We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Ransomware Gangs Exploit PaperCut Vulnerabilities

Ransomware Gangs Exploit PaperCut Vulnerabilities
Author Image Keira Waddell
Keira Waddell Published on 28th April 2023 Senior Writer

PaperCut, a popular print management software, has suffered from severe security vulnerabilities in recent months that have been used to deploy ransomware attacks. The software is used by local governments, large companies, and education and healthcare institutions.

PaperCut released a statement on April 19th advising customers to update to the latest version of their software and to ensure that their systems are fully patched and up to date in order to prevent further attacks.

One of the vulnerabilities, identified as CVE-2023-27350, has been scored 9.8 out of 10 in severity, indicating that an unauthenticated attacker could execute malicious code on a server remotely without the need for credentials.

The company also identified the flaw, CVE-2023-27351, which holds a severity rating of 8.2 out of 10. The bug enables attackers to extract data from PaperCut servers belonging to customers, including but not limited to usernames, full names, email addresses, department information, and payment card numbers associated with the accounts.

Both vulnerabilities have been fixed by recent patches, but many organizations are yet to apply the vital updates, leaving them vulnerable to attack.

In a recent statement to BleepingComputer, the Clop ransomware gang claimed responsibility for attacks on PaperCut servers, which they’ve allegedly been exploiting since April 13th. They said that they used the vulnerabilities to gain access to networks, rather than steal documents from the servers themselves. The group recently exploited zero-day vulnerabilities in the GoAnywhere secure file-sharing platform to steal the data of 130 organizations.

In addition to Clop, Microsoft also stated that some exploitations of these vulnerabilities have led to the deployment of malware linked with Lockbit, another prolific ransomware gang.

Huntress, a cybersecurity firm, has reported that it has observed hackers exploiting the vulnerabilities to implant remote management software such as Atera and Syncro to backdoor unpatched servers. Huntress has identified around 1,800 PaperCut servers that are exposed to the internet, leaving them vulnerable.

The Cybersecurity and Infrastructure Security Agency included the most severe CVE-2023-27350 flaw in its list of vulnerabilities that are being actively exploited. Federal agencies have been instructed to secure their systems against ongoing exploitation within three weeks, by May 12th.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.