2 min read
Articles of interest from the week of April 24, 2023
John Frasier Apr 27, 2023 10:30:00 AM
Exploit Released for PaperCut Flaw Abused To Hijack Servers, Patch Now
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.
The software's developer claims it's used by more than 100 million users from over 70,000 companies worldwide.
The two security flaws (tracked as CVE-2023-27350 and CVE-2023-27351) allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction. (BleepingComputer)
“When implementing scripting capabilities into an application or service, especially one that has the option to be web-exposed, security needs to be a higher priority. It is always important to consider what bad actors may do or how they may abuse a service or application. Innately, we develop and build things with good intentions, however, in order to protect the good people from the bad, it is sometimes crucial to shape our perspective as if we were the bad guys. This perspective shift could help us be more proactive in preventing these types of vulnerabilities, instead of always having to react to them.”
– Sean Scully, CTI Threat Hunter at Ingalls Information Security
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks
The mass compromise of the VoIP firm's customers is the first confirmed incident where one software supply chain attack enabled another, researchers say. (WIRED)
Ransomware Gangs Abuse Process Explorer Driver To Kill Security Software
Threat actors use a new hacking tool dubbed AuKill to disable Endpoint Detection & Response (EDR) Software on targets' systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks.
In such attacks, malicious actors drop legitimate drivers signed with a valid certificate and capable of running with kernel privileges on the victims' devices to disable security solutions and take over the system. (BleepingComputer)
Wargaming an Effective Data Breach Playbook
A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simulate diverse situations to give them a proactive edge. (Help Net Security)
LockBit Ransomware Targets Apple Silicon Macs for the First Time
Security researchers discovered a new version of the LockBit ransomware which targets Apple's Mac computers for the first time.
As 9To5Mac reports, until now the LockBit ransomware has focused on infecting Windows and Linux machines, but a new build named "locker_Apple_M1_64" suggests macOS infections are imminent. According to MalwareHunterTeam, which discovered the new build, there are versions of the ransomware for PowerPC Macs, too. (PC Magazine)