Security News
Overcoming industry obstacles for decentralized digital identitiesIn this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliatesClop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers.
Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers."Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest," Microsoft shared.
Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest, which overlaps with other hacking groups like FIN11, TA505, and Evil Corp. "In observed attacks, Lace Tempest ran multiple PowerShell commands to deliver a TrueBot DLL, which connected to a C2 server, attempted to steal LSASS credentials, and injected the TrueBot payload into the conhost.exe service," Microsoft said in a series of tweets.
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Today, Microsoft disclosed that the Clop and LockBit ransomware gangs are behind these PaperCut attacks and using them to steal corporate data from vulnerable servers.
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Today, Microsoft disclosed that the Clop and LockBit ransomware gangs are behind these PaperCut attacks and using them to steal corporate data from vulnerable servers.
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Today, Microsoft disclosed that the Clop and LockBit ransomware gangs are behind these PaperCut attacks and using them to steal corporate data from vulnerable servers.
Hats off to PaperCut in this case, because the company really is trying to make sure that all its customers know about the importance of two vulnerabilities in its products that it patched last month, to the point that it's put a green-striped shield at the top of its main web page that says, "Urgent security message for all NG/MF customers." We've seen companies that have admitted to unpatched zero-day vulnerabilities and data breaches in a less obvious fashion than this, which is why we're saying "Good job" to the Papercut team for what cybersecurity jargon would probably praise with the orotund phrase an abundance of caution.
An unauthenticated RCE flaw in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there's a public PoC exploit. According to PaperCut, the attacks seem to have started on April 14, 2023 - a month and a week after the software maker released new PaperCut MF and NG versions that fixed CVE-2023-27350 and CVE-2023-27351, an unauthenticated information disclosure flaw that could allow attackers to access sensitive user information without authentication.
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers. The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.
Print management software provider PaperCut said that it has "Evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01:29 AEST / 13th April 15:29 UTC," it further added.