Tagged With "CVEs"

Microsoft flags security holes in IoT devices published advisory of 25 documented vulnerabilities (common vulnerabilities and exposures of CVEs) affecting wide range of IoT devices (aka Internet of Things, which includes MFPs and printers) - named the group of CVEs “BadAlloc” - could exploit to bypass security controls in order to execute malicious code or cause a system to crash

Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution (RCE) on more than 100 printer models. The security issue is tracked as CVE-2023-23560 and, according to the company, it has a severity rating of 9.0. It is a server-side request forgery (SSRF) in the Web Services feature of Lexmark devices. No evidence of exploitation The vendor’s advisory says that the bug could be leveraged to gain arbitrary code execution on the device,...

Ricoh has another security vulnerability Research published by CVE bulletin Apparently an issue with the MP305 series that allows hackers to execute arbitrary code using SNMP

IT, MSP & MSSP Industry Notes Sponsored by March 19th, 2023 Arcoa Group Why partnering with ARCOA makes sense Electronics Recycling is an important and profitable part of the IT asset lifecycle, but it can be overwhelming with all you already do, varying state regulations, and the limited resources at hand. That’s where ARCOA comes in. When you partner with ARCOA, you get all the benefits of a big company without any of the capital investment. We’ve been doing this since 1989 and have...

Ricoh announces another security issue Sent out a bulletin warning of "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) could allow a hacker to remotely access Ricoh products and execute arbitrary commands. affects certain products and services that Ricoh develops, manufactures, primarily whiteboards

Print spooling attack has been flagged by Microsoft Russian state-sponsored threat actors have been observed abusing an old printer vulnerability to drop custom malware on target endpoints. The malware helped them exfiltrate sensitive data and login credentials, a report from Microsoft Threat Intelligence has claimed. As per the report, since mid-2019, a group known as Fancy Bear has been abusing a print spooler elevation of privilege bug found in Windows printers. The vulnerability, tracked...