Take a look at this week's Cyber Weekly Digest for a rundown of the latest cyber security news from across the globe, including the highly publicised attacks on MGM Resorts and Caesars Palace. Keep reading to stay up to date on our top news picks from the week.
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations earlier this week, forcing the company to shut down IT systems. The BlackCat ransomware group claims they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure. Researchers have reported that the breach happened through a social engineering attack. It has also been reported that the same threat actors breached Caesars Palace, who have reportedly paid the $30 million ransom demand. The threat actors claim that MGM Resorts remained silent on the provided communication channel, indicating that the company has no intention to negotiate a ransom payment.
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. The vulnerabilities allow an attacker to 'apply' privileges, which makes it possible to interact with the Kubernetes API to inject arbitrary code that will be executed on remote Windows machines with SYSTEM privileges. Patches for the vulnerabilities were released at the end of August.
An infamous threat group connected to the North Korean state has been blamed for a major attack on cryptocurrency exchange CoinEx on Tuesday. CoinEx stated that on September 12, it had "detected anomalous withdrawals from several hot wallet addresses used to store CoinEx's exchange assets." After investigating, the firm said the cause of the incident had been a hot wallet private key that got into the wrong hands. Funds were withdrawn in nine different cryptocurrencies, costing roughly $53m. CoinEx said it had suspended deposits and withdrawals of all crypto assets and temporarily shuttered its hot wallet server.
Microsoft has reported that an Iranian-backed threat group has targeted thousands of organisations in the US and worldwide in password spray attacks since February 2023. The group associated is tracked as APT33 (or Peach Sandstorm, HOLMIUM, or Refined Kitten) and has been active since at least 2013. Following successful password spray attacks, the APT33 hackers used the AzureHound or Roadtools open-source security frameworks for reconnaissance across the victims' Azure Active Directory and to harvest data from their cloud environments. They also used compromised Azure credentials, created new Azure subscriptions on the victims' tenants, or abused Azure Arc for persistence purposes to control on-premises devices within the victims' network.
Microsoft has released software fixes to remediate 59 flaws spanning its product portfolio, including two zero-day flaws that have been actively exploited. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are CVE-2023-36761 (CVSS score: 6.2) - Microsoft Word Information Disclosure Vulnerability and CVE-2023-36802 (CVSS score: 7.8) - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability.