Gaming | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the  FiveSys rootkit , which came to light in October 2021. "This malicious actor originates from China and their main victims are the gaming sector in China," Trend Micro's Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy  said . "Their malware seems to have passed through the Windows Hardware Quality Labs (WHQL) process for getting a valid signature." Multiple variants of the rootkit spanning eight different clusters have been discovered, with 75 such drivers signed using Microsoft's WHQL program in 2022 and 2023. Trend Micro's analysis of some of the samples has revealed the presence of debug messages in the source code, indicating that the operation is still in the development and te

A new botnet called  Dark Frost  has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West  said  in a new technical analysis shared with The Hacker News. Targets include gaming companies, game server hosting providers, online streamers, and even other gaming community members with whom the threat actor has interacted directly. As of February 2023, the botnet comprises 414 machines running various instruction set architectures such as ARMv4, x86, MIPSEL, MIPS, and ARM7.  Botnets are usually made up of a vast network of compromised devices around the world. The operators tend to use the enslaved hosts to mine cryptocurrency, steal sensitive data, or harness the collective internet bandwidth from these bots to knock down other websites and internet

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. "Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident," the company  said  in a statement. The news of the hack comes amid a string of high-profile attacks targeting  NVIDIA ,  Samsung ,  Mercado Libre , and  Vodafone  in recent weeks. While the extortionist gang LAPSUS$ claimed responsibility for these attacks, it's not immediately clear if the group is behind the Ubisoft breach as well. Technology news site The Verge, which first  reported  the development, said th

Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims. The attack involves deceiving gaming website visitors into downloading a malware loader camouflaged as a legitimate installer for popular-but-deprecated apps such as Adobe Flash Player or Microsoft Silverlight, only for the loader to act as a conduit for fetching next-stage payloads. Specifically, the websites' online support chat pages are booby-trapped with malicious JavaScript code, which is used to deliver the malware to the victims. "BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command execution,&quo

The New Year begins with a new form of amplified Distributed Denial of Service (DDoS) Attack, a weapon for attackers to bring down websites and servers. As we have reported two weeks ago that the attackers are abusing the Network Time Protocol (NTP) servers to perform an amplified version of DDoS Attack on various targets across the world. Earlier this week a number of popular Gaming services, including League of Legends, EA.com and Battle.net from Blizzard were taken down by similar DDoS attack . 'Network Time Protocol (NTP)' is a distributed network clock time synchronization protocol that is used to synchronize computer clock times in a network of computers and runs over port 123 UDP. " The attacker sends a small spoofed 8-byte UDP packets are sent to the vulnerable NTP Server that requests a large amount of data (megabytes worth of traffic) be sent to the DDoS's target IP Address.  "Security Researcher, Wang Wai  detailed  in a previous article on 'The

It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, " Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a security breach that may have resulted in some users' login data being compromised ,". Strangely, Crysis.com has not been taken down and is still running as normal. " We recently became aware of suspicious activity relating to some of Crytek's websites and acted quickly to take those websites offline for security reasons. We thank you for your patience, and expect to have these sites fully operational soon ." " Although it is uncertain whether the incident led to the copying and decryption of email addresses and passwords ", it continued, " it is possible that users with accounts on these websites have had personal data copi

Japanese video game maker Nintendo recently revealed that one of its main fan sites Club Nintendo got hacked and Out of 15.5 million login attempts in brute-force process, almost 24,000 user accounts have been hijacked early last month. Nintendo said it first became aware of the illicit logins on Tuesday evening after a large number of access errors on the site. However the security team believe that the hackers obtained the logins and passwords from an outside resource. The fan site, Club Nintendo, allows 3DS and Wii owners, as well as other fans of Nintendo games and hardware to answer survey questions and register their products. Members can do all this in exchange for "coins" or points. These can later be traded for other goods or services on the site. The site is open to users from all over the world, about four million of which are located in Japan. These accounts contain secure data of users' real names, addresses, phone numbers and email information. " The