-
Announcement
-
Simtropolis Returns! 05/26/2026
See here for details about our site recovery efforts.
-
Search the Community
Showing results for tags 'security'.
Found 30 results
-
Version 1.0.0
25 Downloads
The Lua Sandbox DLL provides a more secure environment for your mods. This DLL plugin is designed to enhance your security by preventing mods from accessing potentially dangerous Lua functions. It blocks unsafe operations such as reading and writing files, executing shell commands, and other actions that could compromise your system's integrity. By restricting these functions, the sandbox helps ensure a safer environment for running untrusted Lua code from any mods you install. Lua is a scripting language embedded within the game, commonly used for advisor messages, rewards, and automata generators. Although many plugins include Lua scripts, there is generally no need for a plugin to access the file system. To ensure security, the sandbox prevents plugins from performing such operations. Compatibility The Lua Sandbox DLL is compatible with nearly all plugins, so it is advisable to keep it always installed. You can monitor the DLL's .log file to see whether any plugin attempted to call a restricted Lua function. Incompatible with: DAMN, BSC Regional Tracking, Cori Reports. In case you have mods that only require read-access to the file system, you can enable file-read operations in an optional INI file, while still blocking write-access. System requirements SimCity 4, version 1.1.641 (the digital edition) (more info) Windows 10+ or Linux Installation Copy the DLL into the top-level directory of either Plugins folder (place it directly in <Documents>\SimCity 4\Plugins or <SC4 install folder>\Plugins, not in a subfolder). Alternatively, the mod can be installed with Sc4pac: memo:lua-sandbox-dll Troubleshooting The DLL should write a .log file in the folder containing the DLL. The log contains status information for the most recent run of the DLL. In particular, the log shows if another plugin attempted to call a restricted Lua function. If no .log file is written, the DLL failed to load. In this case, make sure the Microsoft Visual C++ 2022+ x86 Redistributable is installed. This DLL is provided on a best-effort basis, without guarantees it can prevent every potential exploit. -
It is CRAZY trying to sign in to a game website, with too much security hoops to jump through. My PalPal account doesn't do all of this crap! Nor my bank, Steam, anywhere else and even Fort Knox is easier to get into!
-
The Guardian reports that a data breach affecting Discord users was reported to the Information Commissioner’s Office, the UK's regulator of data protection. The hack may also have taken data such as users’ names email addresses other contact details IP addresses messages with Discord’s customer service agents Discord updated its announcement on October 9. See also https://www.nbcnews.com/tech/tech-news/70000-government-id-photos-exposed-discord-user-hack-rcna236714 https://www.computerworld.com/article/4070276/major-discord-hack-exposes-the-real-risks-of-digital-id.html
-
Important Update Regarding Network Addon Mod 48 on ModDB | Potential Security Issue
Ulisse Wolf posted a topic in NAM & Transit Networks
Security Breach On October 4, 2024, a hacker hacked the NAM Team account of ModDB by uploading a version of NAM 48 that contains a trojan virus Version 48.1 was uploaded to ModDB where the hacker modified the bat file that automated the installation of the 4GB Patch and automatically started the NAM java installer. A link to a version.cpl file was inserted in the bat file code, which is the main vector of the Trojan virus infecting your computer. Only thanks to a report today we have discovered the security incident and are acting quickly as well as performing investigations on how it was possible and future actions to be taken The mode of attack is very similar to the security incident that occurred in Cities Skylines 2 and so we are thinking that the affected users may be those who have cryptocurrency but we cannot confirm this until fully investigated. The affected users are all people who have downloaded to Simtropolis and ModDB and use Windows and Linux as their operating system. We recommend actively running antivirus scans if you consider you have been infected and possibly changing passwords as well as enabling 2FA on your accounts Preliminary analysis We examined the file version.cpl using Virus Total which identifies us that it is a trojan and you can see the results here https://www.virustotal.com/gui/file/b5c1be38f385ea14b012d91c161ecaefd1ccc7baecd98b180cd98de318f4ceb3 We also examined the NetworkAddonMod_Setup_Version48.bat of the infected version using Virus Total https://www.virustotal.com/gui/file/8c6588bd909d1d11eb1f4ccd0d7d1babbb759e1fd2d56725bd80836657b39d57 In addition, ModDB's security system was found to be ineffective in preventing this problem Mitigation Damage Currently the Simtropolis download of NAM 48 has been redirected to the SC4E version. NAM lite version is safe. They did not require corrective action We have suspended our collaboration with NAM Team and ModDB indefinitely. We will re-evaluate this decision when we feel that the security of ModDB is much improved Results of investigation Currently, the NAM Team is investigating the malicious