Summary:
MGM resorts suffered significant losses from a cyber attack. The ransomware group ALPHV, reputedly skilled in social engineering attacks, says that they used LinkedIn to identify employees and leveraged that into a phone call that resulted in access to the systems.

Although the resorts themselves remained open, their reservation systems and gaming machines were affected.

Summary:
Hackers were able to leverage hacked 23andMe accounts with DNA results into an exploit that revealed the relationships among as many as 30% of the users. Because each DNA analysis is linked to thousands of relations, only 14K initial hacked accounts were needed to span 5.5 million accounts. This exponential feature of relationships shows is a vivid reminder of how networks, be they social or genetic or organizational, can be thoroughly navigated by having only a very few entry points.

The article does not claim that any personal information other than genetic matches was revealed, but the relationships, even if identified only by user names, potentially could be amplified into privacy compromises of some magnitude.

Summary:
Proposed EU rules for"smart devices" and Internet connected devices put more responsibilities on manufacturers to ensure that their products and secure and remain so. Manufacturers would be required to "assess the cybersecurity risks of their products and take measures to fix problems for a period of five years or through the expected lifetime of the products."

Manufacturers would prefer to address vulnerabilities as they are found, rather than conduct assessments. They argue that there are not enough experts to do the work, and if the rules go into effect, it will cause large delays in bringing products to market.

Summary:
The Industrial and Commercial Bank of China has a financial services division that clears transaction with foreign banks, including US Treasury trades. Those trades were disrupted by a day or two when ICBC was hit by a ransomware attack. The software for the attack is rumored to be LockBit 3.0, a robust piece of malware. No group claimed responsibility for launching the attack.

ICBC said that it took steps to isolate and restore the compromised systems. The computer systems of US divisions of ICBC were not affected.

See also: Ransomware attack on ICBC disrupts trades in US Treasury market

Summary:
Several US companies involved with water control systems were attacked by hackers linked to Iran recently. The companies that use a programmable logic controller made in Israel were the targets. US Federal agencies issued an advisory about the device and warned about the all too common practice of leaving the default password in place.

At least one US water treatment plant disabled its computer control systems while responding to the intrusion, but it is not known if the intruders did any damage other than leaving a "calling card". Nonetheless, the vulnerability caused great concern among the Congressmen representing the state (Pennsylvania). There are reputedly 200 of the Israeli devices in the US and 1700 world-wide.

Summary:
A nuclear waste processing plant in the UK has been dealing with intrusions into its document systems for quite a long time. Although there are no reports of attacks against its control systems, there is concern that sensitive information about disaster planning and response may ave been revealed to foreign powers. The site spokespeople emphasize that cybersecurity improvements are ongoing, but there is a possible criminal investigation being conducted about the inadequate protection of the computer systems.

But, information leaks are hardly the worst problems facing the site.

Summary:
The Sellafield site is the largest nuclear waste storage and treatment plant in Europe. It has more radioactive material than Chernobyl. The Guardian article reveals that the silo holding a great deal of waste is leaking and will continue to leak for the next 25 years. Moreover, a basin holding nuclear sludge has cracks in its concrete and asphalt covering.