Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hacker group uses Solaris zero-day to breach corporate networks
November 2, 2020
Mandiant, the investigations unit of security firm FireEye, has published details today about a new threat actor it calls UNC1945 that the security firm says it used a zero-day vulnerability in the Oracle Solaris operating system as part of its intrusions into corporate networks. Regular targets of UNC1945 attacks included the likes of telecommunications, financial, and ...
- Google patches second Chrome zero-day in two weeks
November 2, 2020
Google has released a security update today for its Chrome web browser that patches ten security bugs, including one zero-day vulnerability that is currently actively exploited in the wild. Identified as CVE-2020-16009, the zero-day was discovered by Google’s Threat Analysis Group (TAG), a security team at Google tasked with tracking threat actors and their ongoing operations. Read ...
- Windows kernel zero-day disclosed by Google’s Project Zero after bug exploited in the wild by hackers
October 30, 2020
Google’s Project Zero bug-hunting team has disclosed a Windows kernel flaw that’s being actively exploited by miscreants to gain administrator access on compromised machines. The web giant’s bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder. The privilege-escalation issue ...
- Oracle WebLogic Server RCE Flaw Under Active Attack
October 29, 2020
If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.” Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The console component of the WebLogic Server has a flaw, CVE-2020-14882, ...
- FBI: Hackers stole government source code via SonarQube instances
October 27, 2020
The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. SonarQube is an open-source platform for automated code quality auditing and static analysis to discover bugs and security vulnerabilities in projects using 27 programming languages. Vulnerable SonarQube servers have ...
- Nvidia tackles code execution flaws, data leaks in GeForce Experience
October 23, 2020
Nvidia has resolved a trio of vulnerabilities impacting the GeForce Experience suite. GeForce Experience is software designed by Nvidia with games and live streamers in mind, including driver update management, driver optimization for gaming and graphics cards, and both video & audio capture. On October 22, Nvidia said the firm’s latest security update tackles issues found in ...