MGM Resorts takes systems offline as it investigates cyberattack

The company restored full operations to dining, gaming and entertainment venues Monday night, following earlier reports payment systems, digital room keys and reservations systems were down at multiple properties. 

Updated Sept. 12, 2023

High-profile CVEs turn up in vulnerability exploit sales

Flashpoint observed 27 vulnerability exploits listed for sale or purchased on the dark web during the first half of the year. One-third were linked to Microsoft products.

IronNet considers bankruptcy after it furloughs most workers

The furloughs will effectively end most of the cybersecurity firm’s operations unless it can find additional sources of liquidity.

White House mulls rating system to boost cybersecurity for critical infrastructure

Anne Neuberger, deputy national security advisor for cyber, told the Billington Cybersecurity Summit that a new ransomware summit is set and updated a consumer labeling push for IoT.  

Cisco BroadWorks vulnerability snags highest CVSS score

There are no workarounds for the vulnerability, which could expose confidential data if exploited by a threat actor with forged administrative access.

CISA director: Critical infrastructure cyber incident reporting rules almost ready

The Cybersecurity and Infrastructure Security Agency is in the final stages of work on the reporting requirements included in a March 2022 law.

Aviation sector organization hit by exploit of CVE duo

Cybersecurity authorities investigated the attack by multiple threat actors who exploited known CVEs in Zoho and Fortinet products.

Generative AI, contactless tech make hotels vulnerable to cyberattacks

Guest and worker turnover, as well as new technology adoption, make the hospitality industry an appealing target for cybercriminals, according to Trustwave SpiderLabs.

BEC phishing kit hits thousands of Microsoft 365 business accounts

Threat actors used the W3LL phishing kit to target more than 56,000 accounts, ultimately compromising 14% of them since last October, Group-IB found.

CISA creates voluntary ed tech pledge to boost K-12 cybersecurity

Companies signing the agreement are urged to commit to encouraging the use of multifactor authentication and public vulnerability disclosure.

Microsoft crash dump exposed key that led to US cabinet email hacks, investigation finds

A China-based threat group used the key to access a Microsoft engineer’s corporate account and, later, compromised more than two dozen customer email accounts.

Cybersecurity investments boost profitability, resilience: White House

Expenditures on resilience will help companies reduce downtime, Acting National Cyber Director Kemba Walden said at the Billington Cybersecurity Summit.

Okta customers’ IT staff duped by MFA reset swindle

IT workers at four organizations using Okta were successfully hit by a consistent pattern of social engineering attacks.

SEC cyber disclosure rules put CISO liability under the spotlight

Security executives find themselves in the eye of the needle as governance and incident response come into focus.

Top 5 behaviors of successful CISOs: Gartner

Successful CISOs are at least 1.5 times more likely to engage with emerging technologies and colleagues beyond traditional business functions, a survey shows.

Barracuda patch bypassed by novel malware from China-linked threat group

Mandiant uncovered a months-long cyber espionage campaign targeting high value government entities and technology firms in the U.S. and abroad.

Malwarebytes, within a week, acquires a company and reportedly cuts staff

The layoffs underscore significant alterations afoot in the security sector, as the industry’s largest vendors claim share from smaller rivals.

SEC cyber disclosure rules are taking effect: Here’s what to expect

With enforcement on the horizon, much of the SEC's rules for material disclosures are subject to interpretation.

CrowdStrike soars on security tool consolidation demand

CEO George Kurtz said the company will consider potential acquisition targets as M&A discussions heat up across the industry.

US leads takedown of Qakbot malware, which automated initial infections

The botnet and malware had infected more than 700,000 computers worldwide and was linked to the abuse of OneNote files.

Mandiant blends Google Cloud, AI to automate threat hunting

Google Cloud is bringing Mandiant’s threat hunting intelligence to customers’ Chronicle environments and infusing Duet AI across its security portfolio.

MOVEit attack victim count surpasses 1,000 organizations

Months after the campaign was discovered, victims are still coming forward and, in most cases, breaches at third-party vendors are to blame.

Cyber insurance providers increase scrutiny on enterprise risk, report finds

Policyholders face higher costs and additional exclusions, even as the market stabilizes, a study on behalf of Delinia found.

Corporate boards expand cybersecurity risk oversight, report finds

A study from EY shows Fortune 100 CISOs more closely engaged with the board of directors and C-suite.

Prospect Medical stolen data listed for sale by emerging ransomware group

Rhysida claims it stole more than 500,000 Social Security numbers, financial, legal and medical files. And it’s all for sale on the dark web.