Security News
Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to "Validate" new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement. Valve sent out notices last month to select users to inform them that they may have been infected with malware after playing a specific game via Steam.
Game developer Valve has announced that it permanently banned more than 40,000 accounts for using cheating software to gain an unfair advantage over other players in the Dota 2 game. The cheat gave players access to internal client app information that is not visible during normal gameplay, thus obtaining a competitive advantage.
A security researcher helped Valve, the makers of the gaming platform Steam, plug an easy-to-exploit hole that allowed users to add unlimited funds to their digital wallet. Steam Wallet funds are exclusive to the Steam platform and are used to purchase in-game merchandise, subscriptions and Steam-related content.
A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players. Exceptions are games built with Source 2 or those that run a modified version of the Source engine, like Titanfall.
Check Point Research has identified four vulnerabilities in the network library of Steam, the online platform from game developer Valve that is used by 25 million users to connect together at peak time to buy, play, create, and discuss PC games. An attacker could have used the security flaws to remotely crash an opponent's game client and potentially take over a gamer's computer and hijack all computers connected to a third-party game server.
Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point Research's Eyal Itkin noted in an analysis published today.
The discovery of leaked source code for two popular games - Counter-Strike: Global Offensive and Team Fortress 2 - has led to security concerns and even calls for gamers to uninstall the software from their computers. The developer and publisher of the two games, Valve, is downplaying the source-code leak, saying it does not see "Any reason for players to be alarmed or avoid the current builds." In a statement posted on the CS:GO and Team Fortress 2 Twitter accounts, Valve said the source code in question is older, dating to 2017 - and that it was already part of an existing leak from 2018.
Servers hosting Valve Source Engine and popular games like Fortnite are targeted by a new variant of the Gafgyt botnet.
Security bod may be invited back into vuln reward program, Half-Life 3 still ain't happening Games giant Valve is attempting to make nice with the infosec bod who disclosed zero-day exploits for...
Security bod may be invited back into vuln reward program, Half-Life 3 still ain't happening Games giant Valve is attempting to make nice with the infosec bod who disclosed zero-day exploits for...