If anyone has questions about it feel free to respond back and I'll be happy to try and provide whatever insight I can since PaperCut is tight-lipped about this currently. I really can't say enough good things about Sophos and Druva(our cloud backup) during this particular event. SophosLabs had also been watching our telemetry data and called us to verify that we saw the activity and wanted to to help out in this situation. The current compromised server will be laid to rest at that point just to be safe. PaperCut MF - If you have PaperCut MF then you can obtain the installation software from your PaperCut Authorised. Before upgrading, it’s worth making sure that your license allows you to upgrade, by checking out the Upgrade Policy. We have received two vulnerability reports from a 3rd party cyber security company (Trend Micro), for high/critical severity security issues in PaperCut MF/NG. PaperCut NG - If you are using a licensed version of PaperCut NG, you can upgrade to the latest version here. We've already restored a backup that was prior to the first event, patched the server and plan to put it into production this weekend during some scheduled downtime. Two exploits in papercut, ones an RCE vulnerability rated at 9.8 and they have seen it being exploited in the wild.Time to patch your Papercut servers. In any case we cleaned the server, immediately patched it and have been watching it for a couple days for suspicious activity. All this happened a full 2 days *before* PaperCut announced the vulnerability. Once we got that alert from Sophos we looked to event logs to backtrack what had happened and removed the offending malware/remote apps. I say "were" because Sophos saved our ass and had flagged those apps and crippled them. Atera Agent and SplashTop Streamer were installed and were going to be the remote access agents. After that happened, we didn't see any activity for about 24 hours and then two applications were installed using a SYSTEM process from the same PaperCut directory. Someone used the vulnerability to drop update.dll into our PaperCut directory. I can't speak for what Papercut has seen but we saw this first hand this week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |