Tag: exploit

Valve Surpasses $1 Million In Bug Bounties


Hackerone posts big rewards.

Continue reading “Valve Surpasses $1 Million In Bug Bounties”

Bless Unleashed Reopens Estate Servers After Exploit


Compensation extended to May 26.

Continue reading “Bless Unleashed Reopens Estate Servers After Exploit”

Temtem Clubs Cheaters: Almost 900 Permanently Banned


Temtem developer Crema today fired not so much a warning shot as a warning kill by announcing the ban of nearly 900 accounts from the newly launched MMO. All accounts in question have been permanently banned with no chance of appeal, with Crema stating their 100% confidence that each account has been caught cheating or abusing exploits.

https://platform.twitter.com/widgets.js

The statement that Crema won’t be reviewing any ban appeals had some members of the community concerned to say the least, as one could cite hundreds of examples of developers messing up and issuing false bans that are later overturned.

https://platform.twitter.com/widgets.js

Crema has since walked back their comment on a no appeals policy. Players who are banned and believe that it was out of error can appeal their ban by contacting Crema’s support email.

https://platform.twitter.com/widgets.js

Bethesda Gives Proper Compensation To Fallout 76 Robbery Victims


It’s a new year and that means new second chances. Back over the winter holidays, Fallout 76 suffered a rather embarrassing exploit which allowed players to steal items from another person’s inventory effectively initiating a forced trade. It appears that Bethesda is finally making good on its promise of compensation.

This time around players are reporting that their inventories of lost items have been replaced along with a promised stipend of atoms. Bethesda’s remedy appears to be to clone a version of the player’s character from before the theft with the offer of a free service to transfer items from the cloned character to the non-cloned, presumably further progressed original character.

Source: Polygon via MassivelyOP

PSA: Update Windows 10 Right Now, NSA Posts Critical Vulnerability


You know a security issue is going to be a big problem when the National Security Agency is posting an APB for people to update their computers as soon as possible.

The United States Department of Defense has issued a critical security warning advising users of Windows 10 to ensure that their operating systems are up to date. The NSA identified a vulnerability that will allow malicious software to be installed on a machine by fooling Windows into thinking that it is an official update. The most up to date versions of Windows have allegedly patched this bug, and the department warns that it expects exploits to start cropping up in the very near future.

NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows®1 cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples where validation of trust may be impacted include:

  • HTTPS connections
  • Signed files and emails
  • Signed executable code launched as user-mode processes

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.

Source: NSA

Virtually Everyone Possesses Duped Cash In DC Universe Online


DC Universe Online has a problem; An exploit allowed players to inject a gross amount of money into the game’s economy. How gross? According to Daybreak, trillions. Enough that virtually everyone in the game is now in possession of the fake cash, regardless of whether or not you’re aware of its origins. The cash has made its way through the economy and into so many player’s hands that Daybreak shut down trading cash and use of the broker while they figured out what to do about it.

The answer? Fix the exploit, ban the exploiters, and enforce a one-time “progressive tax” to fix the economy. You rich folks aren’t going to like this.

We have settled on six tax brackets for this one-time event, totaled at the ACCOUNT level, which are as follows:

  • Cash below $500,000,000 is not taxed at all.
  • Cash between 500,000,001 and 10,000,000,000 is taxed at 5%
  • Cash between 10,000,000,001 and 15,000,000,000 is taxed at 10%.
  • Cash between 15,000,000,001 and 20,000,000,000 is taxed at 20%.
  • Cash between 20,000,000,001 and 25,000,000,000 is taxed at 25%.
  • Cash above 25,000,000,001 is taxed at 100%.

Daybreak has admitted that the goal is not to fix the economy in one swoop, but to get rid of most of the cash that was introduced with the exploit. Their “look on the bright side” explanation is certainly something.

“We also want to maintain some of the scale of wealth legitimately present in the game. You may have less cash after this tax, but for the most part you will still have more than the people you had more than before, and less than the people you had less than before.”

On the plus side, if you had your investments wrapped up in items instead of cash, you’re pretty much safe from the number squash.

Source: DCUO

Steam Cleaning: Valve Bans Yet Another Title For Impersonating Dota 2


It must be a day ending in Y, because Valve has terminated yet another Russian developer for publishing a game on the Steam marketplace with the express purpose of scamming items from established Valve titles. In this case, the creator in question was able to change the title of his game to Dota 2, including adding the official Dota 2 logo as his own, and began uploading items with the same art, description, and titles as those in Dota 2. The developer would presumably be able to distribute items to himself and friends in order to better facilitate their crimes.

