Sony has always put great interest in the security of its line of consoles, constantly correcting even the minimum exploit and preventing users from modifying the software of their PlayStation. Although the company does this as a means of preventing piracy and cheating in competitive video games, these security mechanisms also prevent the use of custom software, a practice considered legitimate by enthusiasts and developers.

Andy Nguyen, a renowned security engineer, recently introduced an exploit that would allow arbitrary code to be executed on PlayStation 4 and PlayStation 5 consoles for the specific purpose of executing custom code on these systems. It is also possible for the exploit to work on PlayStation 3 consoles, although the method has not been effectively tested in this version.

For some home software enthusiasts, this is a hack similar to the popular FreeDVDBoot, detected on PlayStation 2. This technique allowed games recorded on burned discs to be run without the need to make physical modifications to the console. Methods like this have become more important since issues such as video game conservation started to become relevant.

Despite attempts to preserve old video games as a cultural expression, Sony (and companies in general) continues to try to scuttle any attempt to modify its software, always arguing that the use of homebrew software simply benefits the creators of pirated video games.

Many people believe that the industry’s stance has simply led independent developers to undertake better and more organized efforts to find ways to use homebrew software. A well-known example is that of the PlayStation 4 console, considered highly difficult to modify until a bug in firmware version 9.0 opened the door to multiple modification methods.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post <strong>Critical vulnerability in the way Sony PS3, PS4, and PS5 consoles read Blu-Ray discs allows rooting and modifying the firmware</strong> appeared first on Information Security Newspaper | Hacking News.

Below are brief descriptions of the reported flaws, in addition to their scores assigned under the Common Vulnerability Scoring System (CVSS). These flaws do not yet receive a CVE identification key.

No CVE key: A bug in link tracking within the Epic Games installer would allow a local user to create a symbolic link to abuse the installer, overwrite a file, and perform a denial of service (DoS) attack on the affected system.

The vulnerability received a CVSS score of 5.1/10 and is considered a low-severity bug.

No CVE key: A link tracking issue within the Epic Games installer would allow local users to create a symbolic link to abuse the installer, delete a file, and deploy DoS attacks.

The flaw received a CVSS score of 5.1/10.

According to the report, the vulnerabilities reside in all versions of Epic Games Launcher for Windows and macOS systems.

These problems can only be exploited locally, which considerably reduces the risk of exploitation. So far no active exploitation attempts have been detected, although cybersecurity specialists recommend disabling Epic Games Launcher since there are no patches available to correct these flaws.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Two vulnerabilities in Epic Games Launcher allow DoS attacks appeared first on Information Security Newspaper | Hacking News.

The tools to aim automatically are highly sought after by players of the shooter genre, as they allow users to increase the effectiveness of their shots in the video game and level up more quickly. In most cases, these bots work as plugins installed in the game, so their use is relatively easy.

According to the report, the videos used by the hackers include links in the description, which redirect users to a website for downloading a RAR file with an executable identified as “cheatinstaller.exe.” Actually, this file hides a sample of RedLine, a dangerous malware for stealing passwords and other sensitive details.

Once installed on the target system, the malware will begin searching for information of interest to hackers, including:

• Overview: Device name, username, IP addresses, Windows version, system information and list of active processes
• Websites: Passwords, payment card numbers, autocomplete data, bookmarks and cookies from Chrome and Firefox-based browsers
• Cryptocurrency credentials: Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash and Jaxx
• Other data: Use of VPN, profiles and tokens from Steam, Discord and other platforms

At the completion of the information collection process, RedLine packages these records into a ZIP file identified as “().zip”, extracting the files via a WebHook API POST request to a Discord server.

These are real and constant security threats, as bots, whether authentic or just a tactic to hide malware, are always developed by unreliable entities and lack digital forms, which is highly useful for groups of threat actors.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hackers trick Valorant users into installing RedLine malware on thousands of Windows systems appeared first on Information Security Newspaper | Hacking News.

