fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Dark Souls Servers Taken Down to Prevent Hacks Using Critical Bug

Dark Souls Servers Taken Down to Prevent Hacks Using Critical Bug

Bandai Namco has deactivated the online PvP mode for the Dark Souls role-playing game, taking its servers offline to investigate reports about a severe security issue that may pose a risk to players.

According to community reports on Reddit, the vulnerability is a remote code execution (RCE) that could allow attackers to take control of the system, giving them access to sensitive information, letting them plant malware, or use resources for cryptocurrency mining.

The same reports claim that the exploit is actively circulated and it may also work against Elden Ring, an upcoming title of Bandai Namco.

Also Read: The 5 Phases of Penetration Testing You Should Know

User reports on Dark Souls RCE exploit
User reports on Dark Souls RCE exploit
Source: Reddit

The issue became widely known on Saturday in a post on Discord clarifying that the game developer received details about the RCE vulnerability in a responsible disclosure report straight from the person who discovered it.

User post giving context around the discovery of the flaw
User post giving context around the discovery of the flaw
Source: Discord

Bandai Namco allegedly ignored the report but given the severity of the flaw, the reporter decided to demonstrate it on popular streamers to raise awareness and show how critical it is.

Indeed, there has been at least one stream on Twitch showcasing the exploit, even if involuntarily, ending with a crash following the execution of Microsoft PowerShell and a text-to-speech script.

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

After the reports of active exploitation spread, Dark Souls announced on Twitter that the PvP servers for all titles of the series would be taken offline to allow the team to investigate the allegations.

This only affects the PC platform, and the PvP experience on Xbox and PS consoles remains unaffected.

Blue Sentinel, a widely used anti-cheat tool for the Dark Souls game, is reportedly working on a patch to prevent exploiting the flaw. However, the possibility of mitigation through this tool isn’t guaranteed.

Bleeping Computer has reached out to Bandai Namco asking for more details on the RCE exploit and the time estimates for remediation, but we haven’t received a response yet.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us