At a glance.
- Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns.
- Infostealer traded in the C2C market.
- All ads are trying to get your money, but some just take it.
- CISA requests comment on software self-attestation form.
- Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes.
- No genuine hacktivists on Russia's side?
Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns.
Microsoft tweeted Wednesday that they had attributed two campaigns exploiting vulnerabilities on PaperCut printers to Cl0p and BitLock. The two vulnerabilities (CVE-2023–27350 and CVE-2023–27351) were announced in a 19 April post by PaperCut. The company urged all admins to update their firmware with the latest patch to address them. Microsoft explained that they traced the infections back to a period before the vulnerabilities were discovered on April 13th. Microsoft said, “We’re monitoring other attacks also exploiting these vulnerabilities, including intrusions leading to Lockbit deployment. More threat actors could follow suit. It’s critical for orgs to follow PaperCut’s recommendation to upgrade applications and servers: https://msft.it/6018gPn92.” BleepingComputer, who’s periodically in touch with the Cl0p operators, reports, “The Clop ransomware operation confirmed to BleepingComputer that they were behind the attacks on PaperCut servers, which they started exploiting on April 13th… In reply to our questions about the LockBit attacks, Microsoft said they had nothing further to share.”