PaperCut printer security flaw may be much worse than initially thought

News
By
published

There are multiple PoCs available now

printer-in-office
(Image credit: Future)

More information has been revealed about how criminals are using the recently-discovered PaperCut security flaws, which looked to use humble office printers to gain entrance to corporate networks.

According to a new report on BleepingComputer, cybercriminals are using two flaws in the popular print management software to deliver the Atera remote management software to vulnerable endpoints. Such software allows the attackers to take full control of the target devices. 

We have also gotten two proofs-of-concept (PoC) showcasing exactly how the vulnerabilities could be exploited, exponentially increasing their destructive potential. The first PoC was released by attack surface assessment firm Horizon3, which explained that the exploit allows for "remote code execution by abusing the built-in 'Scripting' functionality for printers."

Few targets

The managed cybersecurity platform providers Huntress also showcased their PoC, but only in the form of a video demo. The actual PoC is yete to be released.

The silver lining is that there are only around 1,700 internet-exposed PaperCut servers that the attackers could target, BleepingComputer says, citing data from a Shodan search. Still, even one successful attack is one too many.

There are patches and workarounds for the flaws, though, so users are advised to address the problem immediately and minimize any potential risk. System admins should make sure their software is patched to versions 20.1.7, 21.2.11 (MF), and 22.0.9 (NG). 

Read more

> > 50,000 printers hacked to promote YouTuber

> Thousands of printers hacked across the globe after critical flaw exposed

> Here's a rundown of the best endpoint protection solutions today

The second flaw can also be mitigated by applying “Allow list” restrictions found in Options > Advanced > Security > Allowed site server IP addresses, and only allowing verified Site Server IP addresses to access the network.

Those interested in double-checking whether or not your systems were compromised are out of luck, as PaperCut says it’s impossible to determine, with absolute certainty, if a threat actor breached the network. 

The devs suggested IT teams look for suspicious activity in the PaperCut admin interface under Logs > Application Log, including updates from a user called [setup wizard]. They can also look for new users being created, or configuration keys changed. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Digital image of a lock.
Xerox printer security risk could let hackers sneak into your systems
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Cyber-security
Top file-sharing tools are being hit by security attacks once again
The best free firewall
Palo Alto warns another major firewall hack has been detected
The best free firewall
Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers
Ransomware
QR codes can be used to crack this vital browser security tool
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Close up of PS5 DualSense controller leaning on a PS5
Sony goes full Xbox Insider with new Beta Program at PlayStation initiative, offering the testing of new games and features before release
Artificial Intelligence
Amazon is apparently going all-in on agentic AI
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Close up of PS5 DualSense controller leaning on a PS5

Sony goes full Xbox Insider with new Beta Program at PlayStation initiative, offering the testing of new games and features before release
See more latest
Most Popular
Close up of PS5 DualSense controller leaning on a PS5
Sony goes full Xbox Insider with new Beta Program at PlayStation initiative, offering the testing of new games and features before release
Artificial Intelligence
Amazon is apparently going all-in on agentic AI
A collage of Daredevil in Daredevil: Born Again and Tom Holland's Peter Parker in Spider-Man: Far From Home
Daredevil: Born Again episode 2 just gave me hope that the titular hero will join forces with Spider-Man in the MCU, but it won't happen on Disney+
Circular Ring 2
The Circular Ring 2 solves a crucial smart ring problem, and it's available to pre-order now
HTC Viverse
The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results