LockBit ransomware was deployed in some of the attacks. After exploiting the vulnerabilities, TrueBot malware was deployed, which is known to be used by the Clop ransomware operation. PaperCut is a print management software that is being used by the entire organization. Tracked as CVE-2023-27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with. On April 26, 2023, Microsoft announced that a threat actor known as Lace Tempest was exploiting the PaperCut flaws and that the activity overlapped with the FIN11 and TA505 threat groups, both of which have ties to Clop. 1 day ago &0183 &32 Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Those two vulnerabilities were disclosed by the developer on April 19, 2023, and were corrected in PaperCut versions 20.1.7, 21.2.11, and 22.0.9 and later. It allows you to track and monitor your printers with alerts by email or SMS and apply rules to minimise waste and maximise productivity, all through an easy to use web portal. The Clop group exploited the GoAnywhere MFT vulnerability (CVE-2023-0669) and stole data from around 130 organizations, and both groups have been observed exploiting two other recently disclosed vulnerabilities – CVE-2023-27350 and CVE-2023-27351 – which are authentication bypass vulnerabilities in the widely used print management software, PaperCut MF/NG. PaperCut NG gives you full control over your printing fleet, letting you manage and control. The latest alert about LockBit was issued in December 2022 following multiple attacks on HPH sector organizations. .erCut LPD Service Installation From v151 onwards, PaperCut NG/MF comes bundled with the PaperCut LPD Service with a wizard style installer The installer. Clop was behind the attacks on Fortra’s GoAnywhere MFT solution in January/February 2023 and the 2022 attacks on the Accellion File Transfer Application (FTA), both of which exploited zero-day vulnerabilities in those solutions. HC3 has issued multiple alerts about the Clop and LockBit ransomware-as-a-service groups which have conducted multiple attacks on the healthcare sector. The Health Sector Cybersecurity and Coordination Center (HC3) has issued a fresh ransomware warning to the healthcare and public health (HPH) sector following a spate of attacks on the HPH sector in April by the Clop and LockBit ransomware groups. HC3: Ransomware Groups are Exploiting GoAnywhere and PaperCut Vulnerabilities
0 Comments
Leave a Reply. |