FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
EwDoor botnet targets AT&T network edge devices at US firms
Android banking malware infects 300,000 Google Play users
Finland warns of Flubot malware heavily targeting Android users
Get this pocket-sized 4K projector for $200 in extended Cyber Monday
Europol: 18k money mules caught laundering money from online fraud
VirusTotal Collections feature helps keep neat IoC lists
State-backed hackers increasingly use RTF injection for phishing
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.
Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time.
HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1, 2021.
These are CVE-2021-39237 and CVE-2021-39238. For a complete list of the affected products, click on the tracking numbers for the corresponding advisories.
The first one concerns two exposed physical ports that grant full access to the device. Exploiting it requires physical access and could lead to potential information disclosure.
The second one is a buffer overflow vulnerability on the font parser, which is a lot more severe, having a CVSS score of 9.3. Exploiting it gives threat actors a way to remote code execution.
CVE-2021-39238 is also “wormable,” meaning a threat actor could quickly spread from a single printer to an entire network.
As such, organizations must upgrade their printer firmware as soon as possible to avoid large-scale infections that start from this often ignored point of entry.
F-Secure’s Bolshev and Hirvonen used an HP M725z multi-function printer (MFP) unit as their testbed to discover the above flaws.
After they reported their findings to HP on April 29, 2021, the company found that, unfortunately, many other models were also affected.
As the researchers explain in F-Secure’s report, there are several ways to exploit the two flaws, including:
To exploit CVE-2021-39238, it would take a few seconds, whereas a skilled attacker could launch a catastrophic assault based on the CVE-2021-39237 in under five minutes.
However, it would require some skills and knowledge, at least during this first period when not many technical details are public.
Also, even if printers themselves aren’t ideal for proactive security examination, they can detect these attacks by monitoring network traffic and looking into the logs.
Finally, F-Secure points out that they have seen no evidence of anyone using these vulnerabilities in actual attacks. Hence, the F-Secure researchers were likely the first to spot them.
An HP spokesperson has shared the following comment with Bleeping Computer:
HP constantly monitors the security landscape and we value work that helps identify new potential threats. We have published a security bulletin for this potential vulnerability here. The security of our customers is a top priority and we encourage them to always stay vigilant and to keep their systems up to date.
Apart from upgrading the firmware on the affected devices, admins can follow these guidelines to mitigate the risk of the flaws:
The last point underlines that even without fixing patches if proper network segmentation practices are followed the chances of suffering damage from network intruders drop significantly.
A detailed guide on the best practices for securing your printer is available in HP’s technical paper. You can also watch a video demo of how this HP printer vulnerability can be exploited below.
Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
Sitecore XP RCE flaw patched last month now actively exploited
Sonos, HP, and Canon devices hacked at Pwn2Own Austin 2021
Over 30,000 GitLab servers still unpatched against critical bug
>Place the printer into a separate VLAN sitting behind a firewall
>Only allow outbound connections from the printer to a specific list of addresses
I would have happily done that anyway if my router let me. Sadly it’s quite hard to get a good feature-rich OpenWRT compatible router for a solid price and simply buging a RPi4 and turning it into one might end up being cheaper. If it weren’t for RPi4 prices going through the roof this year. There doesn’t even seem to be a comparison of solid OpenWRT compatible router anywhere.
Well that’s just great isn’t it?! Thanks a heap HP
Not a member yet? Register Now
Microsoft Defender scares admins with Emotet false positives
DNA testing firm discloses data breach affecting 2.1 million people
To receive periodic updates and news from BleepingComputer, please use the form below.
Malwarebytes for Mac
Farbar Recovery Scan Tool
Windows Repair (All In One)
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.