Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB

In one demonstrated attack chain, researchers gained admin access via default credentials (Xerox devices often retain factory defaults), modified LDAP settings to attacker IP, triggered LDAP sync via “Test Connection” feature and used captured credentials to access HR databases containing PII. Multiple vulnerabilities in enterprise-grade Xerox Versalink C7025 multifunction printers (MFPs) enable attackers to intercept authentication credentials from Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) services. Security analysts demonstrated the attack using a Python-based LDAP listener, capturing credentials in real time during printer-initiated authentication requests. The harvested credentials could grant attackers access to enterprise directories containing sensitive user attributes and permissions. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Feb 2025 12:35:04 +0000

Cyber News related to Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB

Xerox Printer Vulnerabilities Enable Credential Capture - "Since LDAP and SMB settings on MFP devices typically contain Windows Active Directory credentials, a successful attack would give a malicious actor access to Windows file services, domain information, email accounts, and database systems," ...
1 day ago Darkreading.com

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 months ago Aws.amazon.com

Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago

Xerox confirms 'security incident' at subsidiary The Register - Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant. Xerox Business Solutions, a subsidiary of Xerox, offers a range ...
1 year ago Go.theregister.com

Xerox Printers Vulnerability Let Attackers Capture Auth Data From LDAP & SMB - In one demonstrated attack chain, researchers gained admin access via default credentials (Xerox devices often retain factory defaults), modified LDAP settings to attacker IP, triggered LDAP sync via “Test Connection” feature and used captured ...
2 days ago Cybersecuritynews.com

Microsoft drops SMB1 firewall rules in new Windows 11 build - Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build. Before this change and since Windows XP SP2, creating SMB shares set up firewall ...
1 year ago Bleepingcomputer.com

Xerox's US subsidiary Hit by Cyber Attack: Personal Info Exposed - Recently, Xerox's US subsidiary, Xerox Business Solutions, experienced a cyber incident, prompting immediate action from Xerox's cybersecurity personnel. While the specifics of the intrusion remain under investigation, initial reports indicate ...
1 year ago Cybersecuritynews.com

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data - The U.S. division of Xerox Business Solutions has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation. XBS specializes in document technology ...
1 year ago Bleepingcomputer.com

Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack - Printing solutions giant Xerox over the weekend confirmed that its US-based subsidiary Xerox Business Solutions experienced a data breach. The incident, the company says, was limited to Xerox Business Solutions US and was contained by its ...
1 year ago Securityweek.com

Ransomware Group Claims Cyber Breach of Xerox Subsidiary - The cyber incident's scope was limited to XBS in the US and has now been contained after initially being discovered by Xerox cybersecurity personnel. Xerox Corp. makes office and production printers, projectors, scanners, and a variety of other ...
1 year ago Darkreading.com

After ransomware claims, Xerox says subsidiary hit with cyberattack - Xerox said a subsidiary is dealing with a cyberattack that may have involved the theft of personal information. Last week a ransomware gang named INC claimed it attacked the company - which earned over $7 billion in 2022 from selling printers in more ...
1 year ago Therecord.media

CVE-2016-9463 - Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows ...
5 years ago

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
4 months ago Wordfence.com

The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
1 year ago Bleepingcomputer.com

CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago

Intellicheck announces Identity Platform advancements - Intellicheck announced advancements for digital users of the Intellicheck Identity Platform. Clients integrating the new Capture process can be up and running with no more than two simple web hooks. The new digital authentication experience does not ...
1 year ago Helpnetsecurity.com

CVE-2020-9330 - Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using ...
3 years ago

CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago

CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, ...
1 year ago

CVE-2022-24832 - GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not ...
2 years ago

CVE-2023-28857 - Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such ...
1 year ago

CVE-2020-28092 - PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?gTeam&mTask&amy&status3&id,?gTeam&mTask&amy&status0&id,?gTeam&mTask&amy&status1&id,?gTeam&mTask&amy&status10&id ...
4 years ago

Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
11 months ago Feeds.dzone.com

Latest Cyber News

Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data - 1 minute ago
Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - 16 minutes ago
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild - 42 minutes ago
APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware - 42 minutes ago
Microsoft Admin Guide to Block & Remove Apps on Endpoints - 1 hour ago
AWS Key Hunter - A Free Automated Tool to Detect Exposed AWS keys - 1 hour ago
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges - 1 hour ago
NSA Added New Features to Supercharge Ghidra 11.3 - 2 hours ago
New NailaoLocker ransomware used against EU healthcare orgs - 2 hours ago
Ghost Ransomware Compromised Organisations Across 70+ Countries - 2 hours ago
Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges - 6 hours ago
Citrix NetScaler Vulnerability Allows Unauthorized Command Execution - 8 hours ago
Australian Infrastructure Faces 'Acute' Foreign Threats - 8 hours ago
Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely - 8 hours ago
Hackers Weaponize Jarsigner App To Execute XLoader Malware - 9 hours ago
New Snake Keylogger Attacking Chrome, Edge, and Firefox Users - 10 hours ago
Insight Partners, VC Giant, Falls to Social Engineering - 11 hours ago
Russian Groups Target Signal Messenger in Spy Campaign - 12 hours ago
CVE-2023-51303 - 13 hours ago
CVE-2025-25196 - 13 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data - 1 minute ago
Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - 16 minutes ago
APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware - 42 minutes ago
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild - 42 minutes ago
Microsoft Admin Guide to Block & Remove Apps on Endpoints - 1 hour ago
AWS Key Hunter - A Free Automated Tool to Detect Exposed AWS keys - 1 hour ago
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges - 1 hour ago
NSA Added New Features to Supercharge Ghidra 11.3 - 2 hours ago
New NailaoLocker ransomware used against EU healthcare orgs - 2 hours ago
Ghost Ransomware Compromised Organisations Across 70+ Countries - 2 hours ago
Content Credentials Show Promise, But Ecosystem Still Young - 14 hours ago
Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges - 6 hours ago
Citrix NetScaler Vulnerability Allows Unauthorized Command Execution - 8 hours ago
Australian Infrastructure Faces 'Acute' Foreign Threats - 8 hours ago
Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely - 8 hours ago
Hackers Weaponize Jarsigner App To Execute XLoader Malware - 9 hours ago
New Snake Keylogger Attacking Chrome, Edge, and Firefox Users - 10 hours ago
CVE-2025-26466 - 2 days ago
CVE-2024-45775 - 1 day ago
CVE-2024-45776 - 1 day ago