About Minecraft, specialists mention that this has become the best-selling video game in history and currently accumulates more than 140 million active users. This is a virtual world video game in which players can use blocks extracted from the earth to build all sorts of things, including an exact copy of the Russian intelligence agency, heir to the well-known KGB.

The three defendants were arrested in mid-2020, when at just 14 years of age they began hanging political pamphlets in the actual FSB building. These pamphlets accused the agency of terrorism, in addition to apologizing for the work of an anarchist mathematician accused of vandalism for breaking a window and throwing a smoke bomb at the intelligence agency’s facilities.

When authorities identified the young perpetrators, they found some videos about the preparation of homemade bombs stored on their smartphones, in addition to evidence demonstrating the teens’ plan for their “virtual attack,” which had been committed in the days following the investigation. All three were arrested for violations of Russia’s penal code, which provides for up to 20 years in prison for planning terrorist activities.

Two of the young defendants have already pleaded guilty, while the third of them said he was innocent throughout the trial: “I never thought that sticking leaflets on the FSB would have such severe consequences; I am not a terrorist and I am not guilty,” he said. Still, all three were found guilty and sentenced to five years in a prison in Siberia. The defendants remain under house arrest while all the formalities of their transfer are completed, although the decision is likely to be appealed by some legal means.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Three young Russians are sent to prison for planning a terrorist act… in Minecraft appeared first on Information Security Newspaper | Hacking News.

At the beginning of the investigation, Bowser faced 11 serious charges, although he has only pleaded guilty to conspiracy to evade security mechanisms in technological devices and traffic in evasion devices. Team Xecutor developed pirated software and emulators for Switch, Nintendo 3DS, Xbox, PlayStation and NES Classic.

The defendant admitted to working with this group between 2013 and 2020, during which time he managed illegal websites and sold software to hack consoles and devices. In the lawsuit against Team Xecutor, Nintendo claims to have lost more than $65 million USD due to this group.

Nintendo thanked the law enforcement agencies involved in the investigation, which include the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (NHS).

The video game company has always tried to take strict action against the illegal use of its products. Previously, Nintendo won a lawsuit against the RomUniverse platform, forcing the website’s administrators to pay $2.1 million USD compensation, plus they had to destroy all the illegal ROMs developed.

More recently, Nintendo began sending out copyright warnings against the GilvaSunner YouTube channel for its Nintendo soundtrack videos, which will likely lead to the channel’s definitive shutdown. 

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hacker sentenced to 3 years in prison for developing pirated software for Nintendo Switch appeared first on Information Security Newspaper | Hacking News.

In a message shared with some members of the cybersecurity community, the company confirmed the incident, ruling out that it is a ransomware infection: “The attackers accessed a limited amount of related code and tools; we rule out this impacting the user experience.”

Moreover, an investigator contacted an alleged threat actor, who is now selling EA data, including what he claims is the complete source code of the latest edition of FIFA, plus points used as currency in the game. It is important to mention that these points can sometimes be used as a method of money laundering.

The attackers claim to have access to all of EA’s services, and say that a customer willing to pay $28 million USD for the stolen data will also get full exploitability on all EA services.

Threat actors claim to have the source code and debugging tools for the following video games:

• FrostBite
• FIFA 21 and FIFA 22
• Xbox and SONY private SDK and API key
• XB PS and EA pPFX

The hackers shared some screenshots showing directory listings and source code to prove the legitimacy of this leak.

Despite the seriousness of the incident, the company assures that users will not be affected in any way: “Player data was not accessed and we have no reason to believe that there is any risk to player privacy. After the incident we implemented security enhancements and did not expect subsequent attacks. We are actively working with law enforcement agencies and external cybersecurity specialists to ensure this does not happen again.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hackers compromise EA networks; video game source code and sensitive data for sale on dark web appeared first on Information Security Newspaper | Hacking News.

This operation, deployed by Kunshan Police also seized about $46 million USD in assets including cash, luxury cars, computers and jewelry.

