Security Researchers has found an exploit to bypass detection for PaperCut Vulnerability.
TheHackerews

Security Researchers has found an exploit to bypass detection for PaperCut Vulnerability.

Ephraim Norbert Ephraim Norbert

Ephraim Norbert

Cybersecurity & DevOps Engineer | Cloud Security Specialist | Mentor & Instructor (Trained 100+ Students)

发布日期: 2023年5月9日
+ 关注

PaperCut received the report from a customer of suspicious activity on their PaperCut server on the 18th of April.

Tracked as CVE - 2023 - 27350, CVSS score: 9.8 (Critical) enabled remote code execution vulnerability that could lead to exploit by unauthorized attacker to execute arbitrary code with SYSTEM privilege's.

The earliest signature of suspicious activity the customer server was linked to this vulnerability on April 13th.

"We've had report of customers being late to patch, and as a result their server have been exposed for a number of weeks" says Chris Dance, PaperCut CEO

The flaws have been patched by an Australian Company on the 8th of March. Since then, the vulnerability has been weaponized by multiple threads grops, including ransomware actors, with post-exploitations resulting in the execution of Powershell commands, designed to drop additional payloads.

要查看或添加评论,请登录

Ephraim Norbert的更多文章

  • Bypass cookies using cookie manipulation
    2024年11月11日

    Bypass cookies using cookie manipulation

    Cookies store important information in a user’s browser and are generated by the web server, acting as a user’s…

    6 条评论
  • Active Directory Project
    2024年10月24日

    Active Directory Project

    Active Directory (AD) is a directory service developed by Microsoft that is used for managing computers, users, groups,…

    1 条评论
  • What is Log Analysis: Importance and use Cases.
    2024年4月29日

    What is Log Analysis: Importance and use Cases.

    A log file is a chronological record of events that occur within a system. It contains detailed information about each…

  • OSI Model: A Framework for Data Transmission
    2023年9月14日

    OSI Model: A Framework for Data Transmission

    Telecommunication encompasses the transmission of information across vast distances through electromagnetic methods…

  • Malware Reverse Engineering
    2023年8月31日

    Malware Reverse Engineering

    The rise of cyber threats has emerged as a significant concern, presenting a substantial danger to society. Malware…

  • Exploring Web Directory and File Brute Forcing with WFUZZ
    2023年8月15日

    Exploring Web Directory and File Brute Forcing with WFUZZ

    Penetration Testers and ethical hackers often perform vulnerability assessments to find flaws in web applications. One…

  • Cyber Kill Chain
    2023年7月26日

    Cyber Kill Chain

    The latest UK government survey showed that 32% of businesses and 24% of charities overall recall any breaches or…

    1 条评论
  • Penetration Testing Tools
    2023年7月24日

    Penetration Testing Tools

    Penetration testing, also known as ethical hacking, involves simulating cyberattacks on computer systems, networks, or…

  • Linux: A Key Element for Hacking and IT Security
    2023年7月21日

    Linux: A Key Element for Hacking and IT Security

    In the competitive world of IT, hacking has become a prestigious career. To succeed in this field, having a deep…

    2 条评论
  • Cybersecurity 101: A beginner’s guide to online safety.
    2023年7月3日

    Cybersecurity 101: A beginner’s guide to online safety.

    Since the creation of the Internet and the start of the recent digital transformation, cybersecurity has gained broad…

    1 条评论

社区洞察

其他会员也浏览了