Security News
According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. This vulnerability allegedly enables potential attackers to control any Anycubic 3D printer affected by this vulnerability using the company's MQTT service API. The file received by the impacted devices also asks Anycubic to open-source their 3D printers because the company's software "Is lacking."
Microsoft has confirmed an issue causing the HP Smart app to automatically install on Windows systems after all printers are renamed to HP LaserJet M101-M106. Customers have been reporting this issue since last week on the Microsoft community website and on online social networks. According to these reports, the HP Smart App is automatically installed on some Windows 10 and Windows 11 devices via the Microsoft Store, even though users don't own or use an HP printer or an HP computer.
Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the devices' memories are not wiped, as they should, during initialization, allowing others to gain access to the data. The specific information stored in a Canon printer varies depending on the model and configuration but generally includes the network SSID, the password, network type, assigned IP address, MAC address, and network profile.
HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. While HP has yet to issue a public statement regarding these ongoing problems affecting a subset of its customer base, the company told BleepingComputer that it's addressing the blue screen errors seen by a "Limited number" of users.
HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. The security issue is tracked as CVE-2023-1707 and it affects about 50 HP Enterprise LaserJet and HP LaserJet Managed Printers models.
Looking ahead to next week, we have a server end-of-life and still more updates that can impact printers. There have been several updates to KB5005408 throughout the year to help administrators identify and manage these non-compliant printers.
150+ HP multifunction printers open to attackOver 150 HP multifunction printers are open to attack via two exposed physical access port vulnerabilities and two different font parsing vulnerabilities discovered by F-Secure security consultants Timo Hirvonen and Alexander Bolshev. Putting the "Sec" in DevSecOps: An overall reduction of riskIn this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration.
Tricking users into visiting a malicious webpage could allow malicious people to compromise 150 models of HP multi-function printers, according to F-Secure researchers. The Finland-headquartered infosec firm said it had found "Exploitable" flaws in the HP printers that allowed attackers to "Seize control of vulnerable devices, steal information, and further infiltrate networks in pursuit of other objectives such as stealing or changing other data" - and, inevitably, "Spreading ransomware."
Over 150 HP multifunction printers are open to attack via two exposed physical access port vulnerabilities and two different font parsing vulnerabilities discovered by F-Secure security consultants Timo Hirvonen and Alexander Bolshev. Attackers can exploit the vulnerabilities to seize control of vulnerable devices, steal information, and further infiltrate networks to inflict other types of damage, but the good news is that, earlier this month, HP has issued firmware updates that patch the vulnerabilities.
Canon USA is being sued for not allowing owners of certain printers to use the scanner of faxing functions if they run out of ink. Since at least 2016, other customers have contacted Canon about this exact problem [1, 2] and were told by support agents that ink cartridges must be installed and contain ink to use the printer's features, as shown by the agent's response below.