Tech Support
Documentation
Login
Contact Us
Ransomware groups exploits vulnerabilities in PaperCut
May 12, 2023 - TuxCare PR Team
Microsoft has issued a warning about two cybercrime gangs that are aggressively exploiting vulnerabilities in PaperCut, a popular print management program. The groups in question are a Russian-speaking Clop ransomware-as-a-service gang and the LockBit cybercrime gang. Lace Tempest, also known as FIN11.
Following reports of suspicious activity that exploited bugs patched in March, PaperCut advised its customers earlier this month to update their software. According to the business, the first hint of hackers exploiting a remote code execution issue on the PaperCut Application Server, known as CVE-2023-27350, happened on April 14. Microsoft, on the other hand, claimed that Lace Tempest had already used the PaperCut vulnerability in its assaults on April 13.
According to Huntress, a managed detection and response company, it discovered a hacker attempting to deploy a Monero crypto miner using the same issue. The company also addressed CVE-2023-27351, which allowed an unauthenticated attacker to retrieve information about a user contained within the company’s software, including as usernames, full names, email addresses, and hashed passwords for PaperCut-created users.
PaperCut is working hard to make sure that all of its customers understand the significance of the two vulnerabilities addressed last month. The corporation has added a green-striped shield to the top of its main website, with the words “Urgent security message for all NG/MF customers.” PaperCut has also reviewed its records and is working to reach out to consumers who may be at danger.
PaperCut stated that it was initially notified of an unpatched server assault on April 17, and that it is working hard to assemble a list of unpatched servers that are available on the public internet. Despite this, the corporation is unable to check internal networks for unpatched systems that are not accessible online.
The sources for this piece include an article in DataBreachToday.
