Cisco XSS zero-day flaw and PaperCut vulnerabilities
Cisco discloses a zero-day weakness that could enable hackers to launch cross-site scripting attacks, ransomware actors exploit critical security flaws in PaperCut servers, and Android Minecraft clones. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Cisco discloses zero-day flaw that hackers could exploit to launch XSS attacks
Cisco has disclosed a zero-day vulnerability affecting its Prime Collaboration Deployment (PCD) software. According to the networking company, hackers could exploit the flaw to launch cross-site scripting campaigns. The NATO Cyber Security Centre discovered the vulnerability, which affects PCD 14 and earlier versions. Successful exploitation of the bug would enable unauthenticated attackers to execute arbitrary script code or access sensitive browser-based information. While Cisco is set to release a security update next month, no workarounds currently exist to remove the attack vector.
2. Threat actors exploit PaperCut vulnerabilities to launch ransomware attacks
Hackers are exploiting vulnerabilities in PaperCut, a print management software with 100 million users worldwide, to deploy LockBit and Clop ransomware. Flaws, fixed in PaperCut MF and NG versions 22.0.9, 20.1.7 and 21.2.11, allow attackers to steal user information, retrieve hashed passwords and launch remote code execution attacks. Security researchers observed several attacks, including the Truebot malware variant linked to Clop. Microsoft identified a Clop affiliate, DEV-0950, incorporating PaperCut exploits in attacks as early as April 13. Victims are urged to apply patches immediately.
3. Android Minecraft clones with 35M downloads used to spread adware
McAfee has discovered 38 Minecraft-like mobile games containing adware in the Google Play Store. At least 35 million users worldwide have downloaded the apps, including Craft Rainbow Mini Builder, Block Box Master Diamond and Craft Monster Crazy Sword. The adware, known as Android/HiddenAds.BJL, generates revenue by loading ads in the background hidden from users. McAfee detected hidden ad packets generated by Unity, AppLovin, Supersonic and Google. The largest number of affected players are based in South Korea, Brazil, Canada and the U.S.
4. New Atomic macOS malware spoofs crypto wallets and keychain info
Security researchers have discovered a new type of malware that steals sensitive information from macOS devices. Dubbed Atomic macOS Stealer (AMOS), the malware can access system information, desktop and documents folders, keychain passwords, cryptocurrency wallets and browsers like Chrome and Firefox. Malware actors have listed AMOS for sale on Telegram for $1,000 per month. Cyble Research recommends that Mac users avoid opening links in emails or installing any untrusted software to prevent malware infiltration.
5. Tencent QQ users targeted by malware delivered via an app update
ESET researchers have linked the Chinese APT group Evasive Panda to a recent attack targeting Tencent QQ users with MsgBot malware. The campaign began in 2020 and targeted members of an international NGO in specific Chinese provinces. ESET revealed that the malware was delivered via an automatic app update, and legitimate IPs and URLs were used. This suggests a possible supply chain or attacker-in-the-middle attack.
See Infosec IQ in action