Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Remote Wi-Fi Attack Backdoors iPhone 7
September 27, 2017
Google on Tuesday disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the iPhone 7,” said Google Project Zero researcher Gal Beniamini, whose ...
- 2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw
September 27, 2017
A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw. Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April 2015. Since it was not recognised as a serious bug at that ...
- Researchers promise demo of ‘God-mode’ pwnage of Intel mobos
September 26, 2017
Security researchers say they’ve found a way to exploit Intel’s accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December. Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”. Intel Management Engine (ME), a microcontroller that ...
- macOS High Sierra Zero-Day Exploit Puts Users’ Stored Keychain Passwords at Risk
September 25, 2017
It would appear that Apple’s recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked. Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS ...
- EternalBlue Exploit Used in Retefe Banking Trojan Campaign
September 22, 2017
Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers at Proofpoint. Earlier this year, researchers at Flashpoint observed the TrickBot ...
- IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS
September 22, 2017
An IoT botnet is making a nuisance of itself online after becoming a conduit for spam distribution. Linux.ProxyM has the capability to engage in email spam campaigns with marked difference to other IoT botnets, such as Mirai, that infamously offered a potent platform for running distributed-denial-of-service attacks (DDoSing). Other IoT botnets have been used as proxies ...