Hundreds of Brother printer models have an unpatchable security flaw
The flaws also impact 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta, but not every vulnerability is found on every printer model. If you own a Brother printer, you can check to see if your model is affected here.
The most serious security flaw, tracked under CVE-2024-51978 in the National Vulnerability Database, has a 9.8 'Critical' CVSS rating and allows attackers to generate the device's default admin password if they know the serial number of the printer they're targeting. This allows attackers to exploit the other seven vulnerabilities discovered by Rapid7, which include retrieving sensitive information, crashing the device, opening TCP connections, performing arbitrary HTTP requests, and exposing passwords for connected network services.
While seven of these security flaws can be fixed via firmware updates detailed in Rapid7's report, Brother indicated to the company that CVE-2024-51978 itself 'cannot be fully remediated in firmware,' and will be fixed via a change to the manufacturing process for future versions of affected printer models. For current models, Brother recommends that users change the default admin password for their printer via the device's Web-Based Management menu
Changing default manufacturing passwords is something we should all be doing when we take a new device home anyway, and these printer vulnerabilities are a good example as to why.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Bloomberg
34 minutes ago
- Bloomberg
OpenAI Casts Doubt on Robinhood's New Tokenized Equity Products
Robinhood Markets Inc. shares fell after OpenAI advised caution to customers taking advantage of the brokerage's offer for access to equity 'tokens' for the closely held company led by Sam Altman. The artificial-intelligence firm said the tokens offered by Robinhood aren't company equity, and that OpenAI neither collaborated on nor endorsed the offering, triggering questions about the tokenization of private-company shares more broadly.
Bloomberg
35 minutes ago
- Bloomberg
Energy-Efficient Chipmaker Ambiq Micro Files for US IPO
Ambiq Micro Inc., a maker of ultra-low power semiconductors, has filed for an initial public offering as tech companies try to address the power consumption challenges posed by artificial intelligence computing. The Austin-based company's chips are used in personal devices like fitness trackers, and industrial applications such as crop monitoring, according to a Thursday filing with the US Securities and Exchange Commission. It had a net loss of $8.3 million on revenue of $15.7 million in the three months ended March 31, the filing said.
Forbes
38 minutes ago
- Forbes
This AI Startup Cracks Open Pre-IPO Investing For Everyone
Jarsy's AI-driven platform bridges the gap between retail investors and private equity — no finance ... More degree or crypto wallet required. When Han Qin launched Jarsy, he didn't just want to build another investing app. He wanted to crack open the velvet ropes of private equity — where firms like SpaceX, Anthropic, and Stripe trade hands in boardrooms, not browsers. Qin's startup, now out of stealth with $5 million in backing led by Breyer Capital, is betting that a new generation of investors won't wait around for IPOs they can't touch. They want in. Now. With AI DNA — Built For Believers, Not Billionaires Jarsy offers retail investors access to pre-IPO companies via tokenized shares that are 1:1 backed by real equity held in custody. It's not equity in the legal sense — token holders have no voting rights or ownership — but it's price-exposure. And for many, that's enough. Minimum investment? Ten bucks. Regulatory hoops still exist. In the U.S., Jarsy must follow Regulation Fair Disclosure, meaning users must self-certify as accredited investors. But Qin is quick to point out that the income threshold for accreditation is $200,000 individually, or $300,000 for a household — not the million-dollar club most assume. Outside the U.S., Jarsy leans on Regulation S, allowing wider participation. So far, users have requested tokens tied to AI companies like Anthropic and Perplexity, fintech firms like Circle and even lesser-known names like Redbud Materials. If enough users express interest in a company, Jarsy pursues it. Demand drives the portfolio. 'We don't push deals top-down,' Qin said. 'We listen to what our users want, then go get it.' Not A Blockchain Project — Just A Better AI-Based Fintech Qin isn't trying to woo crypto maximalists. In fact, half of Jarsy's users have never touched blockchain before. They sign in with an email. No seed phrases. No gas fees. Jarsy creates the wallet, handles 'know your customer' and anti-money laundering verification requirements as well as manages the paperwork. They don't even issue a Jarsy token — only asset-backed tokens linked to specific companies. AI is a quiet force in the background. 'We're leveraging AI for coding, which really makes our development efficient,' Qin said. 'And on our roadmap, we're building a chatbot-style financial service experience. Younger users don't want to call someone. They want fast answers. They want AI to handle it.' Under the hood, Jarsy runs on Ethereum and other compatible blockchains, with plans to add Solana. Transactions settle in the USDC stablecoin. And once a company goes public, users can redeem their tokens for the market equivalent in a stablecoin. If the company never IPOs? Users can eventually list their tokens on a secondary market inside Jarsy, naming their price. That feature isn't live yet, but it's in the works. Jarsy is building slowly, deliberately. The platform is live on mainnet. The user interface mimics Robinhood. And the team — ex-Uber, ex-Facebook, ex-Square — is tiny but experienced. Jarsy's AI Code Versus The Incumbents Three other platforms dominate the 'pre-IPO for the people' category. Each takes a different path. None offer Jarsy's full combo of blockchain transparency, a retail-friendly AI user interface and global reach. Fundrise requires just $10 to get in, same as Jarsy. It's an SEC-registered fund open to non-accredited investors. The twist: it operates like an index of pre-IPO and public tech companies, spreading risk across high-profile names like OpenAI, Ramp and Databricks. Fundrise doesn't tokenize shares, and users don't pick individual companies. It's passive exposure, not direct access. ARK Venture Fund offers hybrid exposure to private and public innovation stocks. The entry point is higher with a $500 minimum and liquidity is limited to quarterly redemption windows. ARK's advantage is brand recognition. It's not a blockchain play either. But it gives users a professionally managed basket of bold bets: SpaceX, Tesla OpenAI. Jarsy, by contrast, is self-directed and responsive. Hiive is the most direct and transparent pre-IPO marketplace but only for accredited investors. Minimum investment thresholds start at $25,000. Users trade shares directly with existing shareholders. Hiive offers real-time bid-ask spreads and facilitates more than $100 million in monthly volume. It's Wall Street's private exchange. Jarsy wants to be Main Street's. Pre-IPO Investing Future Looks Brighter With AI Jarsy doesn't promise ownership. It doesn't pretend to be fully decentralized. It's not trying to replace venture capital. But it does give retail investors a simple way to ride the upside of companies they actually care about—long before Wall Street gets in. The question now isn't whether people want access. It's whether Jarsy can scale that access fast enough. Because the gates are cracked open. And Gen Z is already pushing through.
