Ever Seen Printer Malware in Action? Install this HP Ink Patch – or you may find out
Firmware update tackles remote code bugs in InkJet machines
HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers.
The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the targeted printer.
In total, HP says the patch will need to be applied to some 225 different models of inkjet printers across its Pagewide, DesignJet, OfficeJet, Deskjet, and HP Envy product lines.
Expect to see more of this going forward. HP Inc recently opened up a bug bounty program to bring more researchers into the fold and find printer bugs before they can turn into zero-day exploits.
That bug bounty program, announced earlier this week in partnership with Bugcrowd, will see the printers n' PCs side of the Hewlett Packard break-up offer researchers up to $10,000 apiece for reporting security vulnerabilities.
The aim, says HP print security chief technologist Shivaun Albright, is to keep HP printers protected from the growing crop of botnets and malware packages that target printers and other internet-facing device that have traditionally had little to no security protection in place.
"As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up," Albright said.
"HP is committed to engineering the most secure printers in the world."
The bug bounty program also gives HP another point for an ongoing marketing push the vendor is making to enterprise customers around the security of its printer line.
HP said that not only will it be handing out bounty payments for previously unknown bugs, but also "good faith" payouts to researchers who report bugs that HP itself had already discovered, but not gotten around to patching and disclosing yet.
Source: theregister
Latest Jobs
-
- Cloud Channel Manager
- London
- Up to £75,000 Base dependant on experience + Double OTE
-
A Cloud Channel Manager is needed for a Leading Cloud Service Provider in London due to increased customer demand. The Cloud Channel Manager will be primarily responsible for rebuilding & protecting current accounts and also new logo sales into the channel e.g. Value Added Resellers (VAR) / Managed Service Providers (MSP), SI etc. Requirements Current experience selling Cloud technology such as AWS / Azure into the channel Over achieved on sales targets. Long tenure (3/4 years+) in current and previous positions. Reference Number: PG7419
-
- Business Development Manager (Public Sector)
- London
- Up to £75,000 Basic + Double OTE (Commission is uncapped and subject to accelerators)
-
One of our clients who are a leading service provider in London are looking for a Public Sector focussed Business Development Manager. The Business Development Manager (Public Sector) will be selling from a portfolio of managed ICT services and cloud services to prospects within the public sector focusing on central government, healthcare, university’s The portfolio will cover flexible end to-end managed services, UC, cloud, hosting and SDWan. Preference will also be given to Business Development Manager (Public Sector) who satisfy the following criteria: Over achievement of new business sales targets 5 years of experience in selling at least two of these; managed services, UC, Azure, AWS, SDWAN etc. New Business Background is a must in central government, healthcare or universities In return you will be working for a company that is growing over 25% organically year on year with excellent sales support and a great senior leadership team. Reference Number: BD7410
-
- Google Cloud Architect
- London
- Up to £90.000 base plus bonus
-
We have a very urgent requirement for Google Cloud Architect for one of the reputed clients who are a fast growing GCP partner. The Google Cloud Architect will leverage Google Cloud technologies, designs, develops, and manages robust, secure, scalable, highly available, and dynamic solutions to drive business objectives. This will require all dimensions of cloud architecture including: Building, migrating and testing GCP environments and integration with other providers Build, design and implement scalable cloud-based web applications for PaaS, IaaS or SaaS. Provide thought leadership for cloud developer technology and collaborate with cross-functional engineering teams to streamline or improve adoption of Google Cloud Platform. This position will be located in London, United Kingdom. Unfortunately our client are unable to sponsor for this opportunity Reference Number: ES7411
-
- Solutions Consultant (Telecoms, SDWAN, IOT, WAN, Hosted services)
- Frankfurt
- Up to €90,000 plus car, bonus and benefits
-
Solutions Consultant is required to help lead a number of key client Migrations projects for this tier 1 Telecom company, the main role for the Solutions Consultant is helping customers migrate to new services, with a focusing on hosting (AWS, Azure) SDWAN and IOT You will be responsible for Post sales design documentation, implementation and migration of complex solutions for managed enterprise customers. Complex solutions consist of multi-product services. The TDA’s role is to ensure that these services interoperate and integrate into the customer environment. Such products consist of but not limited to MPLS, Ethernet, IPSec VPN’s, VoIP, Video Conferencing, Wireless, Internet, Private DSL, WAN Optimization, Managed Security Services, Managed Hosting, SDWAN and Complex Migration Planning. The TDA will own the technical delivery of customer solutions and will be the technical interface between the customer, product teams and project management during service delivery. Close engagement with pre-sales, technically validating solutions proposed are deliverable and all technical aspects are clearly defined prior to contract signature. The TDA accepts technical ownership of the solution at the point of contract signature. Lead customer facing technical workshops requiring excellent communication with the ability to articulate technical concepts clearly to all levels of competency. Providing support to 3rd line teams for OEM and design related faults. You will need to be at CCIE level (ideally CCIE R&S or SP ) with strong low level design and deployment skills, comfortable in front of customers and leading customer meeting Knowledge in SDWAN and Hosted services would be advantageous Reference Number: RA7413