Skip to content
Make Your Internet Intelligence Blossom | Get 20% off Censys Search Teams or Solo annual plans with code Spring24 by 5/31 | Save Now

This Week in Cybersecurity: July 8th-12th

A week in cybersecurity indicates a number of breakthroughs made. The Censys weekly blog highlights five key articles that occur across security news outlets. Coverage across the industry on attackers’ new techniques globally. While companies like Censys try to defend against the bad guys, they strike back and find new ways to bypass our defense strategies. So, let’s get informed and learn what recent advances attackers have achieved.

The following are five trending news articles from this week:

1. Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China – July 8th

Two malicious spyware apps disguised themselves as file and data recovery and file manager apps on the Google Play Store. These malicious apps are sending confidential user data to harmful Chinese servers. Over 1.5 million Android users’ privacy is potentially exposed without their knowledge. On the play store, these apps convey that no personal data is being recorded. However, contact lists, various types of media files, current location, mobile country code, network provider details (including SIM card details), current operating system, device brand, and model are all being collected. Attackers’ deceiving tactics have made these apps look legitimate and difficult for a user to delete from their device. Additionally, the apps can disappear from the home screen of the infected device, leaving some users clueless. With the use of an emulator to imitate real, trustworthy apps, hundreds of data transfers and other damaging acts occur behind the scenes.

The malicious apps are currently removed from the Google Play Store. Users are advised to pay close attention when downloading apps, read app ratings, and read app permissions before proceeding. Organizations must be cautious and aware and educate their employees about mobile threat activity and how to detect.
(Source: TheHackerNews)

2. Data for 11 Million Patients Stolen in Breach of HCA Healthcare – July 10th

Sensitive information on over 11 million HCA healthcare patients has been stolen. HCA is one of the largest healthcare providers in the United States, with 180 hospitals and 2,300 healthcare locations. The breach occurred from an external storage location that was intended to automate and format emails. The breached database contains 27 million rows of data, 11 million of which are HCA patients. Serious confidential information such as patient names, addresses, emails, phone numbers, clinical information, card and account numbers, driver’s license, social security number, etc.

Patients located in the following states have been affected: Alaska, California, Colorado, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Louisiana, Missouri, Mississippi, Nevada, New Hampshire, North Carolina, South Carolina, Tennessee, Texas, Utah, and Virginia. announced the breach after identifying the attacker, who advertised photos of stolen patient data for sale on an underground channel. The attacker gave the healthcare provider until July 10th to comply with their desires. After communication, the provider found the breach occurred on July 4th through their automated email formatting system.
(Source: SCMagazine)

3. Revolut Faces $20 Million Loss as Attackers Exploit Payment System Weakness – July 10th

Early in 2022, the financial technology company Revolut found a flaw in their payment system. The flaw enabled attackers’ to obtain over $20 million of the company’s funds. The lack of consistency between the United States and European financial systems was the cause and wasn’t detected until the end of 2021. Revolut tried to quickly patch the issue and refund the stolen money. Yet, before they did so, the attack group had another strategy to prevail. They communicated with individuals about making expensive purchases and that their payments wouldn’t go through. Instead, when doing so, the refunded money got stolen again, this time via ATMs. In total, $23 million was seized, resulting in a net loss of about $20 million.

The news emerged this week when a senior-level member of the French hacking group OPERA1ER was arrested. This group is recognized for their attacks on financial organizations and online banking platforms using various different techniques.
(Source: TheHackerNews)

4. Critical RCE Found in Popular Ghostscript Open-Source PDF Library – July 12th

CVE-2023-3664, a critical-severity remote code execution flaw, with a rating of 9.8. This execution code affects all Ghostscript versions, except the most recent, which was released less than a month ago. Once the malicious file is opened, Ghostscript, a popular open source PostScript language and PDF interpreter, executes the code. The issue was administered by Ghostscript’s “gp_file_name_reduce()” function since the function cleans the various path references, making the procedure simpler. However, if the specially-crafted procedure is applied to a vulnerable function, the result is unpredictable, potentially leading the validation methods to be bypassed and ultimately abused. The software uses another function named “gp_validate_path” when attempting to open a file. The purpose of this function is to ensure that the location is secure. Yet, the susceptible function can change the location so that it is not detected when the function is checking.
(Source: BleepingComputer)

5. Chinese Hackers Breached U.S. and European Government Email Through Microsoft Bug – July 12th

Storm-0558, the attacker group, took advantage of a hole in Microsoft’s cloud email service. 24 entities, including US and European government agencies, are the target of Storm-0558. The vulnerability was first identified by the Federal Civilian Executive Branch (FCEB) after they noticed alarming activity in their Microsoft 365 cloud environment last month. This group has been deliberately operating in 25 organizations since May, according to additional analysis. The group’s goals are credential access, data theft, and espionage. A successful attack was carried out by forging access tokens to the Outlook email client services using a Microsoft consumer signing key. Microsoft and government agencies worked together to quickly identify the danger and implement a remedy. The Chinese Foreign Minister’s comments that the United States has had malicious attacks demonstrate the ongoing fuel between nations, which impacts each nation’s privacy and security.
(Source: TheRecord)

Being informed of all things cyber is essential to stay ahead of attackers, understand their schemes, and secure your privacy. Each week, new cyber techniques emerge that attackers around the world are using to inflict harm on organizations. Due to their successful campaigns and damage, the five articles presented above surfaced in the industry this week. The Censys weekly blog is intended to keep our audience aware of what’s arising so we can anticipate attackers next steps.

Attack Surface Management Solutions
Learn more