Reports claim casino guests and staff have had difficulties accessing room reservations, making transactions, and using key services. The management immediately initiated an emergency response protocol to contain the situation and mitigate the damage.

MGM Resorts International, the parent company of MGM Caesar, confirmed the attack in a press release issued this week. The statement noted that the company’s IT security teams were working tirelessly to restore normalcy. In the meantime, they assured customers that their personal and financial information remained secure due to advanced encryption protocols and immediate action taken to isolate the affected systems.

Local law enforcement and federal agencies have launched an investigation into the cyberattack. Their primary focus is on identifying the perpetrators behind this breach and determining their motives. The casino’s surveillance footage is expected to be a crucial piece of evidence in the ongoing investigation.

This incident serves as a stark reminder of the importance of cybersecurity measures, not only for corporations but also for the protection of customers’ sensitive information. As the investigation unfolds, MGM Resorts International has promised to keep its stakeholders and the public informed about any developments related to the cyberattack.

The following cybersecurity experts have provided their insights and thoughts.

James McQuiggan, security awareness advocate at KnowBe4:

Organizations work tirelessly to protect their infrastructure and data from cybercriminals. The challenge lies with the third-party service providers who can also access the network. If they have a different security culture and mindset, it can only be a matter of time before your organization succumbs to an attack. While cybersecurity occurs daily, a Third Party Risk Management program is crucial to assess vendors, security practices, controls, past breaches, and financial stability. Proactively managing third-party cyber risk is crucial for resilience. A robust TPRM program can pay significant dividends in the long run and will only lead to a data breach without one.

Darren James, a Senior Product Manager at Specops Software:

The post MGM and Caesars Casinos Suffer Massive Cyberattack appeared first on IT Security Guru.

Over the course of four years, Classiscam evolved from a relatively simple and straightforward scam into a highly sophisticated and globally reaching network. It involved at least 393 groups with approximately 38,000 participants engaging in phishing campaigns across 79 countries. These groups impersonated 251 different brands and raked in $64.5 million in ill-gotten gains, according to a new report released by Group-IB.

The vendor identified 1,366 separate Classiscam groups established between 2020 and the beginning of the current year. Victims of this scam typically suffered an average loss of $353.

As time passed, Classiscam schemes expanded to allow fraudsters to pose as both buyers and sellers of items, with many operations becoming automated. This automation lowered the barrier for entry, making it easier for new inexperienced participants to get involved.

Classiscam operations have also taken on a more corporate and hierarchical structure. They now employ Telegram bots and chats for coordination, swiftly creating phishing and scam pages. Many of these groups offer straightforward instructions and provide assistance to other users.

The scope of Classiscam schemes has broadened beyond classified ad sites, targeting online marketplaces and classified services. Scammers impersonate various entities, from classified and reservation websites to delivery services, real estate rentals, retail businesses, carpooling services, and bank transfer platforms. Phishing pages often include features for checking victims’ account balances and harvesting credentials through fake login pages, indicating continued evolution.

Similar to ransomware-as-a-service (RaaS) and other service-based criminal operations, sometimes referred to broadly as ‘Cybercrime-as-a-Service’ (CaaS), Classiscam allows hackers to multiply potential attacks without the need for extensive technical expertise. They simply need to invest in the necessary tools.

Victor Acin, KrakenLabs Manager at Outpost24 explains the cybercrime ecosystem: “The Classiscam fraud-as-a-service behaviour is very similar to the credential-stealing groups known as Traffers. These are organised groups of cybercriminals specialising in credential theft, typically organised on Telegram, they recruit affiliates and provide them with the tools and the knowledge they need to deploy malware, most commonly stealers. This is another great example of groups leveraging working business models in order to profit more efficiently.”

Crucially, this research unveils the rising popularity of third-party services and providers in the cybercriminal world. These tools allow for less specialised/skilled hackers to leverage powerful tools and infrastructure with malicious intent, across various methods of attacks (like phishing, DDOS, or malware).

The post Popular ‘As-a-Service’ Operations Have Earned Cybercriminals over $64m appeared first on IT Security Guru.

Driving Innovation

Organisations that maintain mature data practices in support of their modernisation initiatives consistently realise better business outcomes. As enterprises increasingly adopt cloud-based data lakehouses, erwin Data Modeler 12.5 rises to the occasion with enhanced capabilities to support seamless data deployment. The solution meticulously documents existing data sets, facilitating accurate and efficient migration to new cloud environments, thereby optimising data operations and fostering data-driven innovation.

