Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Many problems with cyber security of Schipihol’s border control: Court of Audit
April 20, 2020
Schiphol is very vulnerable to cyber attacks, the Court of Audit concluded after investigating the cyber security of the border control systems the Koninklijke Marechaussee uses at the airport. Two of the three systems are not properly protected against cyber attacks, NOS reports. Systems at Schiphol are hardly ever tested for how well they can stand ...
- Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment
April 20, 2020
A team of academics says they’ve discovered a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can ...
- DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs
April 17, 2020
Companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems, cyber-security agencies from the US and Japan have warned this month. Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet. Last year, a major vulnerability ...
- Academics steal data from air-gapped systems using PC fan vibrations
April 17, 2020
Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems. The technique, codenamed AiR-ViBeR, is the latest in a long list of wacky data exfiltration techniques devised by Mordechai Guri, the head of R&D at the ...
- Apple Safari Flaws Enable One-Click Webcam Access
April 6, 2020
A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link. Security researcher Ryan Pickren has revealed ...
- DarkHotel hackers use VPN zero-day to breach Chinese government agencies
April 6, 2020
Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide ...