PaperCut printer security flaw may be much worse than initially thought

More information has been revealed about how criminals are using the recently-discovered PaperCut security flaws , which looked to use humb...

More information has been revealed about how criminals are using the recently-discovered PaperCut security flaws, which looked to use humble office printers to gain entrance to corporate networks.

According to a new report on BleepingComputer, cybercriminals are using two flaws in the popular print management software to deliver the Atera remote management software to vulnerable endpoints. Such software allows the attackers to take full control of the target devices. 

We have also gotten two proofs-of-concept (PoC) showcasing exactly how the vulnerabilities could be exploited, exponentially increasing their destructive potential. The first PoC was released by attack surface assessment firm Horizon3, which explained that the exploit allows for "remote code execution by abusing the built-in 'Scripting' functionality for printers."

Few targets

The managed cybersecurity platform providers Huntress also showcased their PoC, but only in the form of a video demo. The actual PoC is yete to be released.

The silver lining is that there are only around 1,700 internet-exposed PaperCut servers that the attackers could target, BleepingComputer says, citing data from a Shodan search. Still, even one successful attack is one too many.

There are patches and workarounds for the flaws, though, so users are advised to address the problem immediately and minimize any potential risk. System admins should make sure their software is patched to versions 20.1.7, 21.2.11 (MF), and 22.0.9 (NG). 

The second flaw can also be mitigated by applying “Allow list” restrictions found in Options > Advanced > Security > Allowed site server IP addresses, and only allowing verified Site Server IP addresses to access the network.

Those interested in double-checking whether or not your systems were compromised are out of luck, as PaperCut says it’s impossible to determine, with absolute certainty, if a threat actor breached the network. 

The devs suggested IT teams look for suspicious activity in the PaperCut admin interface under Logs > Application Log, including updates from a user called [setup wizard]. They can also look for new users being created, or configuration keys changed. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/XrlfpwA
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,18,Video,5,XIAOMI,13,YouTube - 9to5Google,17,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: PaperCut printer security flaw may be much worse than initially thought
PaperCut printer security flaw may be much worse than initially thought
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/04/papercut-printer-security-flaw-may-be.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/04/papercut-printer-security-flaw-may-be.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy