Ever Seen Printer Malware in Action? Install this HP Ink Patch – or you may find out
Firmware update tackles remote code bugs in InkJet machines
HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers.
The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the targeted printer.
In total, HP says the patch will need to be applied to some 225 different models of inkjet printers across its Pagewide, DesignJet, OfficeJet, Deskjet, and HP Envy product lines.
Expect to see more of this going forward. HP Inc recently opened up a bug bounty program to bring more researchers into the fold and find printer bugs before they can turn into zero-day exploits.
That bug bounty program, announced earlier this week in partnership with Bugcrowd, will see the printers n' PCs side of the Hewlett Packard break-up offer researchers up to $10,000 apiece for reporting security vulnerabilities.
The aim, says HP print security chief technologist Shivaun Albright, is to keep HP printers protected from the growing crop of botnets and malware packages that target printers and other internet-facing device that have traditionally had little to no security protection in place.
"As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up," Albright said.
"HP is committed to engineering the most secure printers in the world."
The bug bounty program also gives HP another point for an ongoing marketing push the vendor is making to enterprise customers around the security of its printer line.
HP said that not only will it be handing out bounty payments for previously unknown bugs, but also "good faith" payouts to researchers who report bugs that HP itself had already discovered, but not gotten around to patching and disclosing yet.
- Check Point Subject Matter Specialist Sales
- 65000 + OTE
Approved, Signed off looking to hire ASAP. Check Point Subject Matter Specialist needed to work alongside Account Managers and the New Business Development team to maximise revenues and profit through upselling, cross selling and closing new sales opportunities relating to Check Point solutions and products opportunities. This role could suit an individual from a Overlay sales, Product sales, Commercial presales / Sales engineer background as long as they have detailed Check Point experience, are client facing and able to close and expand sales. This is a position for you. Aside from meeting / speaking to new customers to identify and close Check Point related leads, experience developing and implementing targeted sales campaigns / marketing campaigns would be extremely beneficial. Less than 20% of your role would be involved in identifying new sales leads yourself. Flexible working, however the offices are based in the south east with a large proportion of clients that are in and around the Greater London area. When safe to do so, client visits will resume, a commutable distance is required. MUST have current Check Point solution and product knowledge.