Valve Enhances Steam Security With SMS Verification

Valve is bolstering the security of its Steamworks platform by introducing SMS verification for developers, aiming to prevent future incidents of hackers infiltrating developer accounts. The move comes in response to previous breaches where malevolent actors compromised developers' accounts and injected malware into various game builds. While these attacks, as confirmed by PC Gamer, impacted fewer than 100 Steam users, developer Benoît Freslon, the creator of NanoWar: Cells VS Virus, disclosed on X on October 11 that hackers gained control of his browser access tokens. This allowed them to access any services associated with Freslon's logged-in accounts. "This reflects a trend [we have] been seeing over the past few years as adversaries shift the focus of their attacks to developers who often have access to the crown jewels of tech companies - their source code," commented Ken Westin, field CISO at Panther Labs. According to the security expert, the potential for financial gain is significant when infiltrators access code repositories, DevOps tools and cloud infrastructure. Their capabilities extend beyond code theft and malware deployment to include the insertion of malicious code, thereby compromising downstream customers. "This trend is increasingly being utilized by not only criminal groups but also nation-state actors, as we have seen with the Lazarus Group out of North Korea," Westin explained. "Organizations need to take additional measures to not only secure developers themselves but also the environments they interact with on a daily basis - those with privileged access are particularly vulnerable," Westin added. Valve is now taking measures to thwart such breaches. The company announced that changes would be implemented in Steamworks, the free suite of developer tools, particularly concerning build management and user additions to Steamworks groups. These changes will mandate associating a phone number with a user's Steamworks account. Steam will send a confirmation code via SMS for any published application when developers attempt to update a build to the default branch. A similar two-factor authentication process will apply when Steamworks administrators invite new group members. The implementation of these security enhancements is scheduled for October 24, prompting Steam users to ensure their phone numbers are linked to their accounts. Steam has hinted at expanding this requirement to other Steamworks actions in the future.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Valve Enhances Steam Security With SMS Verification

Steam drops support for Windows 7 and 8.1 to boost security - Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. The gaming company warned last year that the Steam client would be unsupported in the New ...
1 year ago Bleepingcomputer.com
Malicious PirateFi game infects Steam users with Vidar malware - Malware infiltrating the Steam store is not common, but it's not unprecedented either. In February 2023, Steam users were targeted by malicious Dota 2 game modes that leveraged a Chrome n-day exploit to perform remote code execution on the ...
3 days ago Bleepingcomputer.com
Valve Enhances Steam Security With SMS Verification - Valve is bolstering the security of its Steamworks platform by introducing SMS verification for developers, aiming to prevent future incidents of hackers infiltrating developer accounts. The move comes in response to previous breaches where ...
1 year ago Infosecurity-magazine.com
DataVisor integrates SMS customer verification into its platform - DataVisor announced the expansion of its end-to-end platform capabilities with the integration of SMS customer verification for fraudulent transactions. This new offering, powered by Twilio technology, provides customers with enhanced fraud ...
1 year ago Helpnetsecurity.com
Hackers Breach Steam Discord Accounts, Launch Malware - On Christmas Day, the popular indie strategy game Slay the Spire's fan expansion, Downfall, was compromised, allowing Epsilon information stealer malware to be distributed over the Steam update system. Developer Michael Mayhem revealed that the ...
1 year ago Cysecurity.news
Game mod on Steam breached to push password-stealing malware - Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised ...
1 year ago Bleepingcomputer.com
Steam game mod breached to push password-stealing malware - Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised ...
1 year ago Bleepingcomputer.com
CVE-2017-17780 - The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid ...
3 years ago
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
9 months ago Blog.checkpoint.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
1 year ago Feeds.dzone.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
4 months ago Helpnetsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
11 months ago Esecurityplanet.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
1 year ago Cybersecuritynews.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
4 months ago Cyberdefensemagazine.com
Cisco XDR: SLEDs "SOC in a Box" - For State, Local, and Education entities the Security Operations Center is a required tool in the toolbox and a necessity for Cyber Insurance. Threats to data and information are ever evolving, and better safeguarding the security of SLED entities is ...
1 year ago Feedpress.me
CVE-2022-31156 - Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, ...
1 year ago
1Kosmos Unifies Identity Verification User Journeys Across Web and Mobile Platforms - PRESS RELEASE. EAST BRUNSWICK, N.J., Nov. 29, 2023 - 1Kosmos, the company that unifies identity proofing and passwordless authentication, today announced the 1Kosmos BlockID platform now enables organizations to seamlessly extend web-based identity ...
1 year ago Darkreading.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
8 months ago Esecurityplanet.com
The Art of Securing Cloud-Native Mobile Applications - We will explore the dynamic intersection of cloud-native architecture and mobile application security, delving into the strategies and best practices essential for safeguarding sensitive data, ensuring user privacy, and fortifying against emerging ...
1 year ago Feeds.dzone.com
PornHub now also blocks Texas over age verification laws - PornHub has now added Texas to its blocklist, preventing users in the state from accessing its site in protest of age verification laws. Texas' age verification bill HB 1181, passed last year, went back into effect last week after the State won an ...
11 months ago Bleepingcomputer.com
CVE-2013-7128 - Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading ...
11 years ago
Counter-Strike 2 HTML injection bug exposes players' IP addresses - Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe Cross Site Scripting flaw, which ...
1 year ago Bleepingcomputer.com
CVE-2019-14743 - In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. ...
4 years ago

Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)