Crooks target Facebook Messenger accounts of businesses, a warning to IT support staff and more.

Welcome to Cyber Security Today. It’s Wednesday, September 13th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Crooks are targeting the Facebook Messenger accounts of companies. They’re doing it with fake business inquiries that have malicious attachments. Researchers at Guardio say a Vietnam-based group is behind this campaign. The goal is to get victims to click on the attachment so the hacker can take over the company’s Facebook account. Then they can spread more malicious attachments to unsuspecting people who trust the account’s brand. The crooks may also get access to the original owner’s bank and e-commerce accounts. Those who have or oversee Facebook accounts for companies need to be suspicious of any message that includes an attachment.

IT service desk staff of American organizations that use access management solutions from Okta are being targeted by threat actors. According to researchers at KnowBe4, the goal is to convince these employees to reset all multifactor authentication codes of a highly-privleged user. Then the attackers can take over Okta Super Administrator accounts and infiltrate the organization. The threat actors appeared to either know the passwords of privleged user accounts or can manipulate authentication in Active Directory. Another tactic is to impersonate an identity management provider using a phony app. It’s imperative that IT support staff be trained to not fall for scams like this.

The website for MGM Resorts remained closed late Tuesday after the company said it was dealing with a cyber attack. The attack was detected Sunday morning. While all of the chain’s resorts are open, for a time guests couldn’t charge purchases to their rooms, restaurants were only taking cash and digital hotel room keys weren’t working.

GitHub has fixed a vulnerability in its repository creation and username renaming function. Without the fix threat actors could have — and perhaps have — hijacked a repository to distribute malicious code to unsuspecting developers. The problem was discovered by researchers at Checkmarx. They say its the fourth time a vulnerability in GitHub’s repository namespace retirement process was found. Briefly, the vulnerability opens when a developer changes their namespace, which is the combination of a username and repository name. Under certain conditions the old username then became available to anyone. And if that anyone is a threat actor they could take over the account. This is called Reprojacking. To stop this developers are urged to avoid using retired namespaces

Delaware has become the latest U.S. state to adopt a privacy law for businesses of a certain size. However, residents will have to wait until it comes into effect on January 1st, 2025 before they can take advantage of their new rights. Companies that do business in the state will be forbidden from selling the data they collect from children under the age of 18. That’s a new age limit in the U.S. Consumers will have the right to know if a business possesses their personal data, to demand businesses correct inaccuracies in the data, to request that businesses delete their data and to obtain a copy of the personal data a business might have stored.

If you use the Chrome browser, note that Google issued security patches on Monday to close a zero-day vulnerability. At the same time Apple issued fixes to patch vulnerabilities in iOS, iPadOS and macOS.

Mozilla also issued patches for Firefox and the Thunderbird email client.

More on patching: Yesterday was Patch Tuesday, the monthly day when Microsoft and a number of other companies release software security patches. Microsoft issued patches for 59 vulnerabilities, including five critical severity issues in Windows, .Net, Visual Studio and Azure.

Adobe released patches for Acrobat and Reader.

SAP released 18 new and updated SAP security patches, including five HotNews Notes and two High Priority Notes. Administrators should be aware that two Security Notes have CVSS scores of 9.9 on a scale of 10, while a third has a score of 9.8.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.