Two malicious spyware apps disguised themselves as file and data recovery and file manager apps on the Google Play Store. These malicious apps are sending confidential user data to harmful Chinese servers. Over 1.5 million Android users’ privacy is potentially exposed without their knowledge. On the play store, these apps convey that no personal data is being recorded. However, contact lists, various types of media files, current location, mobile country code, network provider details (including SIM card details), current operating system, device brand, and model are all being collected. Attackers’ deceiving tactics have made these apps look legitimate and difficult for a user to delete from their device. Additionally, the apps can disappear from the home screen of the infected device, leaving some users clueless. With the use of an emulator to imitate real, trustworthy apps, hundreds of data transfers and other damaging acts occur behind the scenes.
The malicious apps are currently removed from the Google Play Store. Users are advised to pay close attention when downloading apps, read app ratings, and read app permissions before proceeding. Organizations must be cautious and aware and educate their employees about mobile threat activity and how to detect.
(Source: TheHackerNews)
Sensitive information on over 11 million HCA healthcare patients has been stolen. HCA is one of the largest healthcare providers in the United States, with 180 hospitals and 2,300 healthcare locations. The breach occurred from an external storage location that was intended to automate and format emails. The breached database contains 27 million rows of data, 11 million of which are HCA patients. Serious confidential information such as patient names, addresses, emails, phone numbers, clinical information, card and account numbers, driver’s license, social security number, etc.
Patients located in the following states have been affected: Alaska, California, Colorado, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Louisiana, Missouri, Mississippi, Nevada, New Hampshire, North Carolina, South Carolina, Tennessee, Texas, Utah, and Virginia.
DataBreaches.net announced the breach after identifying the attacker, who advertised photos of stolen patient data for sale on an underground channel. The attacker gave the healthcare provider until July 10th to comply with their desires. After communication, the provider found the breach occurred on July 4th through their automated email formatting system.
(Source: SCMagazine)
Early in 2022, the financial technology company Revolut found a flaw in their payment system. The flaw enabled attackers’ to obtain over $20 million of the company’s funds. The lack of consistency between the United States and European financial systems was the cause and wasn’t detected until the end of 2021. Revolut tried to quickly patch the issue and refund the stolen money. Yet, before they did so, the attack group had another strategy to prevail. They communicated with individuals about making expensive purchases and that their payments wouldn’t go through. Instead, when doing so, the refunded money got stolen again, this time via ATMs. In total, $23 million was seized, resulting in a net loss of about $20 million.
The news emerged this week when a senior-level member of the French hacking group OPERA1ER was arrested. This group is recognized for their attacks on financial organizations and online banking platforms using various different techniques.
(Source: TheHackerNews)
CVE-2023-3664, a critical-severity remote code execution flaw, with a rating of 9.8. This execution code affects all Ghostscript versions, except the most recent, which was released less than a month ago. Once the malicious file is opened, Ghostscript, a popular open source PostScript language and PDF interpreter, executes the code. The issue was administered by Ghostscript’s “gp_file_name_reduce()” function since the function cleans the various path references, making the procedure simpler. However, if the specially-crafted procedure is applied to a vulnerable function, the result is unpredictable, potentially leading the validation methods to be bypassed and ultimately abused. The software uses another function named “gp_validate_path” when attempting to open a file. The purpose of this function is to ensure that the location is secure. Yet, the susceptible function can change the location so that it is not detected when the function is checking.
(Source: BleepingComputer)
Storm-0558, the attacker group, took advantage of a hole in Microsoft’s cloud email service. 24 entities, including US and European government agencies, are the target of Storm-0558. The vulnerability was first identified by the Federal Civilian Executive Branch (FCEB) after they noticed alarming activity in their Microsoft 365 cloud environment last month. This group has been deliberately operating in 25 organizations since May, according to additional analysis. The group’s goals are credential access, data theft, and espionage. A successful attack was carried out by forging access tokens to the Outlook email client services using a Microsoft consumer signing key. Microsoft and government agencies worked together to quickly identify the danger and implement a remedy. The Chinese Foreign Minister’s comments that the United States has had malicious attacks demonstrate the ongoing fuel between nations, which impacts each nation’s privacy and security.
(Source: TheRecord)
