Security News

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350, the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.

CVE-2018-9995 is an authentication bypass vulnerability that can be triggered with a simple exploit sent via a maliciously crafted HTTP cookie to a vulnerable DVR device. The device responds by sending back the device's admin credentials in clear text.

Infoblox Threat Intelligence Group, which says it analyzes billions of DNS records and millions of domain-related records each day, has reported a new malware toolkit called Decoy Dog that uses a remote access trojan called Pupy. InfoBlox found that the Decoy Dog toolkit that uses Pupy in fewer than 3% of all networks, and that the threat actor who has control of Decoy Dog is connected to just 18 domains.

Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR devices. Fortinet's FortiGard Labs reports seeing an uptick in hacking attempts on TBK DVR devices recently, with the threat actors using a publicly available proof of concept exploit to target a vulnerability in the servers.

VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors. The two flaws were part of an exploit chain demoed by the STAR Labs team's security researchers one month ago, during the second day of the Pwn2Own Vancouver 2023 hacking contest.

An unauthenticated RCE flaw in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there's a public PoC exploit. According to PaperCut, the attacks seem to have started on April 14, 2023 - a month and a week after the software maker released new PaperCut MF and NG versions that fixed CVE-2023-27350 and CVE-2023-27351, an unauthenticated information disclosure flaw that could allow attackers to access sensitive user information without authentication.

Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers. The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.

Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx.

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. "The unauthorized party used CVE-2023-0669 to create unauthorized user accounts in some MFTaaS customer environments," the company said.

CitizenLab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Group's Pegasus spyware in 2022, and deployed by Mexico against human rights defenders.