Your office printer could be hacking into the company network
Make sure your printer software is updated
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Your officeprintercould be hacking into the company network, thanks to vulnerable print management software, security experts have warned.
Print management software company PaperCut published a security advisory in which it says there is evidence of threat actors actively exploiting two flaws to access vulnerable server endpoints.
The company was tipped off by cybersecurity experts Trend Micro in early January 2023, who drew their attention to ZDI-CAN-18987, and ZDI-CAN-19226. The former is an unauthenticated remote code execution flaw found in PaperCut MF or NG, versions 8.0 and newer, holding a 9.8 severity score (critical), while the latter is an unauthenticated information disclosure flaw in PaperCut MF or NG, versions 15.0 and newer, holding an 8.2 severity score (high).
More details in May
“As of 18th April, 2023 we have evidence to suggest that unpatched servers are being exploited in the wild, (particularly ZDI-CAN-18987 / PO-1216),” the company said in the advisory. “As a precaution, we are not able to reveal too much about these vulnerabilities.” More details should be revealed on May 10, the company said, giving companies enough time to secure their networks.
There are patches and workarounds for the flaws, though, so users are advised to address the problem immediately and minimize any potential risk.
System admins should make sure their software is patched to versions 20.1.7, 21.2.11 (MF), and 22.0.9 (NG).
50,000 printers hacked to promote YouTuber>Thousands of printers hacked across the globe after critical flaw exposed>Here’s a rundown of the best endpoint protection solutions today
The second flaw can also be mitigated by applying “Allow list” restrictions found in Options > Advanced > Security > Allowed site server IP addresses, and only allowing verified Site Server IP addresses to access the network.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Those interested in double-checking whether or not your systems were compromised are out of luck, as PaperCut says it’s impossible to determine, with absolute certainty, if a threat actor breached the network. The devs suggested IT teams look for suspicious activity in the PaperCut admin interface under Logs > Application Log, including updates from a user called [setup wizard]. They can also look for new users being created, or configuration keys changed.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
