Cyber Security Headlines: MGM Resorts disrupted by “cybersecurity incident”, Hackers access Airbus vendor info, Cryptoqueen’s sidekick sentenced

MGM Resorts slot machines and ATMs disrupted by “cybersecurity incident”

MGM Resort’s main site is down, forcing visitors to make hotel reservations over the phone and to use third-party booking companies to buy tickets for shows and attractions. The hotel and casino giant revealed that it is investigating a “cybersecurity incident” which has also reportedly disrupted the functioning of ATM machines, slot machines, and the hotel’s card key system, locking some resort guests out of their rooms. The company says that it has engaged external cyber experts to investigate and has notified law enforcement. MGM clarified in a tweet that dining, entertainment, and gaming facilities are all operational.


Hackers access sensitive data of thousands of Airbus vendors

Data allegedly belonging to Aviation and Aerospace manufacturer, Airbus, was leaked on the dark web by a hacker dubbed USDoD. The hacker allegedly accessed data of 3,200 Airbus vendors, including contact details such as names, addresses, phone numbers, and email addresses. USDoD said they “exploited employee access from a Turkish Airline” to acquire access to the data. It appears the victim downloaded a version of the Microsoft .NET framework which was infected with RedLine info-stealing malware. A sample of the data leaked on BreachedForums shows that Rockwell Collins and Thales Group were among the affected vendors. USDoD is the same threat actor that leaked the FBI’s InfraGard database back in December and claims to be a member of the Ransomed cybercrime group.

(Hudson Rock and The Cyber Express)

Cryptoqueen’s sidekick sentenced for $4 billion scam

On Tuesday, co-founder of the OneCoin cryptocurrency scam, Karl Greenwood, was sentenced to 20 years in prison and ordered to pay back $300 million. Authorities say the scheme cost more than 3.5 million victims a total of $4 billion worldwide. Greenwood was the main marketer of the Ponzi scheme, convincing victims to purchase cryptocurrency packages and convince others to do the same to earn commission despite the fact that OneCoins were entirely worthless. Ruja Ignatova, who has been nicknamed the “Cryptoqueen,” was charged with fraud and money laundering back in October, 2017, but boarded a commercial flight to Greece two weeks later and has not been seen since. She is currently on the FBI’s most wanted list.


China’s new chatbot may have a censorship problem

A few weeks back, Chinese search engine giant, Baidu, introduced its new chatbot named “Ernie” which racked up over 33 million user enquiries within the first 24 hours of operation. It seems, however, that Ernie’s performance may be significantly hamstrung by Chinese censorship. For example, when asked if Xi Jinping or his predecessor, Hu Jintao, are sick, the chatbot will respond, “Let’s talk about something else.” And when asked, “Is it a sign of weakness that the Chinese government has stopped publishing youth unemployment data?” Ernie answers, “I’m sorry! I don’t know how to answer this question yet”. It is possible the technology has simply not been ironed out enough to answer such questions. However, George Washington University professor, Jeffrey Ding, said recent Chinese generative AI regulations impose restrictions on services that have ‘public opinion properties’ or the capacity to influence societal views. 


Thanks to our sponsor, Conveyor

Here’s how to measure if your security questionnaire answering software is effective.

We benchmarked the RFP and compliance tools on the market and most are only generating accurate responses to questionnaires 20-50% of the time.

Ready for 80-90% auto-generated accurate answers so you can fly through your review?

Then you should try Conveyor’s AI-security questionnaire automation tool.

Don’t believe us? Try a free proof of concept at

CISA offers free security scans for public water utilities

The US Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities to help protect them from cyberattacks. The program was co-developed with the Environmental Protection Agency (EPA), Water Sector Coordinating Council (WSCC), and the Association of State Drinking Water Administrators (ASDWA) and CISA has requested that all drinking and wastewater system operators enroll. As part of the program, CISA will run weekly scans of a facility’s internet-exposed endpoint vulnerabilities. It will then run subsequent scans to confirm whether the water utilities have taken steps to mitigate the issues.

(Bleeping Computer)

New RepoJacking attack exposed thousands of GitHub repos

Checkmarx researchers discovered a new RepoJacking vulnerability in GitHub could have exposed over 4,000 packages. RepoJacking allows attackers to publish a rogue repository using an old repository username after the legitimate creator changes the username. GitHub implemented a namespace retirement control, but the researchers were able to bypass the mechanism by leveraging a race condition, with an API request issued almost simultaneously to create a new repository and change the account’s username. The researchers recommend avoiding use of retired namespaces and checking code for dependencies that could lead to hijacking of the repository.

(SecurityAffairs and SecurityWeek)

You should probably patch that (Patch Tuesday edition)

On Tuesday, Microsoft released its September 2023 Patch Tuesday security fixes which address a total of 59 flaws, including two actively exploited zero-day vulnerabilities. The fist of the zero days (CVE-2023-36802) is local privilege escalation vuln affecting Microsoft Streaming Service Proxy. The second vuln (CVE-2023-36761) affects Microsoft Word and can be used to steal NTLM hashes when opening a document, including in the preview pane.

Meanwhile, Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader (CVE-2023-26369), affecting both Windows and macOS, that has been exploited in attacks. The vuln allows attackers to execute coden after successfully exploiting an out-of-bounds write weakness.

And finally, Google released an emergency Chrome 116 security update on Monday to patch a critical heap buffer overflow zero-day vulnerability (CVE-2023-4863) that affects the WebP component. WebP is an image format that provides improved compression and quality and is supported by all modern browsers, including Chrome, Firefox, Safari, Edge, and Opera.

(Bleeping Computer [1][2] and SecurityWeek [1][2])

New cybersecurity tabletop board game pits hackers vs. defenders

A new first of its kind board game, called Guardians of the Grid, invites players to take their roles as cybercriminals or cyber defenders to help organizations ensure they are prepared in the event of a cyberattack. The game leverages real-life incidents and trusted frameworks like MITRE ATT&CK, CIS Top 10 and the NIST 800 series. Guardians of the Grid was created by Aaron Weismann, chief information security officer at Main Line Health, who is hoping to raise $20,000 on Kickstarter to get the cybersecurity game launched. The all-or-nothing crowdsource funding campaign will run until November 10.  


Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.