![]() ![]() Hxxp://upd488.windowservicecemtercom/download/a3.msiĭownload URL linked to malicious domain observed in our intrusion.Ĭobaltstrike C2, that has a similar domain naming convention and registration pattern to the Domain used to host AppPrint.msi. Note: We have not observed this in our specific intrusion. URL delivering MSI file that installs AteraAgent Hxxp://upd488.windowservicecemtercom/download/setup.msi URL delivering MSI file that installs Syncro MSP RMM toolĠ0ec44df6487faf9949cebee179bafe8377ca4417736766932508f94da0f35feĪppPrint.msi file that installs Syncro MSP RMM toolĭomain delivering MSI file that loads RMM tool. Hxxp://upd488.windowservicecemtercom/download/AppPrint.msi if a customer can't upgrade to the latest version which could be true particularly. Indicators of Compromise (IOCs) Indicator .msftsecurity says the FIN7 cybercrime group is likely working with the Clop ransomware strain to exploit a bug in PaperCuts NG/MF print management products. The flaws affect PaperCut MF and NG version 8.0 and later, on all OS platforms, according to PaperCut. Note: Arctic Wolf recommends the following change management best practices for applying upgrades, including testing changes in a testing environment before deploying to production to avoid any operational impact. No workaround is available for this vulnerability. Versions 20.1.7, 21.2.11 and 22.0.9 and later.Īpplication and Site servers are impacted secondary servers (Print Providers) and Direct Print Monitors are not impacted. More attacks against vulnerable PaperCut MF/NG print management servers have. Version 8.0 or later, on all OS platforms The vendor recommended that customers upgrade to a new version that patches. According to PaperCut, there is no practical workaround to address this vulnerability. ![]() We strongly recommend upgrading PaperCut MF and PaperCut NG to 20.1.7, 21.2.11, 22.0.9 or later to prevent potential exploitation. Recommendations For CVE-2023-27350 Recommendation #1: Upgrade PaperCut Application Servers to a Fixed Version We strongly recommend that organizations running the affected products upgrade as soon as possible. We assess with moderate confidence that this intrusion activity is related to the exploitation of CVE-2023-27350.Īrctic Wolf has deployed monitoring around indicators of compromise associated with this PaperCut intrusion activity. Your PaperCut MF license must have current Maintenance &. Over the past week, Arctic Wolf has observed intrusion activity associated with a vulnerable PaperCut Server where the RMM tool Synchro MSP was loaded onto a victim system. All PaperCut MF customers have access to upgrades issued in the first 12 months from initial purchase. PaperCut NG and PaperCut MF are self-hosted and require a server, making them ideal for organisations with complex print environments. Additional details surrounding this vulnerability will be released by Trend Micro on May 10, 2023. Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on JanuPaperCut released a patch on March 8, 2023. Recommendations For CVE-2023-27350 Recommendation 1: Upgrade PaperCut Application Servers to a Fixed Version We strongly recommend upgrading PaperCut MF and PaperCut NG to 20.1.7, 21.2.11, 22.0.9 or later to prevent potential exploitation. CVE-2023-27350 could allow unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. We strongly recommend that organizations running the affected products upgrade as soon as possible. Precision Peripherals Ltd understands PaperCut and our friendly local sales team can advise which solution is the most suitable for your organisation and ensure that it is correctly installed, your managers trained and your users know how to use it.On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by threat actors. PaperCut software is sold as four separate software solutions which you can either host on your own network or in the cloud. PaperCut also provides a range of administrative controls making it attractive to managers through features such as auto deploying print drivers, implementing cost reduction measures on the fly and making it more difficult for sensitive information to fall into the wrong hands. PaperCut makes it easy for your users to print, whether they are using a BYOD or mobile device. Papercut is a powerful print management software platform that provides simple and affordable print management software for Windows, MAC, Linus and Novell. ![]()
0 Comments
Leave a Reply. |