CISA flags PaperCut RCE bug as exploited in attacks, patch now

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/security/cisa-flags-papercut-rce-bug-as-exploited-in-attacks-patch-now/

ONE SENTENCE SUMMARY:

CISA warns of active exploits targeting PaperCut software, urging immediate patching against vulnerabilities used by ransomware groups.

MAIN POINTS:

1. CISA reports exploitation of a high-severity PaperCut NG/MF vulnerability allowing remote code execution.
2. The software is used by over 100 million users in 70,000+ organizations worldwide.
3. Vulnerability CVE-2023-2533 was patched in June 2023; exploitation requires a logged-in admin and a malicious link.
4. CISA added this flaw to the Known Exploited Vulnerabilities Catalog, with a patch deadline of August 18 for U.S. agencies.
5. All organizations, including private, are advised to prioritize patching this bug due to significant risks.
6. Shadowserver tracks over 1,100 potentially exposed PaperCut servers, though not all are vulnerable.
7. No evidence links CVE-2023-2533 to ransomware; similar exploits used in past breaches by ransomware gangs.
8. Microsoft linked previous PaperCut attacks to LockBit, Clop ransomware, and Iranian state-backed groups.
9. Previous breaches targeted the ‘Print Archiving’ feature to steal corporate data from compromised systems.
10. Joint advisory from CISA and FBI warned educational organizations of potential exploitation by ransomware groups.

TAKEAWAYS:

1. Immediate patching of PaperCut vulnerabilities is crucial to prevent potential exploitation.
2. Organizations should prioritize addressing known exploited vulnerabilities to enhance security.
3. Understanding the tactics used by ransomware gangs is essential for proactive defense.
4. Collaborations between agencies like CISA, FBI, and companies like Microsoft help in threat mitigation.
5. Continuous monitoring of exposed servers can prevent unauthorized access and data breaches.