Ever Seen Printer Malware in Action? Install this HP Ink Patch – or you may find out
Firmware update tackles remote code bugs in InkJet machines
HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers.
The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the targeted printer.
In total, HP says the patch will need to be applied to some 225 different models of inkjet printers across its Pagewide, DesignJet, OfficeJet, Deskjet, and HP Envy product lines.
Expect to see more of this going forward. HP Inc recently opened up a bug bounty program to bring more researchers into the fold and find printer bugs before they can turn into zero-day exploits.
That bug bounty program, announced earlier this week in partnership with Bugcrowd, will see the printers n' PCs side of the Hewlett Packard break-up offer researchers up to $10,000 apiece for reporting security vulnerabilities.
The aim, says HP print security chief technologist Shivaun Albright, is to keep HP printers protected from the growing crop of botnets and malware packages that target printers and other internet-facing device that have traditionally had little to no security protection in place.
"As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up," Albright said.
"HP is committed to engineering the most secure printers in the world."
The bug bounty program also gives HP another point for an ongoing marketing push the vendor is making to enterprise customers around the security of its printer line.
HP said that not only will it be handing out bounty payments for previously unknown bugs, but also "good faith" payouts to researchers who report bugs that HP itself had already discovered, but not gotten around to patching and disclosing yet.
- Cyber Incident Response Consultant (DFIR)
- Up to £70,000 Base
Cyber Incident Response Consultant (DFIR) is needed to join a global consultancy to focus on leading the Incident response capability in the UK. The team are actively growing, are globally recognised and work on varied, high profile and interesting projects. Given the nature of the role, this individual must be available and happy to travel. The Cyber Incident Response Consultant (DFIR) will have a blend of technical hands-on and client-facing consultancy. Any mentorship experience is always desirable. In-depth technical experience is a must; specific experience working with clients in the ‘eye of the storm’ of an incident is essential. APT, active threat hunting, IR triage/planning experience is critical. Just as important is the ability to coordinate the response across multiple client stakeholders, team members and other team members; such as Legal, PR. It is essential that the Cyber Incident Response Consultant (DFIR) is able to identify, scope, manage, remediate/eradicate the threat for the clients. Any previous experience in identifying and generating revenue is obviously valued, but not essential. A broad forensic background would be highly desirable also. An ideal candidate will be CREST CCIR, CCIM certified, Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) Career development and the opportunity to influence, apply today for more information or call Chris Holt on 07884666351 email@example.com Ref CH7625 Candidates must be UK Based. Sponsorship is not available for Non-Eu Candidates.
- Director of Sales Engineering
- Up to €110,000 plus bonus and benefits
Location: Paris Salary Upto €110,000 plus bonus and benefits Reference: RA 7382 Director of Sales Engineering This rapidly expanding Cloud Service company are looking for an experience Director of Sale Engineering (Pre sales), to help them expand both their customer base and also their sales engineering team, You will be responsible for managing a team spread across Europe, (France, Germany and UK currently 6) Your responsibilities will include : Organising and monitoring your pre-sales team activity in coordination with your management. Building and managing a pan European team. Making sure your team members are on track with company or individual KPIs. Managing your own set of customer/proposal Coordinating closely with Sales – you will work alongside Account Managers, serving as a technical lead for more standard solutions development. Assigning required resources to the Complex Solution team when required by your management. Working closely with the engineering and product teams to provide customer and market feedback Participating in the planning and execution of various partners facing activities. The role may include actively driving presentations creation or delivery, and general networking activities. As well as previous experience in leading a sales engineering/ presales team you will require both Telecommunications (MPLS, Ethernet,) and Cloud platforms (Azure, Aws, Oracle etc) knowledge.
- Product Manager - Access Controls
- £50,000 - £90,000
An Identity and Access Controls vendor are currently looking to bring on board an exceptional Product Manager with recent exposure around Access Controls and Identity Management. The particular portfolio this person would be responsible for is their Events and transportation Access controls solutions. Managing and overseeing Configuration and implementations of these solutions. The Product Manager would need previous experience within a similar product suite, particularly around Access Controls/ Identity & Access Management delivery programmes. Project size will vary from £200,000 to larger multi-million pounds, so someone with experience managing these sizes of projects is key. This will be a client facing position, so someone with strong customer engagement skills, and the willingness to travel will be essential. If you have any project management certifications, for example Prince2 Practitioner, This will be hugely advantageous. Due to some of the Engineering team being based in Italy, Someone with strong Italian speaking and listening skills will be a front runner, but this is not an essential skill. Unfortunately sponsorship can't be provided to non-eu candidates TC7774 Salary: £50,000 - £90,000 Location: London with travel Cyber Security Jobs | Information Security Jobs | Access Controls Jobs | IDAM Jobs | IAM Jobs | Identity And Access Management Jobs
- CyberArk Specialist
- Up to £90,000
We are currently working with an International Outsourcing business who are looking for a CyberArk Specialist to assist with a large scale Identity and Access Management rollout across large Financial institutions. This business is at the forefront of the financial services market, working alongside some of the largest banks globally, so this will be a great chance to be a key figure in large digital transformation projects. The CyberArk Specialist responsibilities for this role will to be the lead in the Configuration and Design of a Large Privileged Access Management rollout of the CyberArk suite. Solutions Design Client Engagement Liaison between the business and Technical teams If you have strong hands on CyberArk exposure and are looking to move into more of a Business led programme, this is a great opportunity to make that transition. The CyberArk Specialist will be mostly spent on client site, which is based in London. So the right individual will be commutable into Central London. Candidates must be based in the UK. Sponsorship can't be provided to non-eu applicants Salary: £Up to 90,000 Location: London REF: TC7773 CyberArk Jobs | Information Security Jobs | Cyber Security Jobs | IDAM Jobs | IAM Joba | Identity and Access Management Jobs