23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
Hackers scrape 23andMe private user data using credential stuffing, MGM resorts suffer a $100 million hit from a ransomware attack and the Azure VM breach. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Genetics firm 23andMe attributes user data leak to credential stuffing
23andMe recently acknowledged that user info from its platform was scraped and listed on hacking firms. The company attributes the leak to a credential stuffing attack, revealing that threat actors leveraged exposed credentials from other breaches to infiltrate user accounts. Notably, hackers first exposed data on a million customers and then offered to sell bulk data profiles for $1 to $10 per account. For reinforced safety, 23andMe recommends using two-factor authentication and fresh passwords for every platform.
2. MGM Resorts expected to suffer a $100 million loss from ransomware attack
Last week, MGM Resorts reported a $100 million ransomware hit due to a September cyberattack that exposed customer data. The attack affected MGM's website, reservation system and in-casino services. Scattered Spider, linked to the BlackCat/ALPHV ransomware group, executed the breach using social engineering. The fallout disrupted various MGM operations, but the company anticipates its cybersecurity insurance will cover the losses. MGM has restored most systems and offers affected customers free credit monitoring, urging them to watch for suspicious communications.
3. Hackers use breached SQL servers to target Azure cloud VMs
Microsoft has uncovered a recent attack where adversaries aimed to penetrate Azure cloud resources via an SQL Server instance. Attackers began by exploiting an SQL injection vulnerability in an application, granting them increased permissions on a Microsoft SQL Server in Azure Virtual Machine. They then tried to spread to more cloud assets using the server's cloud identity. However, Microsoft confirmed the attackers didn't succeed in this lateral movement. This attempt marks a rising sophistication in cloud attack methods, emphasizing the importance of securing cloud identities to safeguard SQL Server instances.
4. Chinese threat actors target semiconductor firms using Cobalt Strike
EclecticIQ recently identified a cyberespionage campaign targeting Chinese-speaking semiconductor companies. Using TSMC-themed lures, the attackers infected these firms with Cobalt Strike beacons. Intriguingly, the techniques observed resonate with those previously associated with Chinese government-supported threat groups. Although EclecticIQ hasn't clarified the initial compromise route, evidence points to spear-phishing and tools like the HyperBro loader as the likely vectors.
5. Critical TorchServe flaws put thousands of AI servers at risk
Oligo Security recently identified three severe vulnerabilities in TorchServe, a widely-used AI tool. Labeled "ShellTorch," these flaws allow attackers unauthorized access and potential server takeovers. Two vulnerabilities, CVE-2023-43654 and CVE-2023-1471, ranked 9.8 and 9.9 on the CVSS severity scale, facilitate remote code execution. Major companies using TorchServe, including Amazon and Google, face exposure to these risks. Amazon has urged users to apply updates to resolve these issues immediately.
Phishing simulations & training
In this Series
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
