Hacking, Security & Privacy News - Page 1

Epic Games, the company who has spent millions of dollars fighting Apple in court, today announced it has laid off hundreds of employees.

2023 is a year of exceptional volatility in the games industry, and not even the world's biggest companies are safe. Today Epic Games announced it would lay off around 870 workers in an effort to reduce costs. Epic's decision follow thousands of tech sector layoffs made throughout 2023, including gaming jobs that were pared back at Xbox, Electronic Arts, Activision, and the Embracer Group.

Epic Games CEO Tim Sweeney says the company is simply "far short of financial sustainability," and confirms that Epic is spending more than it makes. Epic will divest--or sell off--recently-acquired subsidiary Bandcamp and spin off most of its SuperAwesome media division.

According to a new report at Cyber Security Connect, a ransomware group called Ransomed.vc claims that it has compromised all of Sony's system and is putting up all of the company's data for sale.

It's a bold claim and could be one of the biggest security breaches in a long time, especially when you factor in the size and scope of Sony's operations - which includes over 40 million PlayStation 5 owners and gamers.

Ransomed.vc announced the breach on its leak sites, adding that Sony isn't willing to pay for the data it's up for sale. The extent of the breach and the validity of the claim haven't been confirmed, with Sony offering a statement to IGN that says it is " "currently investigating the situation" though it offers "no further comment at this time."

A staggering 38 terabytes of data was accidentally leaked by Microsoft AI researchers on the website called GitHub, according to a cloud security company report.

The new report released by Wiz, a cloud security company, among the leaked files, were two entire backups of workstation computers that contained confidential Microsoft information such as company "secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages". The incredibly large data exposure may result in Microsoft's AI systems being vulnerable to attack or any other Microsoft-related systems. So, how did this happen?

Unfortunately, it was a simple yet critical mistake that occurred when Microsoft AI researchers were trying to publish a "bucket of open-source training material" and "AI models for image recognition" to GitHub. The files' SAS token was misspelled, resulting in the public's storage permissions switching to the entire storage account rather than the AI material that developers were attempting to publish. Unfortunately, the bad news doesn't stop there.

The company wrote in a statement that it identified a cybersecurity threat in some of its systems that has resulted in its website being temporarily shut down.

MGM Resorts released a statement that confirmed its systems powering a selection of its casinos along the Las Vegas stripe detected a cybersecurity issue that caused some slot machines being taken offline, with other gambling systems also being temporarily shut down. The company said it took "prompt action to protect our systems and data," but isn't sure how widespread the vulnerability is and what systems have been affected by the attack.

The ALPHV/BlackCat ransomware group have claimed responsibility for the attack in a forum post, where it boasts that it was extremely easy to gain access to MGM Resort's systems. The ransomware group claims they used basic social engineering tactics to gain the necessary information to access the systems in order to obtain data that would force MGM Resorts to pay a ransom. However, MGM Resort refuses to pay the group.

A group of unnamed hackers have gained access to spyware firm WebDetetive to delete device information in a move to protect 10s of thousands of people from being surveilled.

Spyware is exactly what it sounds like - a piece of software that grants remote access to an individual's device to spy on them. Through this access, users can listen in on victims' phone calls, read messages, track locations, send/receive data such as photos/videos, view screens in real-time, and much more. Typically, this type of software is used by nefarious people who are interested in tracking individuals, monitoring there whereabouts and to gather intelligence that is typically used to blackmail the victim.

However, spyware is also used by government agencies to catch criminals. WebDetetive was one of these types of spyware until a group of unnamed hackers accessed their system and removed the device information from 76,000 devices, along with more than 1.5 gigabytes of data stored on the spyware service's servers. It should be noted that these are claims from a group of hackers and are yet to be independently verified.

If you're one of them any PC users out there that use WinRAR to handle their compression-related tasks (it's still one of the most popular archive utilities), then you might want to make sure you update to WinRAR version 6.23. Grab it here.

The latest version of the shareware app patches a rather significant security flaw dubbed CVE-2023-40477, allowing hackers to access memory beyond the allocated buffer.

The flaw would give hackers code execution on the target system, though only after opening a malicious RAR file. Still, you're looking at a very serious vulnerability when someone can execute commands on your PC simply because you opened a RAR file, let alone extracted its contents. The fact that it requires the user to open a specific RAR file dropped the security flaw's severity rating to 7.8.

Most modern Ryzen CPUs built using the Zen 3 and Zen 4 architectures (including the latest Ryzen 7000 series) are affected by the 'Inception' vulnerability. A new speculative side-channel attack that can expose sensitive or otherwise secure data - per AMD's description that you can read in full here.

The current understanding of 'Inception' is that the vulnerability is local, meaning you'd need to download malware containing the exploit for a potential issue. AMD notes that older Ryzen CPU hardware using the original Zen and Zen 2 architectures remain unaffected.

Regarding exploits, Inception is similar to the well-known Spectre attack, where secure data is accessed within memory via features in modern CPUs - going as far as to grab passwords, keys, and other secure data. The good news is that the exploit is being addressed in an upcoming AGESA Firmware update due for release later this month.

A Microsoft cloud breach that resulted in China state-backed hackers breaking into U.S. government emails has led the Cyber Security Review Board to launch an investigation.

The Cyber Security Review Board (CSRB) announced on Friday that its investigation will look into cloud-based identity and authentication infrastructure, which will lead to a wider review of all potential and current problems.

This investigation was launched following U.S. government official email accounts being infiltrated by China state-backed hackers that gained access to U.S. Commerce Secretary Gina Raimondo's inbox, several other officials at the U.S. State Department, and officials at a few different government agencies.

US officials have claimed they have discovered what they suspect is Chinese malware designed to perform a specific task.

A new report from The New York Times has revealed that US officials have found Chinese malware across several military systems and that this malware isn't like the typical Chinese malware as it has a specific purpose - to disrupt. According to the report from the NYT, the malware isn't designed for surveillance, which is the typical form of malware that's discovered on US military and government systems.

Experts claim the recently discovered malware is simply to disrupt US military and civilian operations, and according to National Security Agency deputy director George Barnes, "China is steadfast and determined to penetrate our governments, our companies, our critical infrastructure." Notably, Rob Joyce, the director of cybersecurity at the NSA, said last month that the capabilities of the malware are "really disturbing" as it's able to shut off water and power and disable communications for both military bases and civilians.

It's a common belief that DRM in PC game releases, specifically the popular Denuvo Anti-Tamper anti-piracy software, adversely impacts performance. If a PC game is rocking DRM, you're looking at a noticeable drop-off in performance compared to a version of the same PC game without DRM-a pirated copy.

The Denuvo platform is owned by digital security company Irdeto, who bought Denuvo in 2018. In an interview with Ars Technica, Irdeto Chief Operating Officer of Video Games Steeve Huin, said, "There is no perceptible impact on gameplay because of the way we do things." Adding that anti-piracy measures are a benefit to both game publishers and players as it ensures that it protects investments and leads to more games in the future.

"Whether people want to believe it or not, we are all gamers, we love gaming, we love being part of it," Steeve Huin says. "We develop technologies with the intent to make the industry better and stronger." Translation, the people behind Devuno have a different take and want to prove it.