9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
An unknown player published the exploit code for a critical vulnerability in printer management software yesterday paper cut. After five days of malware attacks on the vulnerability, the
An unknown player published the exploit code for a critical vulnerability in printer management software yesterday paper cut. After five days of malware attacks on the vulnerability, the threat continues to grow.
PaperCut has more than 100 million users in 70,000 organizations. According to the Shodan search engine, almost 1,700 installations of the software have been published on the Internet.
Last Wednesday, PaperCut warned that a critical vulnerability is under active attack. The company released a patch for the vulnerability in March, but many users have not yet installed it. The vulnerability, named CVE-2023-27350, has a severity of 9.8 out of 10.
Unauthenticated attackers could use the vulnerability to enter malicious code without having to log in. A related vulnerability, CVE-2023-27351, allows unauthenticated attackers to extract usernames, full names, and email addresses from unpatched servers.
Two days after PaperCut announced the attacks, security firm Huntress reported that attackers were exploiting the vulnerability. Hackers used the vulnerability to install two remote management software known as Atera and Syncro on the unpatched servers.
After this step was successful, attackers used the above software to install malware called Truebot. Truebot is affiliated with a group called Silance, reports Ars Technica. The group has ties to the Clop ransomware group. Clop previously worked with Truebot to exploit a critical vulnerability in software called GoAnywhere.
According to Huntress researchers, the link between the PaperCut attacks and the Clop ransomware group is worrying. The access gained through the PaperCut exploit allows attackers to move further within the victim network and eventually deploy ransomware.
Huntress clarifies that there are approximately 1,000 Windows computers with PaperCut installed in the customer environments it manages. Of these, 900 are still unpatched. Assuming these numbers are representative of the rest of PaperCut users, Huntress researchers say thousands of servers are still at risk.
To prevent abuse, any organization using PaperCut should ensure that PaperCut MF and NG versions 20.1.7, 21.2.11 and 22.0.9 are installed.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