nature of the file and is working with the ModDB Team to reoslvere the problem and the security flaws that were found The ModDB Team is investigating how this cyber attack could happen. We will update this Thread based on the results of our investigations. Frequently Asked Questions I downloaded the file to ModDB / Simtropolis before October 4. Am I infected? From our analysis, those who downloaded the file before Oct. 4 are safe from infection I downloaded the file to ModDB / Simtropolis after October 4. Am I infected? Unfortunately, yes. From our initial analysis, the virus activates if NetworkAddonMod_Setup_Version48.bat is run. I ran NetworkAddonMod_Setup_Version48.bat from the infected download. What should I do? We recommend running an antivirus scan on your computer. If you feel that the antivirus scan does not meet your expectations then you should perform a clean reinstallation of your operating system. Only after you feel confident can you perform the Password change procedure and enable 2FA on your accounts I downloaded NAM Lite from ModDB. Am I infected as well? No. The hacker only modified the full version of NAM. We have done some verification and the NAM Lite version is safe Is the SC4Evermore version also inffect? The SC4Evermore version of NAM is secure, since access to file upload procedures has controlled access and only authorized persons can do so I have Linux and downloaded the file from ModDB. Am I infected as well? Yes I have MacOS and downloaded the file from ModDB. Am I infected as well? From our initial analysis the virus is only compatible with Windows and Linux environments so it should not activate on macOS but for all evidence we recommend running an antivirus check and changing passwords to your accounts and enabling 2FA I am an expert in cybersecurity. Can I access the offending file to perform an analysis? The policy of SC4Evermore and Simtropolis is not to host viruses on our sites. The NAM Team has a copy of the infected version so if you want to run analysis you can come to the SC4Evermore discord server and contact the Admins When do you report the results of the investigation? Forensic investigations take time. When we have concluded the investigation we will communicate the result I am using SC4Multiplayer (SC4MP). Am I infected as well? If you are only using the client you are not infected while those who host the server may be infected with the Trojan virus so we recommend that you run an antivirus check A troubleshooting flow chart made by @Kurzov22 is available. Please be advised that this flow chart is to be considered temporary as investigations are ongoing Tarkus' blog is also reporting on this security incident https://simtarkus.wordpress.com/2024/11/27/security-threat-alert-NAM-removed-from-moddb-after-hacker-inserts-malware/- 48 Replies
-
- 23
-
-
-
-
-
Hello, I don't know where this post lies to. Maybe off topic or current events. Regardless, LinusTechTips, a fellow Canadian popular tech YouTuber with 15,5 million subscribers, is now hacked. His channel was hacked to shown Tesla-related giveaway (btw, don't trust it). Some of his secret videos eventually uploaded by the hacker. YouTube was quick enough to ban "him." His content is now "gone." Not only his channel is hacked, but also his Techlinked and Techquickie channel. His Discord channel was shut down due to the fear of being hacked. I don't know if I can link LTT forum here, which coincidentally uses IPS too. But, according to those in the forum, one guy was compromised. The actor simply used the guy to attack Linus Media Group. Here are the proof.
-
Version 1.0.0
833 Downloads
C o m m o n w e a l t h Park Museum There are only 3 of the Commonwealth nations flags in the Maxis 'Day of Peace' props (UK, CA, and AU). Below is a reference to all the member nations and their flags. Most of the flags similarly historically display the Union Jack. The Colonial-era Canadian flag (Red Ensign) used to 1965 is imaged above. 7x7. YIMBY High landmark and park effects. Museum Capacity: 3000. High anti-pollution. Automata: School Bus, EQ Boost: 30 'Day of Peace' flag props Buildings as Props 1 & 2 https://community.simtropolis.com/sc4-maxis-files/ Library 2x7. Occupant Groups: School, Library, Tourist. High landmark and park effects. Library Capacity: 6000. High anti-pollution. Automata: School Bus, EQ Boost: 40 Airport Security and Environment, 4x3 This lot deals with high crime and pollution at airports. It provides high security for travelling dignitaries and forms a hub for an airport commercial area. Pollution Air Water Garbage Amount -200 -10 -10 Radius 25 10 10 Police Radius 380 Dispatches 50 Jail Capacity 120 Occupant Groups: Police, Recycle, Tourist, VIP, YIMBY Automata: Police, Recycle Truck, Limo Recycle % Reduction: 20, Landmark Effect: 50 over 20, Demand Created: 360 ____________________________________________ The Commonwealth of Nations is a voluntary association of 56 sovereign states. Most of them were British colonies or dependencies of those colonies. Queen Elizabeth II, the longest-serving Head of the Commonwealth, was in office for 70 years. https://en.wikipedia.org/wiki/Commonwealth_of_Nations https://en.wikipedia.org/wiki/Member_states_of_the_Commonwealth_of_Nations -
Is there a need for something like the airport security check points in Simcity4?