“While it has always been important, proven by erwin Data Modeler’s 30 years in the market, data modeling is now experiencing a resurgence in its role in ensuring unwavering data integrity and governance, making it a crucial aspect for precision-driven AI and other enterprise applications,” said Heath Thompson, General Manager at Quest Software. “In today’s data-driven landscape, where information can be a powerful advantage or a liability, organisations are increasingly embracing erwin solutions to democratise data access across their entire organisation, unlocking a myriad of untapped benefits.”

In the era of AI advancement, organisations are rapidly embracing Al Large language models (LLMs) for transformative applications. LLMs, however, are only as effective as the data underpinning them. erwin Data Modeler emerges as a pivotal tool to navigate the challenges of deploying LLMs effectively by creating a foundation of data accuracy, democratising access to data and increasing literacy and efficient communication among stakeholders. By empowering business analysts to define precise data requirements for AI model training, erwin Data Modeler creates accurate and well-formatted data sets that power reliable AI results.

Key Enhancements in erwin Data Modeler by Quest 12.5:

1. Stakeholder Collaboration with ER360 Integration: erwin Data Modeler fosters seamless communication among business, IT, and data teams with its integration with ER360, an online collaboration platform. This encourages data-driven decisions, enabling business users to grasp data models and align them with the right intelligence. Enterprise glossaries facilitate effective communication by describing business language associated with specific data sets.

2. Enhanced Governance with Databricks Unity Catalog Integration: erwin Data Modeler seamlessly integrates with Databricks Unity Catalog, amplifying its governance capabilities across diverse data lakehouse environments. Customers can effortlessly classify structured and unstructured data, define permissions, and identify performance issues, ensuring meticulous data governance.

3. Boosted Data Visibility and Literacy with erwin Data Intelligence Integration: Close collaboration between erwin Data Modeler and erwin Data Intelligence offers comprehensive visibility of data assets and guidelines for their usage. Consistent data policies and best practices are implemented, elevating model quality and data operations efficiency.

4. Ensuring Data Model Quality with Enterprise Modeling Compliance Feature: erwin Data Modeler users can build and customise policies designed to standardize and review documentation, verify data compliance and monitor metadata quality, helping data stewards increase the accuracy of, and reduce the time it takes to maintain, high-quality data models.

To explore what’s possible with erwin Data Modeler by Quest 12.5:

● Visit the erwin Data Modeler product page https://www.erwin.com/products/erwin-data-modeler/.

● Watch the “What’s New in erwin Data Modeler 12.5” video https://www.erwin.com/video/introducing-erwin-data-modeler-125/

● Register for the webinar on September 27, 2023 to experience erwin Data Modeler 12.5 and other major enhancements https://www.erwin.com/event/driving-data-maturity-through-governance-quality-and-collaboration-with-erwin-data-modeler-125-by-quest/.

● Visit the erwin website to learn more about the full data intelligence offering www.erwin.com

The post Quest Software Update appeared first on IT Security Guru.

The breach compromised highly sensitive data including personal details of police personnel, confidential case files, and potentially even operational tactics. It is believed that the breach could extend to include information about ongoing investigations and undercover officers, posing a serious threat to law enforcement efforts.

Authorities have yet to ascertain the full extent of the breach, as the investigation is still in its early stages. The PSNI, in collaboration with cybersecurity experts, has immediately initiated measures to contain the breach and assess the damage. The National Cyber Security Centre (NCSC) has also been called in to provide expertise and support.

Commenting on the news and offering insight are the following cybersecurity experts:

Erfan Shadabi, cybersecurity expert at comforte AG:

A data breach can be a mess for any company or individual caught up in having sensitive PII or PHI apprehended and exposed. The news that the Police Service of Northern Ireland (PSNI) suffered a serious data breach that exposed vital police information is a stark reminder of the significant consequences that can result from poor cybersecurity practices. Such an incident erodes trust, impact individual safety, and incur heavy legal and regulatory consequences. All organisations should prioritise data-centric security measures, especially when sensitive data is concerned. By adopting robust data-centric security strategies, organisations can protect sensitive information at its core, mitigating the impact of potential breaches. Encrypted data, strict access controls, and continuous monitoring are essential components to safeguard personal data effectively.”

