Aggregator

An anonymous reader quotes a report from SecurityWeek: Hundreds of printer models from Brother and other vendors are impacted by potentially serious vulnerabilities discovered by researchers at Rapid7. The cybersecurity firm revealed on Wednesday that its researchers identified eight vulnerabilities affecting multifunction printers made by Brother. The security holes have been found to impact 689 printer, scanner and label maker models from Brother, and some or all of the flaws also affect 46 Fujifilm Business Innovation, five Ricoh, six Konica Minolta, and two Toshiba printers. Overall, millions of enterprise and home printers are believed to be exposed to hacker attacks due to these vulnerabilities. The most serious of the flaws, tracked as CVE-2024-51978 and with a severity rating of 'critical', can allow a remote and unauthenticated attacker to bypass authentication by obtaining the device's default administrator password. CVE-2024-51978 can be chained with an information disclosure vulnerability tracked as CVE-2024-51977, which can be exploited to obtain a device's serial number. This serial number is needed to generate the default admin password. "This is due to the discovery of the default password generation procedure used by Brother devices," Rapid7 explained. "This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process." Having the admin password enables an attacker to reconfigure the device or abuse functionality intended for authenticated users. The remaining vulnerabilities, which have severity ratings of 'medium' and 'high', can be exploited for DoS attacks, forcing the printer to open a TCP connection, obtain the password of a configured external service, trigger a stack overflow, and perform arbitrary HTTP requests. Six of the eight vulnerabilities found by Rapid7 can be exploited without authentication. Brother has patched most of the flaws, but CVE-2024-51978 requires a new manufacturing process to fully resolve, which will apply only to future devices.

Read more of this story at Slashdot.

It is a great spot for a day out this summer

Queen Rania of Jordan, 54, appeared to be in high spirits as she was helped onto a water taxi in Venice with the other star-studded guests for Bezos' lavish wedding bash.

The crash happened this morning and road closures are ongoing

Brooklyn Beckham and Nicola Peltz appear to be putting down roots and building a dream life together - far away from the Beckham clan, DailyMail.com can reveal.

Drivers are convinced the 'nightmare' roundabout is the 'craziest' in the UK and one learner driver is stressed about potentially having to tackle it on their driving test

Tensions are running high after a massive revolt forced the PM to offer major concessions to salvage flagship legislation on health and disability benefits.

Venice Wallace, 29, said she was ready to "go to war" for the sunbeds in her Tenerife hotel.

Three weeks ago footballer Kian Harratt had the world at his feet - he had just scored the winning goal in extra time at Wembley to earn Oldham Athletic promotion back to the football league.

Or so hear members of Parliament in the UK

UK lawmakers have learned there is no international protocol for making decisions over how to respond to a prospective life-threatening asteroid strike on Earth.…

Cruise holidays give tourists the chance to tick off several top destinations on one trip. But, unfortunately not every port leaves cruise holidaymakers hungry for more

Sille Rydell, a flight attendant and content creator from Copenhagen, shared a TikTok video on her account @sillerydell , highlighting clothing items she advises against wearing while flying.

James Norton is 'crazily grateful' for the 'pain' of his split from Imogen Poots. The actor, now 39, got engaged to the 28 Weeks Later actress, 36, in 2022 after four years together, but they split in 2023.

The Cotswolds has undergone a radical transformation. The lanes are still winding, the walls still honey-stoned - but behind the gates these days are A-list stars planting vines.

Which? tech experts have revealed the simple tricks to speed up your old tech without having to splash out for costly upgrades.

Michael Linfoot, 24, Callum Hesketh, 24, and Thomas Rae, 24, all of Chorley in Greater Manchester, were all convicted of offences in 2018 on Thursday.

Flying Ant Day, when millions of winged ants are released into the sky to mate, is expected to be one of the biggest in recent memory, with huge swarms forecast

The footballer was pictured with his arm in a sling as he recovered in a hospital bed, with wife Victoria, 51, posting a message of support on Instagram.

The supermodel, 27, looked incredible as she waltzed through the Italian streets in a backless gown with ruffled detailing as she attended the couple's pre-wedding dinner.

EXCLUSIVETheir crime empires are worth millions and reach into the UK, Spain and Dubai.