-
Read this part of the article from link. Do the simple test below to check if you were infected. ~Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox~ By Catalin Cimpanu for Zero Day on December 10, 2020 -18:37 GMT (10:37EST): https://www.zdnet.com/google-amp/article/microsoft-exposes-adrozek-malware-that-hijacks-chrome-edge-and-firefox/ small quote and pictures from above source "Microsoft has raised the alarm today about a new malware strain that infects users' devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages. Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day....Based on internal telemetry, the highest concentration of victims appears to be located in Europe, followed by South and Southeast Asia." "Modifications performed by Adrozek include: Disabling browser updates Disabling file integrity checks Disabling the Safe Browsing feature Registering and activating the extension they added in a previous step Allowing their malicious extension to run in incognito mode Allowing the extension to run without obtaining the appropriate permissions Hiding the extension from the toolbar Modifying the browser's default home page Modifying the browser's default search engine All of this is done to allow Adrozek to inject ads into search results pages, ads that allow the malware gang to gain revenue by directing traffic towards ad and traffic referral programs." *(JUST TYPE IN microsoft in your browser and compare the results to the pictures below.) Kloudkicker. Article link above.*
-
Dunno if any of you use this software for network monitoring but there has been a major hack reported by US Treasury concerning any computer that is monitored by the SolarWinds Orion system. Given the required actions listed in the DHS cyber response if anyone is using this you may want to take it offline immediately and look for an alterntive arrangment till it gets fixed. Original Article: https://www.bbc.co.uk/news/world-us-canada-55265442 DHS Cyber Response: https://cyber.dhs.gov/ed/21-01/ All affected government agencies have to comply (take it offline) by 12.00 (Noon) EST 14/12/2020.
-
~ Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware~ https://amp.thehackernews.com/thn/2020/12/hackers-for-hire-group-develops-new.html: by Ravie Lakshmanan on 04 Dec, 2020 Partial quote- "Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group (formerly called Deceptikons), a threat actor that has been found to hit law firms and companies in the financial sector located in Europe and the Middle East at least since 2012. The hacking tool is so-called because of its reliance on steganographic trickery to deliver the backdoor payload in the form of an image of ferns or peppers. The espionage group first came to light earlier this July, with most of their attacks starting with a spear-phishing email containing a malicious modified LNK (shortcut) file that, when clicked, downloads and runs a PowerShell-based implant named Powersing... among them are the capabilities to hide malicious execution workflow in Word embedded shape and object properties and use Windows Compiled HTML Help (CHM) files as archives for malicious files... Multiple mercenary groups have been seen in the wild before, including BellTroX (aka Dark Basin), Bahamut, and CostaRicto, all of whom have deployed custom malware to breach systems belonging to financial institutions and government officials. "It only seems fair to write that DeathStalker tried hard to develop evasive, creative and intricate tools with this PowerPepper implant and associated delivery chains," Delcher concluded. "There is nothing particularly sophisticated about the techniques and tricks that are leveraged, yet the whole toolset has proved to be effective, is pretty well put together, and shows determined efforts to compromise various targets around the world." To safeguard against PowerPepper delivery and execution, it is recommended that businesses and users update their CMS backends as well as associated plugins, restrict PowerShell use on end-user computers with enforced execution policies, and refrain from opening Windows shortcuts attached to emails, or click links in emails from unknown senders." More info at link above. Stay safe.
