Comcast Xfinity Accounts, Hive Group Breaches Louisiana Hospital, and More

Comcast Xfinity Accounts Hacked in Widespread 2FA Attacks

Threat actors can now evade two-factor authentication to compromise Comcast Xfinity customer accounts and reset Passwords for other services, like DropBox, Evernote, Coinbase and Gemini. The intruders determine login credentials using credential stuffing, and successful 2FA verification requests are forged using a privately circulated OTP bypass for the Xfinity website. The attacker then resets passwords by logging into the account and changing the second email address to @yopmail.com. The main Xfinity email address receives a notification that information has been changed. However, because the password has also been changed, it can no longer be accessed. Read more

Vice Society Ransomware Gang Switches to a New Custom Encryption System

Vice Society - known to perform double-extortion on its victims, is now using a new encryptor dubbed "PolyVice" which uses NTRUEncrypt asymmetric and ChaCha20-Poly1305 symmetric encryption in conjunction. A unique 112-bit NTRU private key is generated after importing a pre-generated 192-bit NTRU public key. The key pairs are used to encrypt the ChaCha20-Poly1305 symmetric keys, while NTRU key pairs are encrypted using the public NTRU key to prevent retrieval attempts. PolyVice uses multi-threading and utilizes the victim's CPU to its full capacity to speed up the encryption process. It also reads file content to apply speed optimization in each case and uses intermittent encryption selectively. It then adds the ".ViceSociety" extension to locked files and drops 'AllYFilesAE' ransom notes. Read more

Vulnerability in YITH WordPress Plugin for Premium Gift Cards Exploited in Attacks

A vulnerability tracked as CVE-2022-45359 in the YITH WooCommerce Gift Cards premium plugin allows attackers to upload executable files to WordPress sites without any authentication to gain remote code execution and take control of the entire site. Upon reverse engineering the exploit, researchers discovered a security defect in an import function running on the admin_init hook, which runs for all /wp-admin/ directories. The function does not have cross-site request forgery (CSRF) or capability checks, so an unauthenticated attacker can send special requests with specific parameters and payloads. Since no file type checks are performed, executable PHP files can also be uploaded. Read more

U.S. President Signs Law to Safeguard I.T. Against Quantum Computing

Joe Biden has signed a law to ensure federal agencies migrate to I.T. systems that can resist quantum decryption. The law aims to prioritize developing applications, intellectual property, hardware, and software that can be updated to support cryptographic agility. Additionally, federal agencies have been instructed to share a list of quantum-vulnerable cryptographic systems by May 2023. NIST will set encryption standards for post-quantum computing within two years and is evaluating four new models for post-quantum computing encryption. After post-quantum cryptographic standards are issued, the law requires the OMB to require federal agencies to adopt them and to report annually to Congress on their progress. Read more

What are Air-Gapped Backups and Why Should You Use Them

With their ability to isolate critical volumes from the primary environment, air-gapped networks provide reliable ransomware protection to enterprise workloads – making them a necessary feature for all storage, hyperconverged infrastructure (HCI) and backup and disaster recovery (DR) solutions. Learn more

Louisiana Hospital Falls Victim to the Hive Ransomware Group

Nearly 270,000 people who have received care at Lake Charles Memorial Health System (LCMHS) medical centers had their data breached in a ransomware attack by the Hive group. The hackers gained unauthorized access to LCMHS' network and stole sensitive information, including full names, date of birth, physical addresses, patient identification numbers, medical records, payment information, health insurance information, social security numbers, and limited clinical information. However, intruders could not access the electronic medical records. Hive listed LCMHS on its data leak site and published allegedly stolen files, including bills of materials, contracts, medical records, papers, scans, and residents. Read more

98TB Fully Air-Gapped & Immutable Veeam Backup and DR appliance for $8,995

98TB Veeam Backup and DR appliance with Policy based Immutability using built-in Network & Power management Controller and automated physical and logical Air-Gapped vault for $8,995.

10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For appliance demos, details, and quotes, contact us by filling out the form on StoneFly website.?