Camilla Winlo, head of data privacy at Gemserv:

“It looks like the Police Service of Northern Ireland (PSNI) personal data breach was caused by including excess information in a Freedom of Information request response. According to reports, the source data was included as well as the summary data that the requester asked for. That’s an easy mistake to make, so it’s particularly important to ensure there are good controls in place. In this case, reports suggest that the error was identified fairly quickly and the personal data file was removed within an hour. However it doesn’t take long for this kind of information to be accessed and potentially copied. In 2019 there was a somewhat similar breach, where excess personal data was published by the Cabinet Office along with the New Year’s Honours list. According to the ICO, in the 2 hours and 21 minutes this was available online, it was accessed 3,872 times.

In my opinion, requests for information under the Freedom of Information Act and data protection legislation should always be treated as potential personal data breaches and handled very carefully. They are designed to result in the provision of information that wasn’t previously accessible outside the organisation. It’s really important that organisations handling these requests carry out a risk assessment and consider what kinds of technical and organisational safeguards need to be put in place before the response is provided. In a case like this, where the personal data related to police officers and there is a known threat to those individuals, sensible controls could have included using business information systems that can create the summary statistics without allowing the underlying data to be extracted from the database, and checking that only summary information was included in the file for publication on the website.”

Pieter Arntz, Malware Intelligence Researcher, Malwarebytes

“As we sometimes see in data breaches, there was no malicious intent, but it was a case of human error. Human errors, however, are always enabled by some oversights in security measures or protocols that designed to depend on everyone knowing exactly what to do and what not to do.

You could compare it to the way many services depend on passwords. We expect people to keep track of hundreds of passwords that need to be so complex that they are impossible to remember. But at the same time, we blame these people if they write it down on a post-it or re-use the password for several sites.

Educating people has its boundaries, sometimes the underlying technology is just not right for the problem we are trying to solve.”

The post Major Story – Data Breach Exposes Sensitive Police Data In Northern Ireland appeared first on IT Security Guru.

In the rapidly evolving landscape of cybersecurity, companies are engaged in an ongoing battle against cyber criminals who are constantly innovating new tactics. As cyber threats become increasingly sophisticated, every organisation faces challenges such as a growing skills gap and resource constraints that hinder the operational efficiency of cyber defenders. 

Lookout SAIL’s functionalities focus on security education, platform navigation and security telemetry analysis. This gen AI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting. Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. Through its integration into Lookout’s existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness. 

Lookout SAIL capabilities include:  

• Platform navigation and operational efficiency: Speeds up onboarding to the Lookout platform, guiding new users through relevant platform features and answering onboarding questions within the chat feature. Users can easily “sail” around the platform to obtain answers, visualise results, and perform desired actions. 

• Example: “Help me add a new admin to the system.” 

• Security status: Allows users to ask questions about specific tenants and investigate their organisation’s security posture. 

• Example: “Find high and medium-risk iOS devices that have anti-phishing features enabled.” 

• Security education: Equips users with up-to-date industry knowledge on basic and emerging topics. 

• Example: “What is the difference between Secure DNS and On-Device VPN?” 

 “Lookout SAIL is a force multiplier for cyber defenders. It allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. It’s the start of a journey that fundamentally transforms how people interact with systems and information, touching everything from onboarding to training, as well as cybersecurity tasks like administration, policy creation, incident response, and threat hunting,” said Aaron Cockerill, Chief Strategy Officer, Lookout. “Think of Lookout SAIL as a helpful companion, providing useful information to the user and taking them directly where they need to be, even performing actions for the user on demand.” 

Lookout has a storied history with AI and machine learning. Since its founding 15 years ago, Lookout has treated mobile cybersecurity and anti-phishing as a Big Data problem — and one that requires machine learning to solve. The Company also applied the same strategy to security against insider threats and account takeovers, pioneering the use of machine learning to monitor user behaviour to prevent data leakage and exfiltration. 

The Company now has the world’s largest mobile security dataset. Lookout platform analyses telemetry from 215 million Android and iOS devices, 269 million apps from app stores worldwide and hundreds of millions of web destinations to uncover hundreds of phishing sites every day. This enables Lookout customers the ability to detect and respond to security threats in real-time on mobile endpoints and in the cloud. 

The post Lookout incorporates generative AI to support security professionals and boost security appeared first on IT Security Guru.