This information was disclosed via Twitter by an account identified as Anti Cheat PD, linked to a platform managed by the gamer community to publicly identify and point out cheaters and software variants they use to affect other gamers. According to Anti Cheat PD, this operation was made possible by the collaboration of Kunshan police and Tencent, a controversial technology company based in China.

Reports indicate that the operation would have required about 12 months of investigation, resulting in multiple arrests and seizures that decimated the finances of this hacking group. It should be noted that this platform operated as a subscription service in which cheating players paid almost $40 a month to access all kinds of video game manipulation software, the use of which represents an unfair advantage over other players.

About the video games in which these hacks worked, it is mentioned that they were aimed at “battle royal” enthusiasts, including Call of Duty: Mobile, Valorant and Overwatch.

To the authorities’ surprise, this proved to be a highly profitable practice for hackers, as they are estimated to be able to earn up to $10,000 USD a day, which equates to an operation that accounted for illegal profits of more than $750 million USD.

For its part, the Chinese government claims that this is one of the most important anti-hacking operations in the world taking into account the amount of confiscated goods, the type of technology involved and the number of users who will notice an impact on the world of video games. Finally, the authorities say that they will continue to work with Tencent to form an anti-hacking group of video games, as the level of illicit profits generated by this practice makes it necessary for the authorities to intervene. 

What do you think of videogame hacking? Do you really think this is a cost-effective cybercriminal practice? To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Biggest gaming cheats hacking group with $760 million turnover taken down by police appeared first on Information Security Newspaper | Hacking News.

Connor Ford, moderator of the game in terms of security, mentioned that “irrefutable evidence that two high-ranking players were attacking Apex Legends servers” was detected; adding that up to 5 out of 6 players could have been affected by this campaign. Additional details were posted on r/apexlegends Reddit forum over the weekend.

In a video posted by Ford (which was removed), cheaters can be seen losing a game followed by loss of connection for all players; once the connection was re-established, the cheaters appeared as winners and honest players were classified as losers of the game. At the moment the identity of the expelled players is ignored, although it is a fact that fans of this video game will not find it difficult to intuit who the cheaters are.

Although there have always been ways to cheat in video games, this unfair practice is becoming increasingly important, mainly because of the rise of eSports: “This is a market worth approximately $2 billion. There are many interests involved and many players will not hesitate to play all their cards, including cheating,” says specialist Dirk Schrader.

The gamer community frequently requests the inclusion of new security mechanisms to prevent these malicious practices, although their implementation is not always sufficient to prevent an attack due to the advancement of hacking techniques.

Another emerging security risk related to video games is attacks on mobile game users, who have become a frequent target of account theft attacks: “These attacks consist of sending phishing links with which threat actors try to trick mobile gaming fans,” Schrader adds.

Finally, the expert concludes by mentioning that attackers could also create alternative versions of popular video games distributed through unofficial platforms, as security systems in the App Store or Play Store would not allow their publication. Schrader mentions that these APKs are usually “trojanized”, which means that while they work in the same way as the legitimate app, they contain malware hidden in their code.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Two famous gamers used DDOS attacks on Xbox servers to cheat appeared first on Information Security Newspaper | Hacking News.

This exploit, dubbed as “TonyHax”, was first detected in a buffer overflow present in “Create Skater” mode in the “Tony Hawk” video game series. However, the developer of this hack encountered a serious problem when first tested it: “When the game sees a character saved on the memory card, the name field will be automatically loaded to display it on the screen. When the process is complete, the name problem appears, as the length of the title is not verified.” For Marcos Del Sol, developer of the hack, this problem in loading the name can be used to load an executable into console memory.

The payload contained in the new exploit could be anything, including a homebrew video game. Moreover, the developer mentions that he decided to focus on games recorded on CD-R because he developed a simple but effective tool to unlock the optical drive of the console.

To replicate this hack, the first thing to do is to download the “tonyhax” tool and then change the authentic Tony Hawk video game disc to any copied game. The developer even mentions that it is possible to access games distributed across multiple CDs.

