Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

Critical PaperCut Vulnerability Exploited in State-Sponsored Attacks, Microsoft Warns

Ari Denial
Published by Ari Denial on May 09, 2024

Microsoft has reported that Iranian nation-state groups are actively exploiting a critical vulnerability discovered in PaperCut print management software. The threat intelligence team at Microsoft observed the involvement of Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) in leveraging the CVE-2023-27350 flaw to gain initial access in their operations.

Microsoft noted that Mint Sandstorm demonstrated the ability to quickly incorporate proof-of-concept exploits into their operations, while Mango Sandstorm relied on tools from previous intrusions to connect to their command and control infrastructure.

Microsoft has identified connections between Lace Tempest, FIN11, TA505 cybercrime gangs, and the Clop ransomware operation in recent attacks. Additionally, Microsoft found that some of these intrusions resulted in LockBit ransomware attacks, although further details were not provided. The Cybersecurity and Infrastructure Security Agency (CISA) included the PaperCut vulnerability (CVE-2023-27350) in its list of actively exploited vulnerabilities. Federal agencies were ordered to secure their PaperCut servers within three weeks.

This vulnerability is a critical remote code execution bug in PaperCut MF or NG versions 8.0 or later and does not require authentication. PaperCut’s enterprise printing management software is widely used by large companies, state organizations, and educational institutions worldwide. The software claims to have over 100 million users across more than 70,000 companies, making it a significant target for attackers.

Researchers quickly released PoC exploits for the RCE bug disclosed in March 2023, and Microsoft later warned that Clop and LockBit ransomware groups were using it to gain initial access to corporate networks. Despite indicators of compromise and detection rules from multiple cybersecurity companies, VulnCheck revealed a new attack method that bypasses existing detections, allowing uninterrupted exploitation of CVE-2023-27350.

It is crucial for defenders to develop robust and comprehensive detections that cannot be easily evaded, as attackers learn from publicly available detection methods. To eliminate the RCE bug and mitigate the associated attack vector, defenders are strongly recommended to promptly upgrade their PaperCut MF and PaperCut NG software to versions 20.1.7, 21.2.11, and 22.0.9 or newer.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback