Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security researcher found roughly 700 Brother printers left exposed online

A security researcher has discovered nearly 700 Brother printers left exposed online exposing corporate and government networks to hack. The security researcher Ankit Anubhav, principal researcher at NewSky Security, has discovered nearly 700 Brother printers left exposed online. Anyone can access the administration panel of the printers and take control of the devices. Anubhav disclosed its discovery […]

Brother printers admin

A security researcher has discovered nearly 700 Brother printers left exposed online exposing corporate and government networks to hack.

The security researcher Ankit Anubhav, principal researcher at NewSky Security, has discovered nearly 700 Brother printers left exposed online. Anyone can access the administration panel of the printers and take control of the devices.

Anubhav disclosed its discovery via Bleeping Computer providing it a list of exposed printers.

“Accessing a few random URLs, Bleeping has discovered a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510, just to name a few.states Bleeping Computer.

Bleeping Computer also forwarded the list to the popular researcher Victor Gevers that once analyzed it will notify the affected organizations.

The researcher discovered many Brother printers exposed line with factory settings, in fact, Brother ships the printers with no admin password.

It is quite easy to locate these printers by using search engines like Shodan or Censys.

Brother printers admin

Anubhav explained that the printers belong to corporate and government networks and known universities.

“I’m surprised about so many known universities included in the list,” Anubhav told Bleeping. “I am planning to reach and notify the orgs with my colleague,” 

An attacker can access the administration of the printers connected to the Internet and change settings, such as their passwords, causing problems to affected organizations.

The list provided Bleeping included only printers that exposed the “password.html” file that is related to the password reset page of Brother printers. The expert notices that administration panel exposed by the printers also included options to manage a firmware update.

An attacker can exploit the exposed administration panel to deliver tainted firmware and take full control of the printers.

“An attacker could include spyware-like behavior in tainted firmware updates and have printers send copies of printed documents to an attacker’s server.” continues Bleeping Computer.

“In the case of private businesses and government organizations, this could expose very sensitive information.”

Organizations running Brother printers urge to check if the devices expose the administration panel by default online, and change the default password to prevent unauthorized access to the device.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Brother printers, IoT)

[adrotate banner=”5″]

[adrotate banner=”13″]