Tag Archive for: game

This popular game gives hackers access to your entire PC

/in


Hackers have been abusing the anti-cheat system in a massively popular game, and you don’t even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game’s anti-cheat measures in order to disable antivirus programs on the target machine. From there, they’re free to conduct ransomware attacks and take control of the device.

An overview of the Genshin Impact hack.
Trend Micro

Trend Micro prepared a lengthy report about this new hack, describing the way it works in great detail. The attack can be carried out using a Genshin Impact driver called “mhypro2.sys.” As mentioned above, the game doesn’t need to be installed on the targeted device. The module can operate independently and doesn’t need the game in order to run.

Researchers have found proof of threat actors using this vulnerability to conduct ransomware attacks since July 2022. While it’s unclear how the hackers are initially able to gain access to their target, once they’re in, they’re able to use the Genshin Impact driver in order to access the computer’s kernel. A kernel generally has full control over everything that happens in your system, so for threat actors to be able to access it is disastrous.

The hackers used “secretsdump,” which helped them snatch admin credentials, and “wmiexec,” which executed their commands remotely through Windows’ own Management Instrumentation tool. These are free and open-source tools from Impacket that anyone could get their hands on if they wanted to.

With that out of the way, the threat actors were able to connect to the domain controller and implant malicious files onto the machine. One of these files was an executable called “kill_svc.exe” and it was used to install the Genshin Impact driver. After dropping “avg.msi” onto the desktop of the affected computer, four files were transferred and executed. In the end, the attacker was able to completely kill the computer’s antivirus software and transfer the ransomware payload.

After some hiccups, the adversaries were able to fully load the driver and the ransomware onto a network share with the goal of mass deployment,…

Source…

Learn how to beat hackers at their own game with this $29 data and IT security training

/in


Hackers are constantly improving their methods. So, if you work in cyber security, you have to keep your skills on the cutting edge, which you can easily do with the Dynamic 2022 Data and IT Security Training Bundle, offered on sale this week for $29.

This collection offers six courses that introduce students to the skills to defend against hackers. They’ll learn today’s best practices, discover how to protect a computer network, and find out what to do when an incursion occurs. And, perhaps best of all, every course is classified as beginner-friendly, which means they’re suitable for everyone interested in cyber security.

These courses are delivered via the web, so they can easily fit around a busy schedule. And they’re facilitated by instructors from Skill Success — a leader in web-based learning featured by CNNCNET, and more — so this is a fantastic opportunity to learn from some of the best instructors in the field.

Cyber security professionals can make a killing, and when you consider that the Dynamic 2022 Data and IT Security Training Bundle costs just $5 per course, the value potential is sky-high. 

The Dynamic 2022 Data & IT Security Training Bundle – $29

See Deal

Prices subject to change.

Source…

Loop Hero Developers: Russian Players, You Can Pirate Our Game

/in


Loop Hero developers have recently encouraged their players to “raise the pirate flag.”

Four Quarters, the indie Russian game developer responsible for the surprise hit Loop Hero, is encouraging players to pirate the game if they are unable to purchase it legally. This was the result of the broad range of sanctions imposed on Russia since its specialized military operations in Ukraine in late February.

How to Download Loop Hero

Loop Hero players in Russia and fans all over the world have been wondering how to download Loop Hero due to the imposed sanctions of the U.S. on Russia. They are currently unable to purchase Loop Hero through Steam or the Nintendo Switch’s eShop.

Loop Hero‘s Russian developers encouraged their players that if they are unable to purchase the mystical role-playing game, they can simply pirate it.

As reported by Engadget, Four Quarters wrote, “It is not known when all this will end, therefore, in such difficult times, we can only help everyone to raise the pirate flag (together with vpn) and share the most popular distribution on the rutracker”.

Four Quarters encouraged its players to “raise the pirate flag” and even included a downloadable link of the game via BitTorrent and the Russian torrent site RuTracker. 

Steam and Nintendo have temporarily stopped accepting payments from Russian customers, effectively excluding the entire country from their respective inventories and marketplaces.

According to Kotaku, it was later revealed that the Loop Hero developers are not able to cash in any payments from their players’ purchases. The financial halt comes from Visa and Mastercard pulling out of Russia in participation in the U.S. sanctions against Russia.

Loop Hero‘s loyal fan base initiated another means to support the Russian developers directly. However, Four Quarters stated, “We are very grateful for your support, but the truth is that everything is fine with us, send this support to your family and friends at this difficult time.”

Read Also: Google Chrome Security Update: CVE-2022-1096 a High-Severity Zero-Day Exploit

Loop Hero Update

The Loop Hero update has been slowed, but not completely halted by the ongoing onslaught between…

Source…

The Solarium Commission’s most ambitious proposal lacks a game plan

/in


With help from Eric Geller

The Cyberspace Solarium Commission has been trying to update a Cold War-era law to prepare for the mother-of-all cyber emergencies. But industry says there aren’t many details about what this would look like.

As the Biden administration ramps up its crackdown on cybercriminal use of cryptocurrencies, the industry has a familiar refrain: We’re not the only problem.

Missouri Gov. Mike Parson’s recent threat against a journalist for discovering a data security vulnerability is part of a decades-long trend of prosecuting security researchers for such discoveries.

HAPPY MONDAY, and welcome back to Weekly Cybersecurity! I’m your host, Sam Sabin, and it seems I’m the one person on the planet who watched the premiere of Succession and didn’t tweet about it? Don’t worry, my inbox is still open for all hot, and even lukewarm, takes.

Have tips, secrets or cat photos to share with MC? Send what you’ve got to [email protected]. Stay up to date by following @POLITICOPro and @MorningCybersec. (Full team contact info below.) Let’s get to it:

WHAT’S THE HOLD UP — Despite Congress’ heightened focus on cybersecurity in the annual defense budget and infrastructure packages, the Cyberspace Solarium Commission’s most ambitious policy ideas are still struggling to gain political momentum in Congress.

The most distinctive example: a proposal to include cybersecurity firms under the 1950 Defense Protection Act, which would allow the government to tap private cyber firms for help in emergencies such as a debilitating attack on a critical infrastructure firm or, most likely, a pandemic-sized cyberattack on the supply chain. As Eric reports for Pros this morning, cybersecurity firms and their customers have been…

Source…