Having evaluated the opinions of 246 security professionals towards the NCSC Cyber Essentials framework at Infosecurity Europe 2023 (20 – 22 June), it is clear more works needs to be done to raise awareness for the UK government backed programme that aims to help UK organisations improve their cyber resiliency against the most common cyberattacks. There are two levels of certification provided by Cyber Essentials, a basic level and ‘plus’, which organisations can achieve when showing commitment to cyber security. Achieving the basic Cyber Essential certificate indicates the organisation knows how to prevent the vast majority of common cyberattacks. With Cyber Essentials Plus, there is an added hands-on technical verification and vulnerability scanning that is conducted on the systems used by the organisation.

The post Security professionals unaware of NCSC Cyber Essentials framework – Lookout appeared first on IT Security Guru.

“We are thrilled to welcome Ori to the Salt executive team,” said Roey Eliyahu, CEO and co-founder at Salt Security. “With his rich product and cyber experience, we look forward to extending our platform’s capabilities to meet new demands. By helping companies quickly identify and defend against API threats in runtime, while also hardening existing APIs, Salt empowers them to safely modernise their applications and bring to market innovative new business services.”

According to the State of the CISO 2023, 95% of organisations will make API security a priority over the next two years, a 12% increase compared from two years ago. Organisations have recognized the importance for purpose-built API security to safeguard digital initiatives and protect their and their customers’ sensitive data.

“It’s exciting to join Salt at such a pivotal stage of growth in the dynamic API security market,” said Ori Bach, executive vice president of product at Salt Security. “Salt is uniquely positioned to address growing API security needs with its time-tested AI-driven API security platform and proven track record delivering the most advanced and comprehensive API security solution. I look forward to bringing additional value for Salt customers through product enhancements and new capabilities as the company continues to grow.”

Prior to his arrival at Salt Security, Bach served as senior vice president of product at Mend (formerly WhiteSource), where he created a compelling product strategy that drove product growth and expansion of its product line. Before Mend, Bach held the role of vice president of product and CEO of TrapX Security (now a Commvault company), where he implemented a robust product roadmap and drove the product to adoption by some of the world’s largest enterprises and Series C investment. Bach has also held product leadership roles at IBM-Trusteer and at NICE Actimize. Bach holds a bachelor’s degree in law from Tel Aviv University.

The post Salt Security Appoints Ori Bach as Executive Vice President of Product appeared first on IT Security Guru.

It is believed the names, business names, phone numbers and emails of the participants in the survey were released on the parliament website in response to a question for a government cybersecurity report.

The report is part of a wider initiative that was launched in the wake of last year’s Optus and Medibank cyber attacks – two high-profiled attacks that impacted Australia significantly. Australia’s Cyber Wardens program – which went on to receive $23.4m in the May budget – is aimed at training small businesses and the workforce to be “cyber smart” and aware of possible cyber threats.

The following cybersecurity experts offered their insights on the incident:

Erfan Shadabi, cybersecurity expert at comforte AG:

The incident highlights the importance of adopting robust data-centric security measures to safeguard sensitive information effectively. As cyber threats continue to evolve, it is crucial for government agencies and businesses alike to prioritize data-centric security as a fundamental aspect of their cybersecurity strategy. Proactive measures are vital to safeguarding personal information, fostering a secure digital ecosystem for individuals and organizations alike.Data-centric security revolves around securing the data itself rather than solely focusing on perimeter defence. It involves implementing encryption, access controls, and data masking techniques, ensuring that even if a breach occurs, the data remains encrypted and indecipherable to unauthorized individuals.

Erich Kron, Security Awareness Advocate at KnowBe4:

The irony that data was leaked in response to a survey about cybersecurity should not be lost here. This simply illustrates how easy it is for organisations to accidentally become a party to an accidental disclosure of sensitive information. It goes without saying that collecting private information is a task that must be taken seriously at any time, however, when the topic related to the information collection is something like cybersecurity, it looks very bad indeed when the information is not protected.

Organisations often find that accidental information leakage or data breaches can significantly harm an organisation’s reputation, even if it is not at a large scale. The old adage that any press is good press, can certainly be proven false in this case.

The post Australian Home Affairs Leaks Sensitive Information Of Cybersecurity Survey Respondents appeared first on IT Security Guru.

The report combines empirical data from Salt customers and findings from two separate surveys to provide an in-depth analysis of the impact of API security threats and vulnerabilities on these industries. The report was compiled using data from their earlier Q1 2023 State of API Security Report, customer data, and the independent State of CISO 2023 survey, as well as vulnerability research from Salt Labs.

