Skip to main content

PaperCut printer security flaw may be much worse than initially thought

More information has been revealed about how criminals are using the recently-discovered PaperCut security flaws, which looked to use humble office printers to gain entrance to corporate networks.

According to a new report on BleepingComputer, cybercriminals are using two flaws in the popular print management software to deliver the Atera remote management software to vulnerable endpoints. Such software allows the attackers to take full control of the target devices. 

We have also gotten two proofs-of-concept (PoC) showcasing exactly how the vulnerabilities could be exploited, exponentially increasing their destructive potential. The first PoC was released by attack surface assessment firm Horizon3, which explained that the exploit allows for "remote code execution by abusing the built-in 'Scripting' functionality for printers."

Few targets

The managed cybersecurity platform providers Huntress also showcased their PoC, but only in the form of a video demo. The actual PoC is yete to be released.

The silver lining is that there are only around 1,700 internet-exposed PaperCut servers that the attackers could target, BleepingComputer says, citing data from a Shodan search. Still, even one successful attack is one too many.

There are patches and workarounds for the flaws, though, so users are advised to address the problem immediately and minimize any potential risk. System admins should make sure their software is patched to versions 20.1.7, 21.2.11 (MF), and 22.0.9 (NG). 

Read more

> > 50,000 printers hacked to promote YouTuber

 > Thousands of printers hacked across the globe after critical flaw exposed

 > Here's a rundown of the best endpoint protection solutions today

The second flaw can also be mitigated by applying “Allow list” restrictions found in Options > Advanced > Security > Allowed site server IP addresses, and only allowing verified Site Server IP addresses to access the network.

Those interested in double-checking whether or not your systems were compromised are out of luck, as PaperCut says it’s impossible to determine, with absolute certainty, if a threat actor breached the network. 

The devs suggested IT teams look for suspicious activity in the PaperCut admin interface under Logs > Application Log, including updates from a user called [setup wizard]. They can also look for new users being created, or configuration keys changed. 

Via: BleepingComputer



Comments

Post a Comment

Popular posts from this blog

Garmin's new radar-equipped tail light will keep you safe on your e-bike

Garmin's Varia bike radars are some of the most popular pieces of cycling tech around – and now the company has delivered its first rearview radar to have been specially designed for some of the best e-Bikes .   Garmin's Varia range mounts to the back of your bike and broadcasts a radar signal behind you, so you can get visual and audible alerts when something's overtaking you. Even better, the new Varia eRTL615 plugs directly into most e-bikes, with no battery required. Because the catchily-named Varia eRTL615 is also a tail light, it'll also make sure you're visible to other vehicles too, promising to emit a flashing or solid light that's visible from up to a mile away in daylight. To connect Garmin's new radar tail light to your e-bike, you'll need to pick the right Garmin adapter cable (which isn't included). You can buy power cables compatible with Bosch, Shimano, or USB-A terminals or connections, with more info on those available on Garmin...
Post a Comment
Read more

Revolution Software is using their own AI technology to remake Broken Sword

TechRadar Gaming is reporting live from Gamescom 2023 on the latest and greatest developments in gaming and hardware. Revolution Software announced at Gamescom 2023 that Broken Sword would be coming back, with Broken Sword - The Shadow of the Templars getting a full remake while a sixth title in the series is coming in the future too, under the title Broken Sword - Parzival’s Stone .  Speaking to TRG ahead of the announcement, Cecil talked about the studio’s plans for a Broken Sword remake and the sixth title in the series. Cecil is a larger-than-life character, who is able to talk about the studio’s plans with enthusiasm. It even carries a pocketful of stones to illustrate the plans for Parzival’s Stone , but he also talks about how Broken Sword - The Shadow of the Templars would be using AI to upscale.  Cecil wasn’t shy about the studio’s use of AI technology, but he gave a fairly robust explanation of why the game was using it. The AI technology will be used to upda...
Post a Comment
Read more

Hackers steal passwords, emails from hookup websites

Two gay hookup websites have been breached with sensitive and personal user data stolen and sold online, new reports have claimed. The databases, which are now being sold on dark web forums, were taken from platforms called TruckerSucker, and CityJerks. They contain enough personally identifiable information to engage in identity theft , such as usernames and passwords, email addresses, profile pictures, sexual preferences, birth dates, postal addresses, IP addresses, and bios. The passwords are encrypted, but according to TechCrunch, the algorithm is “weak” and could be broken by a more persistent hacker. The silent treatment HaveIBeenPwned founder Troy Hunt, who was tipped off on the leak, described the incident as a “typical forum breach, albeit with super sensitive content.”  However the content includes more than just identity data, as there are also messages users exchanged, including arranging meetings and describing their sexual preferences.  In total, more than...
Post a Comment
Read more