Tag: CSGO | SpinSafe

Hackers have found a new exploit in Counter-Strike: Global Offensive that could allow a hacker to take control of your computer if you click on a Steam invite to play the popular first-person shooter.

The bug was discovered by The Secret Club, a white hat hacking group, which found that the hackers can exploit the bug by using Steam’s invite system. Should a victim click on the link, a hacker could acquire private information from anyone who accepts it.

The exploit was discovered in the Source game engine, which Valve developed and is used in several game Valve titles, including Counter-Strike: Global Offensive. While some games that use the engine no longer have the bug, the exploit is still present in Counter-Strike: Global Offensive as seen in the video below.

According to The Secret Club, one of its members and security researcher named Florian flagged the bug to Valve in 2019. Florian told Motherboard that he reached out to Valve about the bug via HackerOne, a bug bounty platform that the studio uses. Despite Valve classifying the bug as “critical,” Florian told Motherboard that the studio admitted it was “slow to respond” in threads regarding the bug.

The revelation about this bug is concerning for Counter-Strike: Global Offensive players. Although the game is almost 10 years old, it is still very popular on Steam. More recently, the game switched to a free-to-play model in 2018 and is one of the world’s biggest esports leagues.

Source…

A new vulnerability related to CS:GO has come to light, as The Secret Club, a not-for-profit reverse-engineering group, tweeted about a security flaw in CS:GO, which hackers can use to run programs on a user’s system.

This potentially means hackers can steal skins and passwords and inject malware into a CS:GO player’s system using the flaw, which is technically called a remote code execution flaw.

Two years ago, The Secret Club members discovered this vulnerability in Valve’s game and let Valve know about it through a bug-bounty platform called HackerOne.

Valve is a customer of HackerOne, which provides cybersecurity solutions to many more big companies, like Uber, Goldman Sachs, and Nintendo, to name a few.

in simple terms, it is no longer safe to play @CSGO at all if you care about your PC or personal Data because then forget it @valvesoftware sense of security is none existent just like their anti-cheat, it is time to invest into securing your services and getting an anti-cheat https://t.co/qDUTKMWGCn

— Anti-Cheat Police Department 🕵️ (@AntiCheatPD) April 10, 2021

Hackers can exploit CS:GO’s critical security flaw to breach user’s systems

From what is implied from different reputed sources, the ethical hackers are under a non-disclosure agreement with the HackerOne platform, which deters them from disclosing the vulnerability to the public.

As can be made out of the videos in the tweets of the Secret Club, hackers can use Steam invites to access a user’s system utilizing a remote code execution flaw that affects all source engine games, which includes CS:GO, Titanfall 1, Titanfall 2, Apex Legends, etc.

This is one of the first vulnerabilities that the Secret Club reported, and this was two years ago. To be precise, it was Florian from the Secret Club, and needless to say, this is still to be fixed from the side of Valve.

Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it. pic.twitter.com/0FWRvEVuUX

— secret club (@the_secret_club) April 10, 2021

In a second tweet on…

Source…

Tag Archive for: CSGO

CS:GO has a years-old bug that can let a hacker take over your computer

CS:GO hackers can inject malware to steal passwords; Valve yet to fix the vulnerability

Hackers can exploit CS:GO’s critical security flaw to breach user’s systems