Thankfully Valve implemented changes the last time this incident occurred, adding a warning to players trading for items from a game they do not own. This developer went even further and apparently discovered an exploit that allowed him to upload items without approval. In order to stem scams, Valve requires that games past a certain trust threshold before they can make use of Steam inventory and trading cards.

A Valve representative posted that the exploit has been patched.

“Scammers figured out a way to get items in the Steam economy without having their game approved for release first. We fixed that today.”

The title was quickly removed and has been virtually scoured from Valve’s systems, going as far as deleting the app and its community hub entirely.

(Reddit)

RuneScape Slams Clue Scroll Exploiters With Banhammer


Jagex has dropped the banhammer hard on six accounts found to be exploiting a bug in this past week’s clue scroll overhaul. Jagex posted on the RuneScape Subreddit to note that while six accounts were banned for utilizing the exploit, more than 50 other accounts were banned for attempting to trade said exploited goods for real money. The exploit involved a very specific set of circumstances and led to rewards being duplicated and then distributed around the economy.

In the post, Mod Infinity noted that Jagex is confident that most of the items have been swept up, that the impact on the economy would be negligible, and that items that were sold to other players will be removed with the gold reimbursed to the buyer.

It was indeed much harder to reproduce than just having a full inventory, that just sends excess loot to the bank. This required you to have a specific inventory set-up, a specific final clue step, and a specific final clue challenge. Those exact circumstances sadly did not manifest in testing.

(Source: Reddit #1, Reddit #2)

Epic Strikes Again: Sues Over Fortnite V-Buck Exploit


Since last October, Epic Games has launched at least six lawsuits against individuals creating or advertising cheats for Fortnite, and as of last week you can add another one to that list. Epic has filed another lawsuit in the Northern District of California court, this time against an individual Yash Gosai, over his advertising of exploits in Fortnite Battle Royale.

While Epic’s previous lawsuits targeted creators and distributors of aimbots, this lawsuit deals with an exploit surrounding Fortnite’s premium currency V-Bucks. According to the lawsuit, Gosai is accused of developing and publicizing an exploit allowing people to gain free v-bucks without paying real money. Epic Games took the action of removing the video via DMCA takedown notice, which the defendant counter-claimed, and now the case is going to court on three claims: Copyright violation, breach of contract, and conversion (monetary damages).

Unlike the other cases we’ve covered where Epic Games is mostly seeking injunctive relief, barring the defendants from playing/cheating in their games, the fact that Gosai is being accused of both using and distributing an exploit to illegitimately acquire RMT currency for Fortnite makes this lawsuit one of the few where Epic is actually pursuing monetary damages. Epic is seeking unspecified damages plus interest and lawyer fees. As Yash Gosai is a resident of New Zealand, this case might take a while.

Both parties are scheduled for a meeting in April.

(Source: North California Court Docket Case 3:2018cv00152)

[NM] For Honor Exploit Costs Ubisoft $10,000 After Ignoring Major Game Balance Issues


It’s a tale that sounds tailor made for news headlines, but at a recent tournament held by Ubisoft for For Honor, the grand prize of $10 thousand ultimately went to contestants who played, dare we say it, dishonorably. The Hero Series is an effort by Ubisoft to bring players back to its fighting game For Honor, following reports of heavily dwindling population numbers on PC and console. This weekend, the Hero Series held its live finals from Burbank California, broadcast live on Twitch.

Unfortunately the tournament went off with numerous hitches, with players making use of and widely publicizing just how many bugs and balance issues still remain in For Honor six months after launch, including one player repeatedly, from repeatedly using an unblockable charge move to a player taking advantage of a bug to knock down his opponent on a small incline. Viewers criticized the fact that many of the exploits/bugs on display have been an issue ignored for months by Ubisoft, as well as the perceived flippant response from its Creative Director in presenting the champion award. The exploit used to win the tournament, which takes advantage of a bug when a player unlocks from his target on swing, causing his attacks to become unparryable. According to players, this has been in the game since virtually day one.

For a competitive fighting game, For Honor can only suffer from Ubisoft allowing exploits to win the day at its tournament. Since its launch in February, For Honor’s population on Steam has plummeted from an average of 28,000 to an average of just over two thousand over the past month. Ubisoft has referred to reports of a declining user base as “fake news,” despite the public availability of user data for players on Steam.