26. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

Bandai Namco has halted the Dark Souls role-playing game’s online PvP feature, bringing its servers offline to investigate claims of a major security issue that may endanger players. According to Reddit user reports, the vulnerability is a remote code execution (RCE) vulnerability that might allow attackers to take control of the system, giving them access to sensitive information, allowing them to plant malware, or use resources for cryptocurrency mining. 

According to the reports, the exploit is currently being disseminated, and it may also work against Elden Ring, a Bandai Namco upcoming title. On Saturday, a Discord post clarified that the game developer received details about the RCE vulnerability via a responsible disclosure report directly from the individual who identified it. Bandai Namco is said to have ignored the report, but considering the gravity of the flaw, the reporter chose to demonstrate it on popular streamers to raise awareness and illustrate how critical it is. 

The exploit was demonstrated on the Twitch stream of a player named The Grim Sleeper. An unknown entity launched a PowerShell script on the streamer’s PC, which used the Windows Narrator engine to read out crucial notes about the gameplay. 

“For example, the creator of the exploit has already shared information about the vulnerability with the developers of the Blue Sentinel plugin, a mod for Dark Souls designed to counteract cheats. And one can only guess who else could get this information,” researchers wrote. “Als

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: