• Latest
  • Trending
HP Printer Hijack Bugs Impact 150 Models

HP Printer Hijack Bugs Impact 150 Models

December 2, 2021
Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022
Tesla announces the date for its second AI day

Tesla announces the date for its second AI day

May 18, 2022
AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors

AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors

May 18, 2022
Ericsson to Take Part at GSMA’s Mobile 360 Convention in Riyadh

Ericsson to Take Part at GSMA’s Mobile 360 Convention in Riyadh

May 18, 2022
InterSAT and SES renew partnership to accelerate digital inclusion across Africa

InterSAT and SES renew partnership to accelerate digital inclusion across Africa

May 18, 2022
Applications open for Google Black Founders Fund Africa

Applications open for Google Black Founders Fund Africa

May 18, 2022
Hackers nail Zambia’s Central Bank

Hackers nail Zambia’s Central Bank

May 18, 2022
Western Digital UltraStar DC SN650 NVMe SSDs Announced

Western Digital UltraStar DC SN650 NVMe SSDs Announced

May 18, 2022
OWC Announces Envoy Pro mini Pocket-Sized USB-C and USB-A SSD

OWC Announces Envoy Pro mini Pocket-Sized USB-C and USB-A SSD

May 18, 2022
Transcend Grade 112-Layer 3D NAND SSDs With DRAM Cache

Transcend Grade 112-Layer 3D NAND SSDs With DRAM Cache

May 18, 2022
VMware Certification for Pavilion NVMe-oF Flash Array

VMware Certification for Pavilion NVMe-oF Flash Array

May 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 19 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

HP Printer Hijack Bugs Impact 150 Models

by ITECHNEWS
December 2, 2021
in Infosec
0 0
0
HP Printer Hijack Bugs Impact 150 Models

Security researchers have discovered two vulnerabilities in multi-function printers (MFPs) which impacted 150 product models.

F-Secure security consultants Timo Hirvonen and Alexander Bolshev have written up their findings in a detailed report, Printing Shellz.

YOU MAY ALSO LIKE

US and EU Move Closer on Cyber in New Trade Pact

Hackers can steal your Tesla Model 3, Y using new Bluetooth attack

Specifically, they found a physical access port vulnerability (CVE-2021-39237) and a font parsing bug (CVE-2021-39238) in HP’s MFP M725z device. They turned out to affect scores more products in the FutureSmart line dating back to 2013.

CVE-2021-3928 is the more dangerous of the two as it can be exploited remotely, potentially by tricking an employee into visiting a malicious website, to conduct a “cross-site printing” attack. Here, the website would automatically print a document containing a maliciously crafted font on a vulnerable MFP, said F-Secure.

This would allow an attacker to execute arbitrary code on the machine to steal any printed, scanned or faxed information, including device passwords.

The report claimed that it could also enable attackers to launch deeper attacks into the corporate network to spread ransomware, steal data from more sensitive data stores and achieve other goals.

The bugs are also wormable, meaning multiple MFPs on the same network could be automatically impacted.

“It’s easy to forget that modern MFPs are fully-functional computers that threat actors can compromise just like other workstations and endpoints. And just like other endpoints, attackers can leverage a compromised device to damage an organization’s infrastructure and operations,” explained F-Secure’s Hirvonen.

“Experienced threat actors see unsecured devices as opportunities, so organizations that don’t prioritize securing their MFPs like other endpoints leave themselves exposed to attacks like the ones documented in our research.”

HP has issued patches for the vulnerabilities, which are described as “medium” (CVE-2021-39237) and critical severity (CVE-2021-39238).

Although they’re only thought to be exploitable by advanced targeted attackers, enterprises were urged to patch them as soon as possible.

Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine

ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022
Tesla announces the date for its second AI day

Tesla announces the date for its second AI day

May 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU

May 18, 2022
Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs

May 18, 2022

Recent News

  • Lenovo’s 16-inch ThinkPad claims desktop-like performance with 55 W Intel CPU May 18, 2022
  • Testing shows AMD’s FSR 2.0 can even help lowly Intel integrated GPUs May 18, 2022
  • Tesla announces the date for its second AI day May 18, 2022
  • AMD and Qualcomm to Optimize FastConnect Connectivity for AMD Ryzen Processors May 18, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version