PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 were launched in March 2023, preaching the critical-severity flaw and CVE-2023–27351, a high-severity bug leading to data vulnerability.
While Huntress and Microsoft stated that hackers had used both vulnerabilities, PaperCut has only cited CVE-2023-27350 being manipulated in attacks.
Microsoft confirms Huntress’s observations and says the bad actors executed PowerShell commands to drop TrueBot on vulnerable systems.
Read more: Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.