Windows Warning Issued As Printers Used In New Hack Attacks
Hackers are using printers to attack Windows devices.
Nobody should be surprised by now at the ingenuity of threat actors looking to hack your accounts and devices. I have recently reported on how SMS attackers can strike without knowing your phone number using the SMS Blaster machine, a smartwatch can be used to hack even highly secure air-gapped networks, and even Windows secure boot protections can be bypassed. What might come as a surprise, however, is the news that a new and ongoing hack attack campaign is enlisting the help of your printer to hack your Windows systems. Here's what you need to know.
Windows Users Warned As Microsoft 365 Direct Send Hackers Deploy Printers To Attack
A new report by the Varonis Managed Data Detection and Response Forensics team has confirmed an ongoing threat campaign, already known to have targeted at least 70 organizations, the vast majority of which are based in the U.S., using on-premises devices such as printers to exploit a poorly known Microsoft 365 feature to deploy the Windows hacking attack.
That feature is Direct Send, allowing devices such as printers and scanners to send email without any authentication. I mean, what could possibly go wrong? Quite a lot, as it happens. 'Threat actors are abusing the feature to spoof internal users and deliver phishing emails without ever needing to compromise an account,' Tom Barnea, a forensics specialist at Varonis, said.
The as yet unnamed hackers used this Microsoft 365 Direct Send function in order to target predominantly U.S. organizations with malicious messages that are 'subject to less scrutiny compared to standard inbound email,' according to Barnea. The Varonis investigation has concluded that the ongoing threat campaign appears to have started in May 2025, with a level of 'consistent activity over the past two months.'
Mitigating The Windows Printer Attack
To mitigate the Microsoft 365 Direct Send attacks, Varonis recommends organizations do the following:
Microsoft, meanwhile, said that most Microsoft 365 and Windows customers don't need to use the Direct Send feature, and it is working on an option to disable it by default to protect customers. 'We recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins,' Microsoft concluded.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
32 minutes ago
- Forbes
Microsoft's Free New Windows Upgrade: How It Works And How To Get It
Microsoft stops supporting Windows 10 in just over 100 days on Oct.14, 2025. But on June 25, the company introduced the Extended Security Updates (ESU) program, which will mean users will supported for an extra year, for free. Windows 10 and Windows 11 This is a big change: until a few days ago, to gain an extra year, you needed to pay the company $30. Now, there's a free option, but there are things you need to do. Essentially, you need to link your Microsoft account and sync Settings to the cloud. First, as Microsoft explains, you need to sign in to Windows on a device running Windows 10, version 22H2 Home, Professional, Pro Education, or Workstation edition with the latest update installed. To enroll your device in ESU, go to Settings, then Update & Security, then Windows Update. Assuming you meet the requirements, you should see a link to enroll. If you choose not to sync your PC settings, the $30 fee still applies. Windows Latest, ahead of the game as usual, has already done all this as part of the Insider Program, so has seen it in action. 'In our tests, it just takes a few seconds to extend support. You'll see the 'Enroll now' button on the right side of the Windows Update. On some installations, it also appears below the Check for updates button. I assume Microsoft is A/B testing the toggle, but once you click the 'Enroll now' button, it opens a pop-up window titled 'Enroll in Extended Security Updates.' The pop-up says it'll help you extend security updates support beyond October 14, 2025, when Windows 10 support ends,' Mayank Parmar explains. The wizard will check whether your PC meets the requirements which are not, of course, the same as those needed to upgrade to Windows 11. When it's all done, a success screen appears. 'You're enrolled in Extended Security Updates through Oct. 13, 2026,'it says. If you're really not interested in moving on from Windows 10, and that's the case for hundreds of millions of users, this is a simple way to keep your PC secure until late 2026 for free.
Yahoo
an hour ago
- Yahoo
Here is Why Constellation Energy (CEG) Gained This Week
The share price of Constellation Energy Corporation (NASDAQ:CEG) surged by 5.25% between June 18 and June 26, 2025, putting it among the Energy Stocks that Gained the Most This Week. A close up of a wind turbine producing electricity as the sun sets. Constellation Energy Corporation (NASDAQ:CEG) is the largest producer of carbon-free energy in the US, with over 34,200 MW of generating capacity consisting of nuclear, wind, solar, natural gas, and hydroelectric assets. Constellation Energy Corporation (NASDAQ:CEG) received a boost this week after it was announced that it expects to restart the Three Mile Island plant as early as 2027 instead of the original forecast of 2028, after being put on a fast track to connect to the regional grid. Originally shut in 2019 for economic reasons, the revived 837 MW pressurized water reactor will provide carbon-free energy to Microsoft data centers as part of the 20-year power purchase agreement Constellation signed with the tech giant last year. While we acknowledge the potential of CEG as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 10 Best Nuclear Energy Stocks to Buy Right Now and Disclosure: None. Sign in to access your portfolio
Yahoo
an hour ago
- Yahoo
Varonis (VRNS) Unlocks Real-Time Data Security with AI-Powered MCP Server
Varonis Systems, Inc. (NASDAQ:VRNS) is one of . Varonis Systems, Inc. (NASDAQ:VRNS), a leader in data security and threat detection, has introduced the Varonis Model Context Protocol (MCP) Server, a new interface that allows customers to connect their preferred AI tools directly to the Varonis Data Security Platform. The innovation marks a significant step in enabling real-time, AI-driven access to enterprise data security operations. With the MCP Server, customers can use natural language prompts through AI clients such as ChatGPT, Claude, and GitHub Copilot to query data posture, trigger remediation, and streamline compliance tasks. The server enables users to carry out complex operations with simple instructions—for example, retrieving recent high-severity alerts, updating ServiceNow tickets, or running cleanup scripts to remove inactive guest accounts. A close up of a software engineer typing on a laptop keyboard, focusing on the code development part of the company. 'Automation is at the heart of everything we do,' said Yaki Faitelson, Co-Founder and CEO of Varonis. 'The Varonis MCP Server marks another leap forward in our agentic AI vision—giving customers access to Varonis' real-time data security insights and automated remediation from their own AI tools, IDEs, agent builders, and terminals.' By embedding Athena AI in its platform and supporting cross-platform automation, Varonis continues to expand its role in modern data protection. The MCP Server furthers the company's mission to deliver secure, intelligent infrastructure that helps organizations proactively defend sensitive information and reduce compliance burdens in complex cloud environments. While we acknowledge the potential of VRNS to grow, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an AI stock that is more promising than VRNS and that has 100x upside potential, check out our report about this cheapest AI NEXT: 10 Best Small Cap Tech Stocks With Biggest Upside Potential and . Disclosure: None. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
