Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New Roboto botnet emerges targeting Linux servers running Webmin
November 20, 2019
A cybercrime group is enslaving Linux servers running vulnerable Webmin apps into a new botnet that security researchers are currently tracking under the name of Roboto. The botnet’s appearance dates back to this summer and is linked to the disclosure of a major security flaw in a web app installed on more than 215,000 servers — ...
- Thousands of businesses vulnerable to ‘severe’ Oracle EBS flaws
November 20, 2019
Security researchers at Onapsis have discovered a number of ‘severe’ vulnerabilities in Oracle’s E-Business Suite (EBS) that could leave more than 21,000 organisations at risk of financial theft and fraud. Oracle EBS has become a critical set of products that help to integrate customer relationship management (CRM), enterprise resource planning (ERP) and supply chain management processes within a ...
- New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices
November 16, 2019
The vulnerability affects both consumers as well as enterprise apps of WhatsApp for all major platforms, including Google Android, Apple iOS, and Microsoft Windows. According to an advisory published by Facebook, which owns WhatsApp, the list of affected app versions are as follows: Android versions before 2.19.274 iOS versions before 2.19.100 Enterprise Client versions before 2.25.3 Windows Phone versions before and ...
- McAfee antivirus software impacted by code execution vulnerability
November 12, 2019
Researchers have revealed a serious code execution vulnerability impacting all editions of McAfee software. On Tuesday, the SafeBreach Labs cybersecurity team said that CVE-2019-3648 can be used to bypass McAfee’s self-defense mechanisms, potentially leading to further attacks on a compromised system. The vulnerability exists due to a failure to validate whether or not loading DLLs have been signed, and a path ...
- Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam
November 4, 2019
Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the ...
- Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
November 1, 2019
Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there was a ...