Security Notices

Jul 14, 2021

CVE-2021-34527 Security Vulnerability

Executive Summary

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Apr 22, 2021

canstockphoto84767632 2FAPaperClip, Inc. and Lion Street, Inc. are dedicated to ensuring information security for the systems you rely on. Due to the nature of the information contained in PaperClip VCF, it is necessary we take additional account security measures on your PaperClip account.

On May 3, 2021, we will enable two-factor authentication (2FA), which will require you to enter a personalized code sent to your email account that is associated with PaperClip to be entered along with your existing PaperClip username and password.

Dec 18, 2020

On Sunday December 13, 2020 the Department of Homeland Security (DHS) released Emergency Directive 21-01 about the SolarWinds Orion Code Compromise, now being referred to as SunBurst. The active global attack targets versions 2019.4 through 2020.2.1 HF1 of the SolarWinds Orion Platform software that was released between March and June 2020. The breach resulted in a supply chain attack on SolarWinds customers through code compromise in the SolarWinds Orion software package. This exploit can give attackers access to companies networks and data.

PaperClip DOES NOT use SolarWinds Orion, or any SolarWinds product in which Orion is a component.

PaperClip Support.

Sep 25, 2017

This notice is informational only and does not affect ANY of PaperClip's services.

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

National Institute of Standards and Technology - NATIONAL VULNERABILITY DATABASE

PaperClip Support

Back to top