-
The kids popular Apple app Animal Jam ("ranking in the top five games in the 9-11 age category in Apple’s App Store in the U.S") was reported, by the app maker WildWorks, they had a security breach in October and is trying to rectify the issue. I really, really hate when kids are targeted. ~Security: Animal Jam warns of hack affecting 46 million accounts~ by Mark Wyciślik-Wilson posted November 16, 2020 :https://betanews.com/2020/11/16/animal-jam-hack-data-breach/ *Both articles read the same* ~Animal Jam was hacked, and data stolen; here’s what parents need to know~ by Zack Whittaker posted 9:00 am PST • November 16, 2020: https://techcrunch.com/2020/11/16/animal-jam-data-breach/amp/ partially article quote from last article "...while no data breach is ever good news, WildWorks has been more forthcoming about the incident than most companies would be, making it easier for parents to protect both their information and their kids’ data. Here’s what we know. WildWorks said in a detailed statement that a hacker stole 46 million Animal Jam records in early October but that it only learned of the breach in November. The company said someone broke into one of its systems that the company uses for employees to communicate with each other, and accessed a secret key that allowed the hacker to break into the company’s user database. The bad news is that the stolen data is known to be circulating on at least one cybercrime forum, WildWorks said, meaning that malicious hackers may use (or be using) the stolen information. The stolen data dates back to over the past 10 years, the company said, so former users may still be affected. Much of the stolen data wasn’t highly sensitive, but the company warned that 32 million of those stolen records had the player’s username, 23.9 million records had the player’s gender, 14.8 million records contained the player’s birth year and 5.7 million records had the player’s full date of birth. But, the company did say that the hacker also took 7 million parent email addresses used to manage their kids’ accounts. It also said that 12,653 parent accounts had a parent’s full name and billing address, and 16,131 parent accounts had a parent’s name but no billing address. Besides the billing address, the company said no other billing data — such as financial information — was stolen. WildWorks also said that the hacker stole players’ passwords, prompting the company to reset every player’s password. (If you can’t log in, that’s probably why. Check your email for a link to reset your password.) WildWorks didn’t say how it scrambled passwords, which leaves open the possibility that they could be unscrambled and potentially used to break into other accounts that have the same password as used on Animal Jam. That’s why it’s so important to use unique passwords for each site or service you use, and use a password manager to store your passwords safely. Keep an eye out for scams related to the breach. Malicious hackers like to jump on recent news and events to try to trick victims into turning over more information or money in response to a breach..." Stay safe
-
This affects Windows 7 through 10 Users A small quote from the article link below "As Microsoft confirms a Google-disclosed and unpatched zero-day vulnerability is being targeted by attackers right now, here’s what you need to know. Microsoft has confirmed that an unpatched ‘zero-day’ vulnerability in the Windows operating system, affecting every version from Windows 7 through to Windows 10, is being actively targeted.... Microsoft failed to issue a security patch within that hugely restrictive timeframe, and Google went ahead and published details of the zero-day vulnerability, which is tracked as CVE-2020-17087.....The bug itself sits within the Windows Kernel Cryptography Driver, known as cng.sys, and could allow an attacker to escalate the privileges they have when accessing a Windows machine. The full technical detail can be found within the Google Project Zero disclosure, but slightly more simply put, it’s a memory buffer-overflow problem that could give an attacker admin-level control of the targeted Windows computer.....How big a threat is this to your average Windows user? That remains to be seen, but currently I’d classify it as a be aware but don’t panic situation." Here is the original article link posted on Nov 1, 2020,08:58am EST by Davey Winder Senior Contributor of Forbes Cybersecurity, https://www.forbes.com/sites/daveywinder/2020/11/01/windows-10-users-beware-new-hacker-attack-confirmed-by-google-microsoft/amp/
-
Well, as of today, Windows 7 only has one year of support left. After Jan 14, 2020, Windows 7 will no longer receive security updates. So I guess the question is, if you are still on Windows 7, will you move to Windows 10 or stay with an operating system that will continue to become less secure over time. I still use Windows 7 an my laptop that I run SC4 on. After Jan 14, 2020 I plan on keeping Windows 7 on it and either 1) disconnect it from the internet or 2) make frequent backups and take my chances. If you are still using Windows 7, what are your plans after support ends?
-
What Should I Do If I Found a Security Hole? (Solution Forum)
Propfam posted a topic in Simtropolis Related
Hello, Security is important. Lots of sites have a security center. Imagine if I am a security researcher/white-hat hacker and I found an exploit. What should I do? Is there a security center? Is it private? Does the community have a good disclosure process? Thanks.- 3 Replies
-
- 1
-
-
- security
- simtropolis
- (and 1 more)
-
Major flaw in Windows systems... make sure you've patched it.
