Cisco XSS zero-day flaw and PaperCut vulnerabilities

May 1, 2023 by Dan Virgillito

Cisco discloses a zero-day weakness that could enable hackers to launch cross-site scripting attacks, ransomware actors exploit critical security flaws in PaperCut servers, and Android Minecraft clones. Catch all this and more in this week’s edition of Cybersecurity Weekly.

1. Cisco discloses zero-day flaw that hackers could exploit to launch XSS attacks

Cisco has disclosed a zero-day vulnerability affecting its Prime Collaboration Deployment (PCD) software. According to the networking company, hackers could exploit the flaw to launch cross-site scripting campaigns. The NATO Cyber Security Centre discovered the vulnerability, which affects PCD 14 and earlier versions. Successful exploitation of the bug would enable unauthenticated attackers to execute arbitrary script code or access sensitive browser-based information. While Cisco is set to release a security update next month, no workarounds currently exist to remove the attack vector.

Read more »

2. Threat actors exploit PaperCut vulnerabilities to launch ransomware attacks

Hackers are exploiting vulnerabilities in PaperCut, a print management software with 100 million users worldwide, to deploy LockBit and Clop ransomware. Flaws, fixed in PaperCut MF and NG versions 22.0.9, 20.1.7 and 21.2.11, allow attackers to steal user information, retrieve hashed passwords and launch remote code execution attacks. Security researchers observed several attacks, including the Truebot malware variant linked to Clop. Microsoft identified a Clop affiliate, DEV-0950, incorporating PaperCut exploits in attacks as early as April 13. Victims are urged to apply patches immediately.

Read more »

3. Android Minecraft clones with 35M downloads used to spread adware

McAfee has discovered 38 Minecraft-like mobile games containing adware in the Google Play Store. At least 35 million users worldwide have downloaded the apps, including Craft Rainbow Mini Builder, Block Box Master Diamond and Craft Monster Crazy Sword. The adware, known as Android/HiddenAds.BJL, generates revenue by loading ads in the background hidden from users. McAfee detected hidden ad packets generated by Unity, AppLovin, Supersonic and Google. The largest number of affected players are based in South Korea, Brazil, Canada and the U.S.

Read more »

4. New Atomic macOS malware spoofs crypto wallets and keychain info

Security researchers have discovered a new type of malware that steals sensitive information from macOS devices. Dubbed Atomic macOS Stealer (AMOS), the malware can access system information, desktop and documents folders, keychain passwords, cryptocurrency wallets and browsers like Chrome and Firefox. Malware actors have listed AMOS for sale on Telegram for $1,000 per month. Cyble Research recommends that Mac users avoid opening links in emails or installing any untrusted software to prevent malware infiltration.

Read more »

5. Tencent QQ users targeted by malware delivered via an app update

ESET researchers have linked the Chinese APT group Evasive Panda to a recent attack targeting Tencent QQ users with MsgBot malware. The campaign began in 2020 and targeted members of an international NGO in specific Chinese provinces. ESET revealed that the malware was delivered via an automatic app update, and legitimate IPs and URLs were used. This suggests a possible supply chain or attacker-in-the-middle attack.

Read more »

Posted: May 1, 2023
Dan Virgillito
View Profile

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news. Visit his website or say hi on Twitter.