CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability
CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability (CVE-2023-27350). FBI observed malicious actors exploit CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, FBI observed a group self-identifying as the Bl00dy Ransomware Gang attempting to exploit vulnerable PaperCut servers against the Education Facilities Subsector. The advisory further provides detection methods for exploitation and details known indicators of compromise (IOCs) related to the group’s activity.
CISA encourages network defenders to review and apply the recommendations in the Detection Methods and Mitigations sections of this CSA. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released […]
CISA Releases Fifteen Industrial Control Systems Advisories
CISA released fifteen Industrial Control Systems (ICS) advisories on May 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-131-01 Siemens Solid Edge
ICSA-23-131-02 Siemens SCALANCE W1750D
ICSA-23-131-03 Siemens Siveillance
ICSA-23-131-04 Siemens SIMATIC Cloud Connect 7
ICSA-23-131-05 Siemens SINEC NMS Third-Party
ICSA-23-131-06 Siemens SCALANCE LPE9403
ICSA-23-131-07 Sierra Wireless AirVantage
ICSA-23-131-08 Teltonika Remote Management System and RUT Model Routers
ICSA-23-131-09 Rockwell Automation Kinetix 5500 EtherNetIP Servo Drive
ICSA-23-131-10 Rockwell Automation Arena Simulation Software
ICSA-23-131-11 BirdDog Cameras & Encoders
ICSA-23-131-12 SDG PnPSCADA
ICSA-23-131-13 PTC Vuforia Studio
ICSA-23-131-14 Rockwell PanelView 800
ICSA-23-131-15 Rockwell ThinManager
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Royal: Ransomware se expande a objetivos Linux y VMware ESXi
El grupo de Ransomware “Royal”, quien fuera visto por primera vez en septiembre de 2022 y cuyos miembros habrían sido exmiembros del grupo conocido como Conti. Han expandido su arsenal y ahora apuntan a entornos de Linux y VMware ESXi a través de malware desarrollado en binario de formato ejecutable y enlazable (ELF). A diferencia […]