Hackerzhome

Cybersecurity news all over the world

HACKERZHOME NEWS

April 5, 2023

Wednesday

HP will fix a serious flaw in LaserJet printers within 90 days.

This week, HP stated in a security alert that a major vulnerability affecting the firmware of a few business-grade printers would take up to 90 days to fix.


Over 50 HP Enterprise LaserJet and HP LaserJet Managed, Printers models are affected by the security flaw, which has the tracking number CVE-2023-1707.


Using the CVSS v3.1 standard, the company determined a severity level of 9.1 out of 10 and adds that exploiting it might result in information disclosure.


Despite the excellent score, the exploitation scenario is constrained because the susceptible devices require IPsec to be enabled and FutureSmart firmware version 5.6 to be installed.


According to CVE-2023-1707, the following printer models are vulnerable:
M455 Color LaserJet from HP, 480-color HP Color LaserJet Enterprise MFP, Managed HP Color LaserJet E45028, Managed MFP for HP Color LaserJet E47528, E785dn, E78523, and E78528 are HP Color LaserJet Managed MFP models, HP Color LaserJet Managed MFP E786, HP Color LaserJet Managed Flow MFP E786, and HP Color LaserJet Managed MFP E78625/30/35. E87740/50/60/70, E87740/50/60/70, and E87740/50/60/70 HP Color LaserJet Managed Flow, M406 HP LaserJet Enterprise, M407 HP LaserJet Enterprise, Enterprise MFP M430 from HP, LaserJet Enterprise MFP M431 from HP, Managed HP LaserJet E40040, Managed MFP for HP LaserJet E42540


There isn’t a fix at this time, however, HP promises to deliver a firmware upgrade that fixes the problem in 90 days.

NEWS 1
HP will fix a serious flaw in LaserJet printers within 90 days.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Ransomware vulnerabilities for ALPHV early access vulnerabilities in Veritas Backup Exec

Three vulnerabilities affecting the Veritas Backup product were exploited by an ALPHV/BlackCat ransomware affiliate to get early access to the victim network.

The ALPHV ransomware operation first surfaced in December 2021, and it is believed to be controlled by former participants in the Darkside and Blackmatter programs, which abruptly ended to avoid pressure from law authorities.

On October 22, 2022, Mandiant claims to have seen the first instances of Veritas flaw exploitation in the field.

The high-severity vulnerabilities that UNC4466 aims to fix are CVE-2021-27876, CVE-2021-27877, and, CVE-2021-27878.

Veritas Backup is impacted by all three issues. The vendor made these public in March 2021, and a remedy was published in version 21.2.

Even though more than two years have passed since then, many endpoints are still at risk since they haven’t been updated to a secure version.

According to Mandiant, a commercial scanning service revealed that more than 8,500 IP addresses promote the Symantec/Veritas Backup Exec ndmp service on the public internet on ports 9000 and 1001 in addition to the default port 10000.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news:

April 5, 2023 /

Wednesday

Hackerzhome News

2

Have you heard?
PowerShell Can Be Executed From WinRAR SFX Archives Without Being Seen Know more!

Operation Cookie Monster by the FBI uncovers the market of Genesis's stolen credentials.

Operation Cookie Monster by the FBI uncovers the market of Genesis's stolen credentials.

Earlier this week, as part of Operation Cookie Monster, law enforcement seized the domains for Genesis Market, one of the most well-known marketplaces for credentials of all kinds that have been stolen.

Since Genesis was one of the primary providers selling both consumer and business account identities, the lawsuit represents a significant blow to the world of cybercrime.

Accessing the Genesis Market domains reveals a banner stating that the FBI has executed a seizure warrant, despite the fact that authorities have not yet released press statements announcing the takedown.

The FBI reports that numerous groups from both the public and commercial sectors helped make the action possible.

Genesis Market launched in the alpha form at the end of 2017, and by 2020 it had grown to become the most widely used online store for cookies, device fingerprints, and account credentials for many services.

The market’s operators gathered login information together with fingerprint data (such as cookies, IP addresses, time zones, and device information) that would allow impersonating the service’s real owner to access it using information-stealing software.

NEWS 3

Stealer Malware Typhon Reborn Reemerges with Improved Evasion Techniques

Stealer Malware Typhon Reborn Reemerges with Improved Evasion Techniques
NEWS 4

The threat actor responsible for Typhon Reborn, a malware program that steals data, has reappeared with an enhanced version (V2) that comes with a better ability to avoid detection and withstand examination.

The updated edition is available for purchase on the dark web for $540 for a lifetime subscription, $59 per month, and $360 annually.

According to a report published on Tuesday by Cisco Talos researcher Edmund Brumaghin, the thief can collect and exfiltrate sensitive information and transfer it to attackers using the Telegram API.

According to a report published on Tuesday by Cisco Talos researcher Edmund Brumaghin, the thief can collect and exfiltrate sensitive information and transfer it to attackers using the Telegram API.

Cyble initially described Typhon in August 2022, describing all of its features, including stealing data from crypto wallets, messaging, FTP, VPN, browser, and gaming apps, as well as hijacking clipboard material, taking screenshots, recording keystrokes, and more.

Typhon is able to deliver the XMRig bitcoin miner and is based on the stealth malware Prynt Stealer.

Typhon Reborn, an upgraded variant discovered by Palo Alto Networks Unit 42, was released in November 2022.

Chromium-based browsers are the target of new Rilide malware that steals cryptocurrency.

Rilide is a new piece of malware that targets Chromium-based web browsers and poses as a legal extension in order to steal cryptocurrencies and capture personal information.

According to a report from Trustwave SpiderLabs Research shared with The Hacker News, Rilide malware impersonates a legitimate Google Drive extension and gives threat actors access to a wide range of malicious functions, such as monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw money from different cryptocurrency exchanges.

Moreover, users can be tricked into providing a two-factor authentication code to withdraw digital assets by the stealer malware’s ability to display counterfeit dialogue boxes.

Ekipa RAT is spread through malicious Microsoft Publisher files, whereas Aurora Stealer uses a technique that has become more and more widespread in recent months: rogue Google Adwords.

Both attack chains enable the execution of a Rust-based loader, which in turn modifies the LNK shortcut file for the browser and launches the add-on using the command line option “—load-extension.

Chromium-based browsers are the target of new Rilide malware that steals cryptocurrency.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news: