In an effort to bolster Total War developer Creative Assembly, Sega Europe today has announced that it’s acquired Crytek Black Sea and added the 60-person team from Bulgaria to the prominent UK developer. Crytek Black Sea has been renamed Creative Assembly Sofia and will be working on a number of unannounced projects.
Tim Heaton, Studio Director at Creative Assembly, commented: “Now in our 30th year of games development, with an army of multi-million selling titles to our name and a history of world-renowned partnerships, Creative Assembly is proof of the UK games industry’s potential for global success. Due to this success, we are further expanding our UK base and developing additional projects overseas, whilst pursuing top talent from across the globe to join us, all in support of our commitment to creating high quality, authentic gaming experiences. Our continued growth allows us to be dynamic with our future projects, constantly seeking new opportunities and reaching a wider audience with our games.”
Jurgen Post, President and COO of Sega Europe, added: “The acquisition of Crytek Black Sea further enhances Sega Europe’s development capabilities and strengthens our ability to output diverse and engaging content for our IP. Creative Assembly Sofia will be working exclusively on content for Creative Assembly and will prove an invaluable asset given the multitude of unannounced titles currently in the works. This acquisition represents another step in the right direction for the growth of our global business, underlining our commitment to add value to our existing studios and our continued support for the UK games industry.”
Fresh off the Halo Wars 2 project, Creative Assembly has been in a growth mode over the last year, as the studio’s headcount has risen by 37% and is now over 500-people strong. The addition of Creative Assembly Sofia comes after the opening of the studio’s third UK site at the end of 2016, which resulted in an 88% increase in development space to its creative footprint (with over 70,000 square feet of in-house development facilities including a 45-camera motion-capture studio and dedicated audio suites).
Creative Assembly is looking to stay ahead in the UK games market, which generated £2.96bn in 2016, 1.3 times the size of the video market (£2.25bn) and 2.6 times the size of music (£1.1bn).
In an email interview prior to the news, Heaton informed GamesIndustry.biz that Creative Assembly has been looking to expand for a while. “[We] have actually been eyeing potential studios specifically to expand CA’s output for some time. Parties have been discussing this deal over the last few months, since the opportunity arose to purchase Crytek Black Sea, and integrate them into CA’s operation,” he explained.
“While Sega are always looking out for acquisitions that fit with the rest of the business, this addition has been motivated by the growing CA output, and the need to support that growth with talented and experienced teams,” Heaton continued. “CA has never had the aim solely to grow big, but our games have given us the opportunity to work on more projects. As we have taken those opportunities, we have needed to seek out more talent who reflect the calibre of our games.”
While Crytek has run into financial troubles and has unfortunately missed payroll at times, Heaton assured us that the new CA studio would not have to worry about its status any longer.
“We’ve been working closely with the CA Sofia team over the last few months to ensure they are setup for success, and have a comfortable and healthy work environment,” he said. “This has included upgrading their IT infrastructure, setting up clear HR support processes and integrating them with our UK teams; in fact, some of the CA Sofia team are with us in the UK at the moment, as part of their ongoing training and development.”
Apple has issued a fix for a “critical security issue” in OS X following the discovery of a vulnerability in the Network Time Protocol which affects the Yosemite, Mavericks and Mountain Lion operating systems.
The bug, revealed earlier this month, could allow hackers to execute arbitrary code on systems not updated with the fix, and trigger buffer overflows while using OS X Network Time Protocol daemon (NTPD) privileges.
The exploit, named CVE-2014-9295, was uncovered by Stephen Roettger of the Google Security Team earlier this month, but Apple didn’t issue a fix straight away because the firm likes to be sure that the flaw is authentic.
“For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” said Apple on its support page.
The update is available now for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1.
Users can find the update via Software Update. It will have already downloaded if the ‘Install system data files and security updates’ option is checked in the App Store menu of System Preferences.
