CyberWire Daily - CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
Episode Date: May 12, 2023FBI and CISA are releasing this joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, sof...tware applications that help organizations manage printing services, and enables an unauthenticated actor to execute malicious code remotely without credentials. AA23-131A Alert, Technical Details, and Mitigations PaperCut: URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) Huntress: Critical Vulnerabilities in PaperCut Print Management Software No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered 11th, 2023.
FBI and CISA are releasing this joint cybersecurity advisory in response to the active exploitation of CVE-2023-27350.
This vulnerability occurs in certain versions of Papercut NG and Papercut MF,
software applications that help organizations manage printing services, and enables an unauthenticated user to execute malicious code remotely without credentials.
PaperCut released a patch for this vulnerability in March 2023.
According to FBI-observed information,
malicious actors exploited this vulnerability beginning in mid-April 2023
and continue these activities today. In early May 2023, a group self-identifying as the Bloody
Ransomware Gang attempted to exploit vulnerable papercut servers against the education facility
subsector. The report linked in the show notes provides detection methods and indicators of
compromise associated with Bloody Ransomware gang activity. FBI and CISA strongly encourage users and administrators to immediately apply
patches or workarounds if unable to patch. FBI and CISA encourage organizations who did not patch
immediately to assume compromise and hunt for malicious activity using the detection signatures
in the advisory documentation. If potential compromise is detected,
organizations should apply the incident response recommendations
included in the report.
To report incidents and anomalous activity
or to request incident response resources or technical assistance,
contact CISA at report at cisa.gov,
call 888-282-0870
or report incidents to your local FBI field office.
This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency,
and edited and adapted for audio by N2K Networks as a public service.
Please visit www.cisa.gov to read the full report, which may include additional details, links, and illustrations.
A link to this report can be found in the show notes.
This has been a CISA Cybersecurity Alert.