Security Leftovers
-
Security updates for Tuesday [LWN.net]
Security updates have been issued by Debian (samba), Fedora (kernel), openSUSE (netcdf and tor), SUSE (netcdf and python-Pygments), and Ubuntu (imagemagick).
-
Nasty Windows 10 vulnerability gets a patch, but not from Microsoft
Cybersecurity researchers have released an unofficial patch for a bug in Windows 10, originally reported to Microsoft in October 2020, which later research revealed could take the form of a local privilege vulnerability as well.
-
RedHat: RHSA-2021-4848:07 Moderate: Migration Toolkit for Containers (MTC)
-
Inside Intel’s Secret Warehouse in Costa Rica
Chip maker is stockpiling legacy technology for security research, plans to expand facility to house 6,000 pieces of equipment
-
New HP MFP vulnerabilities show why you should update and isolate printers | CSO Online
Security researchers have published details about two serious vulnerabilities that impact over 150 different HP multifunction printer models with FutureSmart firmware going back at least nine years. The attack vectors associated with the flaws and their impact serve as a reminder that printers can pose significant security risks to enterprise networks if not properly secured, updated and segmented.
"For one, the vulnerabilities date back to at least 2013 and affect a large number of HP products released," researchers from security firm F-Secure, who found the flaws, said in their report. "HP is a large company that sells products all over the world. Many companies are likely using these vulnerable devices. To make matters worse, many organizations don’t treat printers like other types of endpoints. That means IT and security teams forget about these devices’ basic security hygiene, such as installing updates."
Exploiting one of the vulnerabilities requires physical access and can be done through physical ports that are exposed on its communications board. A skilled attacker with physical access to a vulnerable MFP would need around five minutes to perform the attack and deploy a stealthy implant that could take full control of the device and exfiltrate potentially sensitive information.
The second vulnerability is even more dangerous because it's located in the firmware's font parsing code and essentially allows anyone who can print a specifically crafted file to execute malicious code on the vulnerable MFPs. The vulnerability is wormable and exploitation can be achieved in seconds through multiple remote attack vectors, including by users visiting malicious websites.
- Login or register to post comments
- Printer-friendly version
- 1739 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago