Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
Two high/critical severity security issues have been discovered in PaperCut MF/NG. There is evidence that unpatched servers are being exploited in the wild. The vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later. Upgrading to one of these versions containing the fix is highly recommended.
Vulnerabilities:
Organizations should upgrade all Application Servers and Site Servers, with public-facing servers, being the top priority. For more information on how to upgrade and recover from a compromise, refer to the original PaperCut bulletin.
If you cannot upgrade to a security patch, lock down network access to the server(s) by blocking all inbound traffic from external IPs to the web management port (ports 9191 and 9192 by default) and applying other security measures detailed in the bulletin.
On January 10th, 2023, Trend Micro reported a security vulnerability to PaperCut. In response, PaperCut released fixes for their MF and NG versions on March 8th, 2023, while keeping their partners and customers informed through various communication channels. Importantly, they confirmed that these vulnerabilities did not impact Multiverse and Print Logger. Trend Micro shared further technical details on their website on March 14th, 2023.
In early April, PaperCut provided updates about unpatched servers being exploited, and published a blog post on the security issue. PaperCut revised their FAQ section to include alternative options for those unable to upgrade to the security patch. They also added more FAQs to explain their proactive support for customers and shared details about exploit detection. Organizations that have yet to patch should assume a breach. Patches have been available since early March 2023, and impacted organizations must apply these patches promptly to mitigate the risk of further attacks.
On April 19th, Horizon3 released a working Proof of Concept (POC) on GitHub, reducing the attack complexity severely. Horizon3 proofs-of-concept have a history of stability, reliability, and reducing the complexity of attacks. Additionally, printer services like PaperCut should be within a trusted perimeter; however, organizations should review their attack surface for misconfigurations and business expectations exposing printers to the Internet. Regular review and audit of network configurations help identify potential vulnerabilities and ensure a more secure environment.
The eSentire Threat Intelligence is actively tracking emerging details and incidents and has observed attacks leading to the deployment of cryptocurrency miners in late April.
References:
[1] https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
[2] PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise
[3]GitHub - horizon3ai/CVE-2023-27350: Proof of Concept Exploit for PaperCut CVE-2023-27350