The results found that API attackers targeting financial services and insurance APIs have become increasingly active in the last 18 months, with a 244% increase in unique attackers between the first and second halves of last year. In addition, 92% of financial/insurance respondents say they have experienced a significant security issue in production APIs over the past year, and nearly one out of five have suffered an API security breach. Top findings include:

• 69% of financial services/insurance respondents say they have experienced rollout delays due to API security issues – 11% higher than the overall response average
• 84% of attacks against financial services/insurance sectors came from “authenticated” users who appeared legitimate but were actually attackers
• 71% of financial/insurance respondents say their existing tools are not very effective in preventing API attacks
• More than 25% of respondents say they have no current API strategy
• 17% of respondents have experienced an API-related security breach

Roey Eliyahu, CEO and co-founder of Salt Security, adds: “APIs are essential for the innovative digital services being delivered today by financial and insurance organizations. However, because these APIs transport sensitive customer and financial information, cyber criminals also know they share a wealth of data that can be leveraged for theft or fraud. The findings show these companies are suffering significant increases in attackers and other security issues, increasing their vulnerability to API-related incidents.”

API security breaches can cost businesses in fines, loss of customer trust, and reputational damage. Also costly are delays in application rollouts or rollbacks of new applications. Given the importance of digital services as a business driver in these industries, API security has become a critical issue, as highlighted by the following findings:

• 56% of financial services/insurance respondents say API security is now a C-level issue (8% higher versus the overall response average at 48%)
• 79% of financial services/insurance CISOs say that API security is a higher priority today than two years ago
• 76% of financial services/insurance CISOs say their organisations have made API security a planned priority over the next two years, with 13% saying it will be a critical priority

“Given the growing importance of APIs over the last several years for enabling modern businesses, it is surprising that API security has become mainstream only recently,” said Jeff Farinich, SVP technology and CISO at New American Funding. “The fact that security frameworks and regulations are slow to evolve is partly to blame, but I see hope on the horizon. The Federal Financial Institutions Examination Council (FFIEC), which usually takes years to issue a new mandate, in just one year explicitly called out APIs as a separate attack surface, requiring financial institutions to inventory, remediate, and secure API connections.”

Financial services/insurance respondents say they are not prepared or taking the right measures to protect APIs from threats:

• 28% of respondents – all with APIs running in production – say they have no current API strategy
• Just 13% of respondents consider their API security programs advanced
• 25% of respondents say their current API security strategy doesn’t focus enough time on documenting APIs
• Only 42% of respondents identify API security gaps during production/runtime, which is where actual attack activity occurs
• 42% of respondents have little confidence in understanding which APIs expose PII

Financial services/insurance respondents also cited outdated/zombie APIs as their number one API security concern at 48% – nearly 35% higher than second top API security concern cited, account takeover (ATO).

The full report can be read here.

The post Report Finds That 70% of Financial Services and Insurance Companies Have Suffered Rollout Delays Due to API Security appeared first on IT Security Guru.

“Raising awareness in the C-suite and connecting cybersecurity with business outcome has never been more critical. No matter the size of the organisation or what industry, every board and C-level discussion of security initiatives is driven by business impact. We’ve developed Outpost24 CORE to provide unified asset inventory and exposure insights, so that CISOs and executive leaders can be confident they are deploying security resources in the best possible way to protect their organisation from the biggest risks,” said Brendan Hogan, Chief Strategy Officer, Outpost24.

With actionable insight provided by Outpost24 CORE, a business will have information on its asset exposure, comprising not only infrastructure but application and user risk. The solution consolidates siloed vulnerability and threat intelligence data from different assessment tools into a single view, with a quantitative risk grading to help security teams understand, monitor and report on the progress and efficacy of their risk mitigation activities based on the likelihood of exploitation and business criticality.

Outpost24 CORE also allows organisations to group their IT assets and focus on how risks are controlled and mitigated across different technologies and business units to inform security resource and investment decisions.

Outpost24 CORE combines five important features that are fundamental to a successful Continuous Threat Exposure Management (CTEM) program, identified by Gartner as a top cybersecurity trend for 2023:

• Unified asset inventory for complete visibility
• Consolidated vulnerability data and their threat exposure
• Threat intelligence powered vulnerability prioritisation engine
• Business impact analysis and logic mapping
• External Attack Surface Management, following the recent acquisition of Sweepatic, for control and visibility over all assets exposed on the Internet

Outpost24 CORE is available now. For more information, please visit https://outpost24.com/

The post New Outpost24 CORE Solution Announced Bringing Visibility, Cyber Resilience & Threat Mitigation appeared first on IT Security Guru.