count of computer fraud and abuse, for stealing and leaking sensitive information related to the Nintendo Switch gaming console and various Nintendo game titles. Ryan Hernandez, 21, of Palmdale, Calif., also pleaded guilty to one charge of possess of children pornography. A Department…

Phishing scam uses fake giveaways to lure in Steam gaming service users

Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials. Researcher “nullcookies” first reported the fraudulent giveaway promotion in a Twitter post late last month. BleepingComputer followed up on the post and…

Stolen GateHub and EpicBot credentials spotted on hacking forum

Millions of credentials stolen from the GateHub cryptocurrency wallet service and gaming bot provider EpicBot were reportedly posted on popular hacking forum site RaidForums last month, along with other personal information. Roughly 2.2 million accounts were affected – 1,408,078 of which belong GateHub users, while 816,662 were created by EpicBot users, according to security researcher…

Skip-2.0 backdoor malware provides ‘magic password’ to access MSSQL accounts

Researchers today revealed their discovery of what they believe to be the first publicly documented case of a backdoor targeting Microsoft SQL Server (MSSQL) databases – attributing the malware to the threat actor Winnti Group. Dubbed “skip-2.0,” the malware is installed in memory and provides attackers with a “magic password” that allows them to connect…

Major software vendor compromised with previously undocumented PortReuse backdoor

A thorough investigation into reputed Chinese APT actor Winnti Group turned up a previously undocumented backdoor that was used to compromise a popular Asian mobile hardware and software vendor — perhaps as a prelude to launching a major supply chain attack against its users. Dubbed PortReuse, the modular malware is a passive network implant that…

Attackers leveraging WS-Discovery protocol to amplify attacks

A recently discovered distributed denial of service technique that abuses the Web Services Dynamic Discovery specification is being executed in the wild by multiple threat actors to amplify the effects of their attacks, researchers have warned. The technique is a User Datagram Protocol (UDP) Amplification technique that involves spoofing requests to the WS-Discovery service. WS-Discovery…

Next post in Ransomware