Additionally, users can apply “Allow list” restrictions under Options > Advanced > Security > Allowed site server IP addresses, setting this to only allow the IP addresses of verified Site Servers on their network. Users can lock down network access to their server(s) by blocking all inbound traffic from external IPs to the web management port (port 91 by default) and blocking all inbound traffic to the web management portal on the firewall to the server.
#TCAPS WEB PRINT PAPERCUT NG PATCH#
For users with a currently supported version (version 20 or later), they can upgrade to any maintenance release version they are licensed for.\ If upgrading to a security patch is not possible, there are alternative options to enhance security. Customers using these older versions are advised to purchase an updated license online for PaperCut NG or through their PaperCut Partner for PaperCut MF. PaperCut MF/NG versions 19 and older have reached their end-of-life, as documented on the End of Life Policy page. Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud.
The advisory provides information on detecting exploitation attempts and shares known indicators of compromise (IOCs) associated with the group’s activities.
In early May 2023, a group identifying themselves as the Bl00dy Ransomware Gang targeted vulnerable PaperCut servers within the Education Facilities Subsector. The FBI has issued a joint advisory concerning the exploitation of a PaperCut MF/NG vulnerability (CVE-2023-27350) by malicious actors, which began in mid-April 2023 and has been ongoing.
0 kommentar(er)