Those who want to verify their NTPD version can do so by opening Terminal and typing what /usr/sbin/ntpd. If the the update is already installed, users should see the following versions:
Mountain Lion: ntp-77.1.1
Apple hasn’t had the best luck with security in recent months, which is unusual as the firm is renowned for its tough defenses against the vulnerabilities that affect operating systems like Windows.
The company beefed up its iCloud security in October, adding per-application passwords for third-party apps that don’t support two-factor authentication following the high-profile celebrity iCloud hack in September.
The most recent addition is app-specific passwords to guard against exposure of a user’s iCloud details.
Apple’s security was once again made a laughing stock as a team of researchers demonstrated how it is possible to sneak apps past Apple’s test regime. A group of researchers presenting at Usenix were able to spreading malicious chunks of code through an apparently-innocuous app for activation later.
According to their paper the Georgia Tech team wanted to create code that could be rearranged after it had passed AppStore’s tests. The code would look innocuous running in the test environment, be approved and signed, and would later be turned into a malicious app.
They created an app that operated as a Georgia Tech “news” feed but had malicious code was distributed throughout the app as “code gadgets” that were idle until the app received the instruction to rearrange them. After the app passes the App Review and lands on the end user device, the attacker can remotely exploit the planted vulnerabilities and assemble the malicious logic at runtime by chaining the code gadgets together.
The instructions for reassembly of the app arrive through a phone-home after the app is installed.
The app will run inside the iOS sandbox, but can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities.
A list of 27 user names and encrypted passwords allegedly for an Apple website was posted to the Internet over this past weekend along with a warning from hacker group Anonymous that the Cupertino-based computer maker could be a target of its attacks.
The list was posted to the Pastebin website, a hosting site for text files, by an unknown user under the title “Not Yet Serious.” It wasn’t immediately clear if the user is a member of the Anonymous hacking group, but the existence of the file became widely known after Anonymous linked to it in a Twitter message.
“Not being so serious, but well,” the message read before linking to the PasteBin page. “Apple could be target, too. But don’t worry, we are busy elsewhere,” the message said.
The data appears to be a set of user names and encrypted passwords from an SQL database for an online survey at the Apple Business Intelligence website. The site is currently offline.
Apple did not immediately respond to a request for comment.
In an apparently unrelated posting, a Lebanese grey-hat hacker called idahc_hacker said he had found vulnerabilities on another Apple website. The SQL injection and iFrame code attacks can be used by hackers to gain unauthorized access to data.
Grey hat hackers do not normally hack for malicious purposes and the Lebanese hacker did not post and data obtained from the site.
In pointing out the hacks, he said he was not part of Anonymous or LulzSec, an allied group that disbanded recently.
Japanese video game maker Sega Corp said on Sunday that information belonging to 1.3 million customers has been stolen from its database, the latest in a string of global cyber attacks against video game corporations.
Names, birth dates, e-mail addresses and encrypted passwords of users of Sega Pass online network members had been hacked into, Sega said in a statement, though payment data such as credit card numbers was safe. Sega Pass had been shut down.
“We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” said Yoko Nagasawa, a Sega spokeswoman, adding it is unclear when the firm would restart Sega Pass.
The attack against Sega, a division of Sega Sammy Holdings that makes game software such as Sonic the Hedgehog as well as slot machines, follows other recent significant breaches including Citigroup, which said over 360,000 accounts were hit in May, and the International Monetary Fund.
The drama surrounding the recent round of video game breaches paled compared to what PlayStation maker Sony Corp experienced following two high-profile attacks that surfaced in April.
Those breaches led to the theft of account data for more than 100 million customers, making it the largest ever hacking of data outside the financial services industry.
Sega Europe, a division of Sega that runs the Sega Pass network, immediately notified Sega and the network customers after it found out about the breach on Thursday, Nagasawa said.
Lulz Security, a band of hackers that has initiated cyber attacks against other video game firms including Nintendo, has unexpectedly offered to track down and punish the hackers who broke into Sega’s database.