Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- A bug in an Irish government website exposed COVID-19 vaccination records
March 14, 2024
Two years ago, the Irish government fixed a vulnerability in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents. But details of the vulnerability weren’t revealed until this week after attempts to coordinate public disclosure with the government agency stalled and ended. Security researcher Aaron Costello said he discovered the ...
- CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
March 13, 2024
The Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited CVE-2024-21412 through the use of fake software installers. During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led ...
- Is Cybersecurity The Achilles’ Heel Of The Electric Vehicle Revolution?
March 12, 2024
The electric vehicle (EV) sector, though nascent and in its formative years, faces numerous challenges. Recent concerns, such as “range anxiety” (a vehicle battery’s charge and ability to complete a planned journey) among consumers and incidents of vehicles losing power in cold temperatures, have contributed to a slowdown in adoption. While the trajectory of electric vehicle ...
- Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
March 8, 2024
On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The exploitation of these vulnerabilities was quickly adopted by a number of threat actors, resulting in a broad range of malicious activities. Check Point Research ...
- Update now! JetBrains TeamCity vulnerability abused at scale
March 8, 2024
JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server. TeamCity is a build management and continuous integration and deployment server ...
- Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix
March 8, 2024
VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws affect customers who have deployed VMware Workstation, VMware Fusion, and/or ...