MGM Hacked and its bad ๐Ÿšจ

Sep 15 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether hackers know that the house always wins. Somebodyโ€™s fixing to get their hand smashed with a hammer ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!!!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches!! ๐Ÿฃ๐Ÿฃ๐Ÿฃ

๐Ÿ”ย Microsoft has released software fixes for 59 bugs in its products, including 2 zero-day flaws under active attack.

Among the vulnerabilities, 5 are Critical, 55 are Important, and 1 is Moderate in severity. Notably, the update includes a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format in the Chromium-based Edge browser.

๐Ÿ‘พ The two actively exploited Microsoft vulnerabilities are:

  • CVE-2023-36761 (CVSS 6.2) – Microsoft Word Information Disclosure Vulnerability.

  • CVE-2023-36802 (CVSS 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability.

๐Ÿ“ข Google has issued out-of-band security patches for a critical flaw in Chrome (CVE-2023-4863) exploited in the wild, the fourth zero-day addressed this year.

๐ŸฆŠ Mozilla released updates to fix a critical zero-day vulnerability (CVE-2023-4863) in Firefox and Thunderbird also exploited in the wild. Apple patched two actively exploited security holes.

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿ‘จโ€๐Ÿ’ป Hackers try their luck in Vegas. MGM cyberattack standoff hits day 5 ๐Ÿ‘€

  • ๐Ÿ–ฅ๏ธ Microsoft: phishermen are out in force and their eyeing up corporate Teams ๐Ÿ”ญ

  • ๐Ÿ† Chastity cages are vulnerable to hackers. If you donโ€™t know, donโ€™t google ๐Ÿ˜ฌ

Hackers raise the stakes but MGM doubles down ๐Ÿฟ๐Ÿ™ˆ

๐Ÿ” MGM Resorts Battles Cyberattack Outage ๐Ÿ”“

MGM Resorts, known for its Las Vegas Strip properties like Bellagio and Aria, faces a prolonged outage following a cyberattack. ๐Ÿจ๐Ÿ’ป Guests report ATM and slot machine issues, digital key card problems, and disrupted electronic payments. The outage, now in its fourth day, has forced staff to use pen and paper and left TVs and phones inoperable in hotel rooms.

๐Ÿฆ  Cyberattack Origin ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Scattered Spider, a hacking group linked to the ALPHV ransomware gang, claims responsibility for the MGM breach. The same group reportedly targeted Caesars Entertainment, leading to a $30 million ransom payment to prevent stolen data disclosure. Caesars confirmed the breach and the theft of sensitive customer data.

๐Ÿคฏ Unusual Culprits ๐ŸŽฎ

Scattered Spider, characterised by a high number of minors in its ranks, employs social engineering tactics, like exploiting LinkedIn and contacting help desks to gain access. Experts emphasise that these are Western hackers, recruiting minors due to lenient legal consequences.

๐Ÿ•ต๏ธโ€โ™‚๏ธ Investigation Ongoing ๐Ÿ•ต๏ธโ€โ™€๏ธ

While the FBI investigates both incidents, authorities advise against ransom payments.

Stay safe, and don't fall prey to cyber threats! ๐Ÿ’ก๐Ÿ›ก๏ธ

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Itโ€™s Teaming with phish ๐Ÿ˜

๐Ÿšจ Microsoft Alerts About Teams-Based Phishing Campaign ๐ŸŽฃ

Microsoft has issued a warning regarding a new phishing campaign conducted by an initial access broker, using Teams messages as bait to infiltrate corporate networks. The campaign is tracked as Storm-0324 (also known as TA543 and Sagrid).

๐Ÿ” How It Works ๐Ÿ“†

Starting from July 2023, Storm-0324 has been observed distributing payloads through Microsoft Teams chats using open-source tools, marking a shift away from email-based initial infections. Storm-0324 serves as a payload distributor, enabling the spread of various malicious payloads, including downloaders, banking trojans, ransomware, and more.

๐Ÿฆ  Evading Detection ๐Ÿ•ต๏ธโ€โ™‚๏ธ

This campaign employs evasive techniques, including traffic distribution systems like BlackTDS and Keitaro to redirect victims to malicious download sites while evading detection by certain security solutions.

๐Ÿ’ผ Phishing Tactics ๐Ÿ“ค

The attackers have updated their tactics as of July 2023, sending phishing lures via Teams with malicious links leading to SharePoint-hosted ZIP files. They use an open-source tool called TeamsPhisher to exploit vulnerabilities, similar to tactics used by APT29 (aka Midnight Blizzard) in May 2023.

๐Ÿ”’ Microsoft's Response โœ‹

Microsoft has enhanced security measures to block this threat, suspending accounts and tenants linked to fraudulent activity. The goal is to prevent more dangerous follow-on attacks, like ransomware.

๐ŸŒ Ransomware Landscape ๐Ÿ’ป

Ransomware attacks are on the rise in 2023. The U.K. National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlight the importance of cyber hygiene, as most attacks result from opportunistic initial access.

Stay vigilant and practise good cyber hygiene to protect against evolving threats! ๐Ÿ›ก๏ธ๐Ÿ“ง

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • โœˆ๏ธ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.

  • ๐ŸŒย Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.

  • ๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

Major c*ck up ๐Ÿ’€

๐Ÿค Privacy Blunder: Chastity Device Data Exposure ๐Ÿ˜ณ

A rather intimate tech mishap unfolded recently, involving a company that manufactures a chastity device (like a cage sort of thing) for people with penises (men). ๐Ÿ†๐Ÿ’ป

This device, which can be controlled remotely over the internet by a partner (or mistress), inadvertently exposed users' sensitive information, including email addresses, plain-text passwords, home addresses, and even GPS coordinates! ๐Ÿก๐ŸŒ๐Ÿ™ˆ๐Ÿ™ˆ๐Ÿ™ˆ

๐Ÿ” The Security Researcher's Discovery ๐Ÿ”

An anonymous security researcher uncovered this data breach, gaining access to records of over 10,000 users through two vulnerabilities. He alerted the company in June 2023, urging them to fix these issues and protect user data. However, the company has yet to address the problems and ignored TechCrunch's requests for comment.

๐Ÿ•ต๏ธโ€โ™‚๏ธ Easy to Exploit ๐Ÿ˜ฌ

The researcher expressed concerns about the ease with which these vulnerabilities could be exploited and the company's apparent irresponsibility. He defaced the company's website on August 23 to warn them and users about the risks. Sadly (or hilariously), the flaws remain unresolved.

Welcome to 2023, folks ๐Ÿ™ƒ Have a good weekend and see you on Monday ๐Ÿ‘

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles