Hundreds of Brother printer models have security flaw that can't be patched
Brother has indicated that it'll fix the remaining issue during the manufacturing process of future printers, which doesn't help current owners. The company recommends that users change the default main password. Otherwise, bad actors could remotely access impacted devices. Though primarily impacting around 700 Brother printers, 59 units manufactured by Fujifilm, Toshiba, Ricoh and Konica Minolta are also at risk. To view this content, you'll need to update your privacy settings. Please click here and view the "Content and social-media partners" setting to do so.
— Rapid7 (@rapid7) June 25, 2025
The security flaw is called CVE-2024-51978 in the National Vulnerability Database, and has a 9.8 'Critical' CVSS rating . Simply put, attackers could generate the default admin password so long as they know the serial number of the printer.
Once this has been done, bad actors would be able to exploit the other seven vulnerabilities if the user didn't patch them up. These remaining flaws allow hackers to retrieve sensitive information, crash the device, open TCP connections, perform HTTP requests and reveal passwords for connected networks.
So what should you do? Check this list of impacted printers to see if you're at risk . Most importantly, change the default password.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Engadget
11 hours ago
- Engadget
An updated Siri that interacts with apps reportedly won't be here until next spring
A Siri that does way more than just setting a timer or writing down a reminder may still be nearly a year away. According to Bloomberg's Mark Gurman , Apple plans to release an overhauled version of Siri in the spring, which will be enhanced by the new App Intents feature. Gurman reported that the upgraded Siri will handle more complex tasks within apps, like commenting on an Instagram post, adding an item to your cart in a shopping app or editing a specific photo and sending it afterwards. After a disappointing delay, Apple is playing catch-up to deliver on previous claims of an improved Siri. According to Gurman, the company is testing App Intents with its own apps, but also third-party apps, including AllTrails, Amazon, Facebook, Threads, Temu, Uber, WhatsApp and YouTube. For apps that handle more sensitive info, like banking apps, Gurman said that Apple may look into certain restrictions or completely avoid these apps for App Intents. Apple gave us the first glimpse of this smarter Siri during WWDC 2024, where Apple Intelligence was the focus of the annual conference. However, the company delayed the release for the updated Siri in March, explaining that "it's going to take us longer than we thought to deliver on these features" and adding that the upgrades be rolled out "in the coming year." Apple even got sued for false advertising after releasing a TV ad featuring Bella Ramsey that showed off Siri's new capabilities that weren't available to the public following the release of the iPhone 16.
Yahoo
3 days ago
- Yahoo
Toshiba Signs MOU to Explore Use of Weather Data Service in Malaysia's Smart Farming Flagship Project
- Pilot Project to Guide Farming Operations with Forecasts of Localized Downpours - KAWASAKI, Japan, Aug. 8, 2025 /PRNewswire/ -- Toshiba Digital Solutions Corporation (Toshiba) has signed a memorandum of understanding (MoU) with Malaysia's MyDIGITAL Corporation and the Muda Agricultural Development Authority (MADA) on exploring the use of Toshiba's advanced Weather Data Service in Malaysia's flagship smart farming initiative, Projek Ladang Padi IR4.0. The MoU marks a significant step in Toshiba's efforts to support climate resilience and agricultural innovation in Malaysia by leveraging its forecasting technology to address the growing challenges posed by extreme weather. Like many other countries, Japan and Malaysia are experiencing an increase in sudden, localized heavy rainstorms that are difficult to predict. In Malaysia, where prolonged monsoon rains are already a challenge, these intense downpours can physically damage paddies, and worsen ground saturation and flooding, leading to widespread damage. This rise in extreme and erratic weather highlights the urgent need for rapid and highly accurate forecasting technologies to mitigate their impact. Toshiba launched its Weather Data Service in Japan in May 2023, leveraging real-time radar data and the company's proprietary analysis to deliver highly accurate forecasts of localized downpours and their intensity. As part of its global expansion of the business, Toshiba signed an MoU with MyDIGITAL in February 2024 to explore the technology's application in Malaysia. Through this ongoing collaboration, Toshiba began discussions with MADA to assess the potential use of the service in MADA's flagship smart farming project, Projek Ladang Padi IR4.0. Established in 1972, MADA leads Malaysia's largest agricultural development initiative, focused on enhancing rice productivity, farmer livelihoods and regional economic growth in the Muda region in northwest peninsula Malaysia. The current smart farming project, supported by government funding, integrates digital technologies to transform rice farming in the region. Facilitated by MyDIGITAL, Toshiba and MADA will carry out a pilot project to evaluate how Toshiba's Weather Data Service can support agricultural decision-making in rice cultivation. In the pilot, Toshiba will analyze real-time weather radar data from the Malaysian Meteorological Department and forecast the likelihood and intensity of localized heavy rainfall. Alerts based on the analysis will be sent to MADA as needed, and MADA will use water gates to manage water flow in rice paddies. This process is expected to reduce the impact of the rainfall and protect the rice crop from damage. Toshiba is committed to contributing to global disaster prevention and mitigation by accurately capturing and forecasting atmospheric conditions across wide and localized areas. Through applications in various industries, Toshiba aims to help realize a safer and more resilient society. Toshiba's Weather Data Service: About Toshiba Digital Solutions Corporation Toshiba Digital Solutions Corporation is developing businesses globally which utilize digital and quantum technologies, such as IoT and artificial intelligence (AI), as the Toshiba Group company which handles digital solutions. By maximizing the power of various data generated in the wide range of business areas of the Toshiba Group and creating platforms, we will create a series of valuable services and contribute to achieving carbon neutrality and a circular economy. Toshiba Digital Solutions Corporation will continue to create new value, together with our customers and partners, based on the Basic Commitment of the Toshiba Group: "Committed to People, Committed to the Future." View original content to download multimedia: SOURCE Toshiba Digital Solutions Corporation Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
4 days ago
- Business Wire
PortSwigger Research Sheds Light on HTTP/1.1 Vulnerabilities, Urges Industry Shift Toward Safer Protocols
KNUTSFORD, England--(BUSINESS WIRE)--PortSwigger, a renowned application security software provider, is issuing a bold challenge to the web security community: it's time to retire HTTP/1.1 for good. At Black Hat USA and DEF CON, James Kettle, Director of Research at PortSwigger, unveils the fourth wave of his research that takes aim at 'HTTP request smuggling,' a critical and widespread vulnerability that affects even some of the most mature, security-conscious organizations. PortSwigger first brought this class of vulnerabilities to prominence in 2019. Now, new research shows that over 22 million websites – including major household names – have remained susceptible to brand new variants of these attacks. Drawing on six years of research, Kettle is calling on the technology community to recognize that request smuggling is not simply an implementation flaw, but rather an inherent vulnerability in the HTTP/1.1 protocol. 'The time has come to acknowledge that this isn't an issue with individual websites, but a fundamental flaw that's baked into the protocol,' said PortSwigger's Director of Research, James Kettle. 'Over the last six years, the industry has not properly fixed request smuggling. It's time we recognize that we can't patch our way to a secure HTTP/1.1 - the foundation is broken and only safe for the simplest of systems. The only real solution is to cut the problem out at the root by retiring the now decades-old technology that still underpins around 50% of communication between browsers and websites - HTTP/1.1.' PortSwigger is supporting Kettle's research with a call to action: Groundbreaking new research – James Kettle's 2025 desync paper demonstrates novel vectors never before seen. New educational resources – A hands-on Web Security Academy lab teaches the latest request smuggling techniques in a safe environment. Enhanced Burp Suite tooling – New versions of HTTP Request Smuggler and the brand-new HTTP Stream Hacker allow researchers to test for these issues both manually and through scalable automation. PortSwigger stands alone in the cybersecurity industry by offering an unparalleled combination of original research, comprehensive training resources, and deeply integrated testing tools. With Burp Suite Professional and Burp Suite DAST, security professionals are uniquely empowered to detect complex infrastructure-level vulnerabilities, including advanced request smuggling variants that often evade traditional scanning solutions. Through these innovative offerings, PortSwigger is leading the way toward a safer, more secure web. Read Kettle's research here: PortSwigger is a leading provider of web application security solutions, best known for its industry-leading Burp Suite software. The company is dedicated to equipping security professionals and organizations with the tools and knowledge to stay ahead of evolving cyber threats. Learn more at
