IT Security Newsletter - 9/26/2023
MGM Resorts warns customers of fraud as it faces class action lawsuits
MGM Resorts is facing class action litigation in two separate lawsuits filed in U.S. District Court in Nevada in connection with the cyberattack launched against the company earlier this month. The suits, filed Thursday, allege the company was negligent and gained unjust enrichment for failing to protect the personal data of MGM Resorts customers from the alleged social engineering attack. READ MORE...
Royal lurked in Dallas' systems weeks before ransomware attack
The Royal ransomware group intruded Dallas' systems and surveilled and exfiltrated data for a month before it initiated a ransomware attack that threw city operations into disarray last spring, the city said Wednesday in a post-attack report. The prolific ransomware group, which was linked to a spree of attacks in the Dallas metro area, established a foothold in the city's domain service account. READ MORE...
$200 Million in Cryptocurrency Stolen in Mixin Network Hack
Peer-to-peer digital asset transactional network Mixin Network has suspended deposits and withdrawals after hackers stole $200 million. The Hong Kong-based platform uses a cross-chain transfer protocol that enables cheaper and more efficient transfers, including via phone numbers, but relies on a centralized database, which was targeted by the attackers. READ MORE...
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a cybercrime group claimed to have compromised the company's systems, offering to sell stolen data. A representative of the Japanese electronics and entertainment giant told SecurityWeek that it's currently investigating the situation and has no further comments at this time. The probe was launched after a relatively new ransomware group named RansomedVC listed Sony on its Tor-based website, claiming to have compromised all Sony systems. READ MORE...
iOS 17 update secretly changed your privacy settings, here's how to set them back
Many iPhone users who upgraded their iPhones to the recently-released iOS 17 will be alarmed to hear that they may have actually downgraded their security and privacy. That's because Apple took the opportunity to make a change to users' privacy settings - without asking for permission, and without even notifying users it was doing so. Two researchers revealed that upgrading to iOS 17 can silently re-enable two privacy options that security experts have recommended users switch off. READ MORE...
Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. Openfire is a widely used Java-based open-source chat (XMPP) server downloaded 9 million times and used extensively for secure, multi-platform chat communications. The flaw is an authentication bypass impacting Openfire's administration console, allowing unauthenticated attackers to create new admin accounts on vulnerable servers. READ MORE...
MOVEit Flaw Leads to 900 University Data Breaches
National Student Clearinghouse, a nonprofit that provides enrollment and other services for thousands of colleges and universities across North America, is the latest organization breached by the MOVEit flaw. The organization put out a list of impacted institutions filled with nearly 900 schools. The statement added that the threat actors were not able to access anything outside its MOVEit environment, which has been rebuilt inside the organization to protect against similar cyberattacks. READ MORE...
- ...in 1774, legendary conservationist and missionary John Chapman, aka "Johnny Appleseed", was born in Leominster, MA.
- ...in 1960, the first-ever televised presidential debate takes place between candidates Richard M. Nixon and John F. Kennedy.
- ...in 1966, the first Chevrolet Camaro appeared.
- ...in 1969, the last studio album by the Beatles, "Abbey Road", is released.