rsc204 posted a topic in General Off-Topic
I know a number of the people playing SC4 are still using older O/S's, but this may apply to you, even if using a more modern system. You may have heard about a big flaw in Windows systems that's been affecting many corporations and allegedly even the Russian government this weekend. What is the problem? In short, there is a flaw (security risk) that's been inside Windows for a very long time. The NSA/US security agencies knew about this a long time ago, but kept it quiet and used it for their own nefarious purposes. They made some special software tools, known as rootkits, that allowed them to use this vulnerability to access affected systems. A few months back, hackers managed to get hold of these tools and swiftly worked out how they worked. This weekends problems which downed Telefonica in Spain, the NHS in the UK and DB in Germany amongst others, are all related to this vulnerability. Microsoft patched the issue for supported Windows systems, that's 7 and up, back in March. Of course you are only safe, if you have installed said updates. After this weekends calamities though, MS took the unprecedented step of issuing a patch for older, out of support systems. That's as far back as Windows XP, Vista and Server 2003 editions. If that doesn't tell you how serious this flaw is, nothing further I say will help. Anyhow, please, please, please, if you are using an affected system, take the time to download and install the patch from here. If you are using a supported system (Win 7 onwards), you should just run Windows Update and ensure you've all the latest security patches from the Monthly Roll-Ups. Failure to patch your system could lead to infection in the form of a blackmail scam, where your entire hard drive's files are encrypted, so you can no longer access them. The scammers are then demanding between $300-$600 to "unlock" these files for your PC. Of course, being scammers, they can't be trusted. Almost certainly your computer would be compromised in other ways. There is also no real guarantee you'll get your files back. The only solution that's safe is to fully wipe your drive and restore from a backup, assuming you have one. So you could loose all your data if you get caught out.- 80 Replies
-
- 16
-
-
- 3 Comments
- 5 Reviews
-
- 20
-
-
-
-
- security
- checkpoint
- (and 2 more)
-
You have got to be kidding! The Dutch are right. If there is a backdoor, some hacker will find it, therefore none should be created. Strong encryption is fine because to break it you need a very big, expensive system. Encryption is a mugs game at best. Private cypher codes are the way to go. The difference between encryption and cypher codes is vast. With encryption, you simply scramble the message using one or more keys. With a cypher code you send groups of seemingly meaningless text that can only be understood by the recipient if he has the correct copy of the code book. Both the Wehrmacht and the Japanese used encryption during WW II and in both cases their most secret schemes were broken. For an example of the use of a private cypher code (albeit very simple) read Ken Follett's novel 'The Key to Rebecca'. Without the correct edition of that little book, code breakers had no chance at all. The drawback to cyphering is that decrypting is slow. Encryption schemes between cooperating parties is fast. It is all a matter of how much security you want.
-
Hello. I have a big problem finding dependencis - PEG security props.dat. I'm building a large Airport an wanted to have a fence - Airport Security Fence Addon-and -ASFA Expansion Pack1. Peg Security Fencing Kit it not the same at Peg security props.dat. Please Help.
-
SECURITY 5th January 2002, The Security project has been approved, As the Security Department decided, A new Police Headquarters is going to be built in the Regional Capital, Port Tuduri. Port Tuduri, choosed for the construction of police headquarters, because is the biggest town in the region To build this building, wich provides with more than ten patrol cars and a lot of space to jail criminals, the region has asked his first loan. next to the building construction a whole security improvement plan has started. A lot of Policecars waiting to start patrol REGION MAP AND OVERVIEW LINK
-
What not to do with your router. Ignorance is expensive. Is this a crime? You bet! It is theft.
-
This has been floating around in the news for a long time. I felt it needed its own thread. Here is the latest revelation with respect to CSEC (Canadian version of NSA) So who is surprised? Certainly not I. Anyone who logs on to an unprotected WiFi server anywhere has made the ultimate mistake with respect to his privacy. Everything is broadcast on the Internet, so if you want privacy, chuck it all in the garbage and revert to being an island of privacy in a sea of stupid chatter. While my interaction on the Internet is limited to this one station, I really want to say Hi, to the guys at NSA, CSEC, and MI5.
-
Cloud hacked. Cheap storage, cheap result. For less than $200 you can get an external HDD and store a lot of stuff on it. Mine is 1 TB and I have a second one that contains archives that is 300 GB. Connected over USB ports which is fast enough for archives.
- 55 Replies
-
- 3
-
-
- hackers
- cloud storage
- (and 1 more)
-
I know his topic does not relate to sc4 but before I start doing anything related to sc4 on my new computer I need to make it safe and secure. I have Norton as my anti virus. I also need a good fire wall to keep viruses from coming in to my computer in the first place. Which fire wall is good one that keeps out all viruses and preforms well?Is having a good anti virus and a good fire wall enough?
-
My old computer got infected with the claro virus which made it incapable of running sc4. What should I do to prevent this situation for my new computer? Is Norton enough? I also heard that you need a firewall to filter viruses from your internet. Where do I get one and which is the best? The dilemma is that if I download a firewall from the internet then before I actually install it a virus may slip through. Can i get a firewall software from my local electronics store? How do I surely secure my computer?
-
USHS advisory. Patch to be released by Oracle by Jan. 15th. Homeland Security just justified their existence.
_hvr.jpg.9bd6205b70e9539b859bfb92d61f4453.thumb.jpg.48623afe6fc2f5b0d3fa0ebb49ac2d73.jpg)
