Ever Seen Printer Malware in Action? Install this HP Ink Patch – or you may find out
Firmware update tackles remote code bugs in InkJet machines
HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers.
The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the targeted printer.
In total, HP says the patch will need to be applied to some 225 different models of inkjet printers across its Pagewide, DesignJet, OfficeJet, Deskjet, and HP Envy product lines.
Expect to see more of this going forward. HP Inc recently opened up a bug bounty program to bring more researchers into the fold and find printer bugs before they can turn into zero-day exploits.
That bug bounty program, announced earlier this week in partnership with Bugcrowd, will see the printers n' PCs side of the Hewlett Packard break-up offer researchers up to $10,000 apiece for reporting security vulnerabilities.
The aim, says HP print security chief technologist Shivaun Albright, is to keep HP printers protected from the growing crop of botnets and malware packages that target printers and other internet-facing device that have traditionally had little to no security protection in place.
"As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up," Albright said.
"HP is committed to engineering the most secure printers in the world."
The bug bounty program also gives HP another point for an ongoing marketing push the vendor is making to enterprise customers around the security of its printer line.
HP said that not only will it be handing out bounty payments for previously unknown bugs, but also "good faith" payouts to researchers who report bugs that HP itself had already discovered, but not gotten around to patching and disclosing yet.
Source: theregister
Latest Jobs
-
- Technical Pre Sales Consultant
- Greater London
- £65,000 Base + Bonus + Package
-
A Technical Pre Sales Consultant, with a focus on cybersecurity, is needed to join a specialist security services business in the Greater London area. This is a perfect opportunity for anyone looking to retain their technical hands-on skills and step into a presales position. CURRENT hands-on experience is essential as this role will be split between professional services and presales. The Technical Pre Sales Consultant must have current experience working within the cybersecurity industry and have experience engaging with clients face to face. Any experience with scoping, high-level design, proof of concept (hands-on), RFI, RFQ etc is highly desirable Must be commutable to West London. Current technology experience with any of the following vendors such as Check Point, Palo Alto, Varonis, Fortinet, F5, Bluecoat etc. Apply today for more information, all details kept in the strictest of confidence. Key skills: Presales, Pre Sales, Security Presales, Network Security, Managed Security Services Ref CH7538
-
- Data Centre Presales Engineer
- London
- Up to £47,000 Base + Bonus
-
A Data Centre Presales Engineer is needed to join a leading Data Centre business in London. The Data Centre Presales Engineer will be responsible for; Sales Support, Stakeholder engagement (presentations etc.), RFI / RFQ, High-level technical architecture & support etc. This role is client-facing so expect some travel but only across London. Requirements Current presales experience within an IT managed services role. Current experience with Data Centre technology would be extremely beneficial but other experience in industries such as; telecommunications, cloud, unified communications etc. is required. MUST be commutable to London. Ref PG7543
-
- Senior Identity and Access Management Architect
- Germany
- Up to €85,000 Base + Package
-
Senior Identity and Access Management Architect (IDAM) subject matter expert is needed to lead and drive technical and or business transformation projects in a client-facing position for a prestigious consultancy in Frankfurt, Germany. Broad technical knowledge across Identity and access management is essential. Technical hands-on experience with one or more of the following core areas; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) Fluent German is a MUST (Written & Speaking) A successful individual will be client-facing and MUST have strong exposure in previous positions designing and implementing Identity and Access Management solutions, this will be a hands-on position, working directly with the functional consultant and support teams If you are passionate about your industry and specialise in the IDAM space and are looking for a new challenge to step up, apply today and speak with the Security team. Candidate must be Germany or EU based (must want to relocate to Germany) Ref: TC7153
-
- Functional Identity & Access Management Consultant
- Germany
- Up to €100,000 Base + Package
-
My Client, a leading international consultancy firm are currently in the process of expanding their Identity & Access management practice across each of their 3 sectors. Working with Large FTSE 500 companies on interesting technical / Business Transformation projects. The Identity & Access Management Consultant will be the key head in deriving and understanding business cases, consulting with the client to truly understand the needs of the business and suggest a solution of best fit. A deep understanding of business protocols, risks, as well as a strong understanding of Identity & Access management is essential to be successful in this position. Working in one of the following three IAM practices, The Identity & Access Management Consultant will need to have strong knowledge in at least one of the following; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) Fluent German (Speaking & Writing) Current experience within a client-facing role, working with Identity & Access Management solutions is essential, my client are one of the leading partners in the space, hence why I am looking to speak with the best of the best. If you are passionate about your industry and specialise in the IDAM space and are looking for a new challenge to step up, apply today and speak with the Security team. Candidate must be Germany or EU based (must want to relocate to Germany) Ref TC7542