An alleged ransomware attack disrupted systems at MGM Resorts starting on Sept. 10, potentially putting sensitive financial and personal information in the hands of malicious actors.

Malware archive vx-underground posted on the night of Sept. 12 that the ALPHV/BlackCat ransomware gang had claimed responsibility for the attack, using social engineering to break into the systems, Cybernews reported.

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” vx-underground wrote on X (formerly Twitter). “A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”

Customers began reporting outages the night of Sept. 10. MGM has properties across the country—most notably in Las Vegas, but also in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio—that have been affected by the issue.

The company took its online systems down in the wake of the incident. ABC News reported Sept. 12 that MGM is working with the FBI to manage and investigate the incident.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Gaining SOC 2 compliance has a reputation for being…a whole lotta work. But when it’s handled the right way, SOC 2 compliance opens doors for your organization.

Achieve pain-free compliance with Thoropass. Their guide has everything you need to know about growing a successful—and fully compliant—business.

In this free guide, you’ll get to check out the latest research and insights from Thoropass’ compliance experts. And you’ll learn how maintaining your SOC 2 compliance helps you accelerate your business (and finish the fiscal year strong) by:

• speeding up your sales process
• opening up new enterprise markets
• reducing strain on your org’s resources

Thoropass’ solutions make maintaining compliance simple and worry-free, no matter what security frameworks you’re using. Upgrade today.

A compromised Microsoft corporate account was likely the access point through which allegedly Chinese government-backed hackers were able to stage an attack on US government inboxes, the company revealed in a recent blog post.

Microsoft Security Response Center (MSRC) team members wrote that their investigation into the attack by the threat actor, which they call Storm-0558, showed that the attackers gained initial access to Microsoft systems via an engineer’s email account. However, it took a series of previous errors for the hackers to actually obtain a Microsoft signing key that they could use to forge Outlook email authentication tokens for dozens of organizations, including the Departments of State and Commerce.

The MSRC team said it found that a Microsoft consumer key signing system crashed in April 2021, producing a system snapshot (a crash dump) for later analysis. Unknown to anyone, however, the snapshot included a copy of the signing key that automated systems repeatedly failed to detect.

The snapshot was then moved from a secure system to a debugging environment on Microsoft’s regular corporate network—a normal process that wouldn’t be a problem, according to MSRC, if there wasn’t a consumer signing key left inside it.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email tom[email protected]. Want to go encrypted? Ask Tom for his Signal.

If Mr. Tony slides into your DMs, leave him on read.

In a recent blog post, cybersecurity tool company Guardio warned virtual storefronts about seemingly innocuous Facebook messages that include malware capable of hijacking the recipient’s account.

The Vietnam-based operation—seemingly perpetrated by a group of Telegram bots linked to an administrator called MrTonyName—has clocked a “staggering” success rate by blasting out messages that ask businesses to open a file, sometimes disguised as a product the sender wants to buy.

If opened, the file drops a malicious payload that burrows into the user’s browsers, hoovering up saved cookies and credentials and ultimately logging the legitimate user out, according to the report.

The effects can be devastating. According to Guardio, this scam is aimed at “luring business owners to click on the malicious attachment, ultimately giving away their entire Facebook operation, and getting locked out for good.”

Keep reading here.—KG

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: $67.9 billion. That’s how much British chipmaker Arm is worth after a blockbuster IPO that may bode well for soon-to-be-public startups like Instacart. (the New York Times)

Quote: “We have to understand who our leaders and technical people are, and who can learn the new platforms and technologies being brought in and get things done…I eliminate roles, not people.”—Julia Anderson, Campbell’s chief technology and information officer at Campbell Soup Company, on corporate restructuring (CIO)

Read: Hotel check-in lines. Manual jackpot payouts. Cash-only show tickets. If you’re visiting Vegas this week, you might have to kick it old school thanks to the MGM cyberattack. (the Wall Street Journal)

Hit the gas: …on your business’s growth and lap the competition with SOC 2 compliance. Learn how compliance speeds up sales and helps you enter new markets with Thoropass’ SOC 2 guide. Start your engines.*

Digital defense: Ready to protect your tech like a pro? Learn how to take on cyber threats with Amir Tarighat and Mike Hanley at our free virtual event on Sept. 28. Snag your spot.*

^{*A message from our sponsor.}