This weekend, the developer posted an update on his blog to help gamers interested in using his new exploit, plus a complete list of all video games compatible with the hack, including:

• “Brunswick Circuit Pro Bowling”
• “Brunswick Circuit Pro Bowling 2”
• “Tony Hawk’s Pro Skater 2”
• “Tony Hawk’s Pro Skater 3”
• “Tony Hawk’s Pro Skater 4”

What are your thoughts about the development of homebrew video games? Are you familiar with this technology? Are you willing to learn more about it? To learn more about information security risks, malware variants, vulnerabilities and information technology issues, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New hack allows users to run copied video games in older PlayStation 1 models appeared first on Information Security Newspaper | Hacking News.

Experts have shown that selling these accounts in illegal forums has become one of the most important cybercriminal trends in recent months.

Research includes nearly one million committed accounts related to employee and customer resources; more than half of these were listed over the past year. Affected accounts are linked to VPN resources, Jira deployments, SSO, and developer-employed environments for the top 25 video game companies.

This malicious practice could expose users to risky scenarios such as data theft, phishing, ransomware, espionage, among others. In his report, Kela mentions that at least four ransomware attacks related to this campaign have been detected in the most recent months: “The credentials and other resources exposed are still on sale, so video game companies should consider this scenario of active risk.”

Experts also detected an infected computer with credential records for many of the accounts that threat actors could access. This behavior suggests that the infected computer is employed by an employee of the affected company; the malware that infected this computer is available for sale for less than $10 USD.

Research suggests that more than half a million employee credentials were compromised due to security incidents on third-party platforms and could even be accessed for free.

Researchers contacted the companies analyzed to urge them to review their current security mechanisms and, where appropriate, update these practices to prevent further leaks in the future. Limiting access to high-privileged accounts and establishing multi-factor authentication mechanisms are a good starting point for improving these security practices.

The post Over 500k videogame users credentials for sale on dark web appeared first on Information Security Newspaper | Hacking News.

It has recently been reported to detect multiple scams that, while not generating million-dollar losses, are constantly presented to users. An example of this is the popular video game Fall Guys, whose developers had to warn about a fake mobile version that was only intended to deceive interested users.

In its security alert, the company mentions that attackers are using a phishing campaign in which they pretended to be Crystal Dynamics’ personnel, offering people jobs that don’t actually exist. Scammers ask people interested in this fraudulent offer to install apps like Telegram to arrange a job interview.

In fact, what criminals are looking for is for users to share their confidential information, including full names, email addresses, phone numbers and even financial information and social security numbers.

Through a tweet, the company shared a link to a Federal Trade Commission (FTC) website where users can find all the information needed to prevent these scams. It should be remembered that criminals often usurp the image of popular companies like Netflix or Amazon to deceive users. With the right information, scammers can access things like people’s bank accounts. To avoid these risks, people need to know who they are giving their information to and protect their accounts through multi-factor authentication methods.

The post New Phishing Scam offers a job at Marvel’s Avengers. Don’t try to be a superhero by opening this email appeared first on Information Security Newspaper | Hacking News.

This report has been circulating for almost a day in Reddit, so it has not been officially confirmed, although the source ensures that confirmation will be given soon. 

Ghostrunner is a first-person “slasher” game in which players can apply their parkour skills acquired from franchises such as Assassin’s Creed and Mirror’s Edge. In addition, Ghostrunner has traits that will give him his own personality, such as his anticipated and novel brutal and ultra-fast combat system, as well as a cyberpunk environment.

Reports indicate that the leak includes 17 levels and 17 swords and other in-game items, highlighting four skills that open up along the way. The source also reports on a YouTube video where the first two levels (no spoilers) are recorded and some skills are demonstrated. In this case, the link leads to the blocked video due to copyright infringement. The only clue is a screenshot of a post on that forum.

An official pronouncement of the developers is expected in the coming days.

The post Hackers leak Ghostrunner game online a few weeks before official release appeared first on Information Security Newspaper | Hacking News.