Data Breaches

The US Securities and Exchange Commission is launching its own investigation into the vulnerability in Progress Software’s MOVEit transfer tool that exposed data from more than 2,000 organizations and 60 million individuals. Tracked as CVE-2023-34362, the flaw was exploited as a zero-day by the notorious Russia-linked Cl0p ransomware group to steal data from organizations using the MOVEit Transfer managed file transfer (MFT) software. Of the victim organizations, roughly 900 are schools in the United States,…

Read More

Hospitality and entertainment giant MGM Resorts said costs from last month’s debilitating ransomware infection has exceeded $110 million, including $10 million in one-time consulting clean-up fees. In an SEC 8-K filing, MGM Resorts said the data-extortion attack caused operational disruptions, especially in its Las Vegas properties, and an estimated financial toll that includes about $100 million in lost revenue. MGM Resorts, which manages prominent hotels like Mandalay Bay (site of the Black Hat security conference),…

Read More

Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards, the second such cyberattack to affect a major British police force in less than a month. Details on identity badges and warrant cards, including names, photos and identity numbers or police collar numbers, were stolen in the ransomware attack, Greater Manchester Police said Thursday. The third-party supplier was not identified. The force…

Read More

Hospitality and entertainment giant MGM Resorts on Monday said a “cybersecurity issue” forced the shutdown of certain computer systems, including the websites for some of the biggest Las Vegas and New York properties. A brief note posted to X (the website formerly known as Twitter) said external cybersecurity experts and law enforcement are involved in an investigation that has all the hallmarks of a ransomware extortion attack. Here’s the full MGM Resorts statement: “MGM Resorts…

Read More

Microsoft has published a post-mortem detailing multiple errors that led to Chinese cyberspies hacking into US government emails, blaming the embarrassing incident on a crash dump stolen from a hacked engineer’s corporate account. The crash dump, which dated back to April 2021, contained a Microsoft account (MSA) consumer key that was used to forge tokens to break into OWA and Outlook.com accounts. “Our investigation found that a consumer signing system crash in April of 2021…

Read More