Network Security News | Ingalls Information Security

Articles of interest from the week of August 14, 2023

Written by John Frasier | Aug 14, 2023 4:00:00 AM

New PaperCut Critical Bug Exposes Unpatched Servers to RCE Attacks

PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers.

Tracked as CVE-2023-39143, the flaw results from a chain of two path traversal weaknesses discovered by Horizon3 security researchers that enable threat actors to read, delete, and upload arbitrary files on compromised systems following low-complexity attacks that don't require user interaction. (BleepingComputer)

 

"Comprehending the capabilities and features of diverse software and products before deployment is now more critical than ever. While specific features can enhance usability and functionality, understanding the mechanics of these integrations and configuring them properly, or disabling them altogether if unnecessary, can assist in mitigating vulnerabilities such as this.

Craig Flynn, SOC Analyst Lead at Ingalls Information Security

 

 

Takeovers of MFA-Protected Accounts Increase, As Microsoft 365 Phishing Campaign Shows

The new phishing campaign targets business executives and uses EvilProxy to defeat multifactor authentication. (CSO)

 

Microsoft Patch Tuesday, August 2023 Edition

Microsoft Corp. recently issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. (Krebs on Security)

 

Over 120,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. (The Hacker News)

 

Whirlpool Malware Rips Open Old Barracuda Wounds

CISA has found yet another backdoor malware variant in compromised Barracuda systems with zero-day ESG vulnerability. Advanced persistent threat (APT) attacks targeting a former zero-day remote command injection vulnerability in Barracuda email security gateway (ESG) appliances have been detected by the US cybersecurity and infrastructure security agency. (CSO)