Subj : Your office printer could be hacking into the company network
To   : All
From : TechnologyDaily
Date : Thu Apr 20 2023 12:30:03

Your office printer could be hacking into the company network

Date:
Thu, 20 Apr 2023 11:19:32 +0000

Description:
Make sure your printer software is updated, as hackers are leveraging two 
newly found flaws.

FULL STORY
======================================================================

Your office printer could be hacking into the company network, thanks to 
vulnerable print management software, security experts have warned. 

Print management software company PaperCut published a security advisory in 
which it says there is evidence of threat actors actively exploiting two 
flaws to access vulnerable server endpoints. 

The company was tipped off by cybersecurity experts Trend Micro in early 
January 2023, who drew their attention to ZDI-CAN-18987, and ZDI-CAN-19226. 
The former is an unauthenticated remote code execution flaw found in PaperCut 
MF or NG, versions 8.0 and newer, holding a 9.8 severity score (critical), 
while the latter is an unauthenticated information disclosure flaw in 
PaperCut MF or NG, versions 15.0 and newer, holding an 8.2 severity score 
(high). More details in May 

"As of 18th April, 2023 we have evidence to suggest that unpatched servers 
are being exploited in the wild, (particularly ZDI-CAN-18987 / PO-1216)," the 
company said in the advisory. "As a precaution, we are not able to reveal too 
much about these vulnerabilities. More details should be revealed on May 10, 
the company said, giving companies enough time to secure their networks. 

There are patches and workarounds for the flaws, though, so users are advised 
to address the problem immediately and minimize any potential risk. 

System admins should make sure their software is patched to versions 20.1.7, 
21.2.11 (MF), and 22.0.9 (NG). Read more 

> 50,000 printers hacked to promote YouTuber 


 > Thousands of printers hacked across the globe after critical flaw exposed 


 > Here's a rundown of the best endpoint protection solutions today 

The second flaw can also be mitigated by applying Allow list restrictions 
found in Options > Advanced > Security > Allowed site server IP addresses, 
and only allowing verified Site Server IP addresses to access the network. 

Those interested in double-checking whether or not your systems were 
compromised are out of luck, as PaperCut says its impossible to determine, 
with absolute certainty, if a threat actor breached the network. The devs 
suggested IT teams look for suspicious activity in the PaperCut admin 
interface under Logs > Application Log, including updates from a user called 
[setup wizard]. They can also look for new users being created, or 
configuration keys changed. Here are the best firewalls right now 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/your-office-printer-could-be-hacking-into-the-c
ompany-network


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.