IT Security Newsletter

IT Security Newsletter - 9/12/2023

Written by Cadre | Tue, Sep 12, 2023

MGM Resorts takes systems offline as it investigates cyberattack

MGM Resorts International said it's investigating a cyberattack that forced the gaming company to shut down certain systems, in a Monday post on X, the social media site formerly known as Twitter. Multiple reports indicate guests are unable to use digital room keys, payment systems are not working and hotel restaurants can only accept cash. The company said it has notified law enforcement and brought in outside cybersecurity experts to assist in the investigation. READ MORE...

Huge DDoS attack against US financial institution thwarted

Akamai says it thwarted a major distributed denial-of-service (DDoS) attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month. The network traffic flood hit on September 5 against the unnamed finance giant Akamai describes as "one of the biggest and most influential US financial institutions." While it only lasted less than two minutes, it managed to spike to 633.7 gigabits per second with criminals using ACK, PUSH, RESET, and SYN flood attack vectors. READ MORE...

Save the Children feared hit by ransomware, 7TB stolen

Cybercrime crew BianLian claims to have broken into the IT systems of a top non-profit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data. As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang's description of its unnamed victim, looks to be Save The Children International. READ MORE...

'Redfly' hackers infiltrated power supplier's network for 6 months

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months. These new findings come from Symantec, who found evidence of ShadowPad malware activity in the organization's network between February 28 and August 3, 2023, along with keyloggers and specialized file launchers. READ MORE...

'Anonymous Sudan' Sets Its Sights on Telegram in DDoS Attack

After Telegram - the free, encrypted, cloud-based messaging service - initiated a suspension of hacker group Anonymous Sudan's primary account, the group has launched distributed denial-of-service (DDoS) attacks against the platform. The group has been active since the start of 2023 but rose to prominence after launching DDoS attacks against Microsoft 365, affecting Microsoft Azure, Outlook, and Teams, among others. READ MORE...

Facebook Messenger phishing wave targets 100K business accounts per week

Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. The attackers trick the targets into downloading a RAR/ZIP archive containing a downloader for an evasive Python-based stealer that grabs cookies and passwords stored in the victim's browser. READ MORE...

ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products

Siemens has published seven new advisories covering a total of 45 vulnerabilities affecting the company's industrial products. One of the advisories describes CVE-2023-3935, a critical vulnerability affecting Wibu Systems' CodeMeter software licensing and protection technology, which is used by several Siemens products, including PSS, SIMATIC, SIMIT, SINEC and SINEMA. READ MORE...

Wyze home cameras temporarily show other people's security feeds

A mishap has resulted in security feeds and camera logs from home cameras being temporarily visible online. Users of Wyze, makers of smart products and home cameras, fell victim to this bizarre incident sometime around September 8. One of the first posts about this appeared on Reddit, where a user highlighted that they were "seeing someone else's webcam feed". They'd logged onto the website to check their cameras and were met with someone else's dog in someone else's house. READ MORE...

  • ...in 1914, character actor Desmond Llewelyn, best known as MI6 quartermaster "Q" in seventeen of the James Bond films, is born in Monmouthshire, Wales.
  • ...in 1931, legendary country music singer George Jones is born in Saratoga, TX.
  • ...in 1933, Hungarian-born physicist Leo Szilard has an epiphany while crossing a rainy London street, leading him to first conceive of the nuclear chain reaction.
  • ...in 1952, drummer/lyricist Neil Peart of Canadian rock group Rush is born in Hamilton, Ontario.
  • ...in 1959, Bonanza premieres as the first regularly scheduled color TV program.