Cisco XSS zero-day flaw and PaperCut vulnerabilities
Cisco discloses a zero-day weakness that could enable hackers to launch cross-site scripting attacks, ransomware actors exploit critical security flaws in PaperCut servers, and Android Minecraft clones. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Cisco discloses zero-day flaw that hackers could exploit to launch XSS attacks
Cisco has disclosed a zero-day vulnerability affecting its Prime Collaboration Deployment (PCD) software. According to the networking company, hackers could exploit the flaw to launch cross-site scripting campaigns. The NATO Cyber Security Centre discovered the vulnerability, which affects PCD 14 and earlier versions. Successful exploitation of the bug would enable unauthenticated attackers to execute arbitrary script code or access sensitive browser-based information. While Cisco is set to release a security update next month, no workarounds currently exist to remove the attack vector.
2. Threat actors exploit PaperCut vulnerabilities to launch ransomware attacks
Hackers are exploiting vulnerabilities in PaperCut, a print management software with 100 million users worldwide, to deploy LockBit and Clop ransomware. Flaws, fixed in PaperCut MF and NG versions 22.0.9, 20.1.7 and 21.2.11, allow attackers to steal user information, retrieve hashed passwords and launch remote code execution attacks. Security researchers observed several attacks, including the Truebot malware variant linked to Clop. Microsoft identified a Clop affiliate, DEV-0950, incorporating PaperCut exploits in attacks as early as April 13. Victims are urged to apply patches immediately.
3. Android Minecraft clones with 35M downloads used to spread adware
McAfee has discovered 38 Minecraft-like mobile games containing adware in the Google Play Store. At least 35 million users worldwide have downloaded the apps, including Craft Rainbow Mini Builder, Block Box Master Diamond and Craft Monster Crazy Sword. The adware, known as Android/HiddenAds.BJL, generates revenue by loading ads in the background hidden from users. McAfee detected hidden ad packets generated by Unity, AppLovin, Supersonic and Google. The largest number of affected players are based in South Korea, Brazil, Canada and the U.S.
4. New Atomic macOS malware spoofs crypto wallets and keychain info
Security researchers have discovered a new type of malware that steals sensitive information from macOS devices. Dubbed Atomic macOS Stealer (AMOS), the malware can access system information, desktop and documents folders, keychain passwords, cryptocurrency wallets and browsers like Chrome and Firefox. Malware actors have listed AMOS for sale on Telegram for $1,000 per month. Cyble Research recommends that Mac users avoid opening links in emails or installing any untrusted software to prevent malware infiltration.
5. Tencent QQ users targeted by malware delivered via an app update
ESET researchers have linked the Chinese APT group Evasive Panda to a recent attack targeting Tencent QQ users with MsgBot malware. The campaign began in 2020 and targeted members of an international NGO in specific Chinese provinces. ESET revealed that the malware was delivered via an automatic app update, and legitimate IPs and URLs were used. This suggests a possible supply chain or attacker-in-the-middle attack.
See Infosec IQ in action
In this Series
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
