News

23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach

Dan Virgillito
October 9, 2023 by
Dan Virgillito

Hackers scrape 23andMe private user data using credential stuffing, MGM resorts suffer a $100 million hit from a ransomware attack and the Azure VM breach. Catch all this and more in this week’s edition of Cybersecurity Weekly.

Top Security Awareness Posters

Top Security Awareness Posters

Download our collection of free posters and use them to keep security at the forefront of your employees' minds.
 

1. Genetics firm 23andMe attributes user data leak to credential stuffing

23andMe recently acknowledged that user info from its platform was scraped and listed on hacking firms. The company attributes the leak to a credential stuffing attack, revealing that threat actors leveraged exposed credentials from other breaches to infiltrate user accounts. Notably, hackers first exposed data on a million customers and then offered to sell bulk data profiles for $1 to $10 per account. For reinforced safety, 23andMe recommends using two-factor authentication and fresh passwords for every platform.

Read more »

2. MGM Resorts expected to suffer a $100 million loss from ransomware attack

Last week, MGM Resorts reported a $100 million ransomware hit due to a September cyberattack that exposed customer data. The attack affected MGM's website, reservation system and in-casino services. Scattered Spider, linked to the BlackCat/ALPHV ransomware group, executed the breach using social engineering. The fallout disrupted various MGM operations, but the company anticipates its cybersecurity insurance will cover the losses. MGM has restored most systems and offers affected customers free credit monitoring, urging them to watch for suspicious communications.

Read more »

3. Hackers use breached SQL servers to target Azure cloud VMs

Microsoft has uncovered a recent attack where adversaries aimed to penetrate Azure cloud resources via an SQL Server instance. Attackers began by exploiting an SQL injection vulnerability in an application, granting them increased permissions on a Microsoft SQL Server in Azure Virtual Machine. They then tried to spread to more cloud assets using the server's cloud identity. However, Microsoft confirmed the attackers didn't succeed in this lateral movement. This attempt marks a rising sophistication in cloud attack methods, emphasizing the importance of securing cloud identities to safeguard SQL Server instances.

Read more »

4. Chinese threat actors target semiconductor firms using Cobalt Strike

EclecticIQ recently identified a cyberespionage campaign targeting Chinese-speaking semiconductor companies. Using TSMC-themed lures, the attackers infected these firms with Cobalt Strike beacons. Intriguingly, the techniques observed resonate with those previously associated with Chinese government-supported threat groups. Although EclecticIQ hasn't clarified the initial compromise route, evidence points to spear-phishing and tools like the HyperBro loader as the likely vectors.

Read more »

5. Critical TorchServe flaws put thousands of AI servers at risk

Oligo Security recently identified three severe vulnerabilities in TorchServe, a widely-used AI tool. Labeled "ShellTorch," these flaws allow attackers unauthorized access and potential server takeovers. Two vulnerabilities, CVE-2023-43654 and CVE-2023-1471, ranked 9.8 and 9.9 on the CVSS severity scale, facilitate remote code execution. Major companies using TorchServe, including Amazon and Google, face exposure to these risks. Amazon has urged users to apply updates to resolve these issues immediately.

Read more »

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.