One-of-a-Kind HP Printer Bug Bounty to Improve Network Security

Printers are often the weakest link in an organization, with printer vulnerabilities being exploited in various malicious campaigns to compromise entire networks.

One such vulnerability was disclosed in 2017, and enabled hackers to carry out remote code execution attacks on enterprise-grade printers.

The flaw in question was identified as CVE-2017-2750 and was reported to HP in August last year. Affected printers included HP Color LaserJet Enterprise M651, HP Color LaserJet Enterprise M652, HP Color LaserJet Managed E65060, HP LaserJet Enterprise 800 color MFP M880, among others.

It is indeed HP (Hewlett-Packard) that is behind a new initiative to stimulate researchers to locate vulnerabilities in printers. HP just announced it will be inviting white hat hackers to test its printers for bugs that hackers could exploit for malicious purposes. The one-of-a-king bug bounty program is launched in partnership with bug bounty platform Bugcrowd.

How Will the HP Printer Bug Bounty Work?

The company is offering a bounty in the size of $10,000 in what appears to be a private bug bounty, which is created specifically for HP printer hardware. The decision to launch such a program is a smart move since enterprise printers are usually in a network, making it very easy for hackers to take down entire organizations.

According to a 2018 report by Bugcrowd, endpoint devices are increasingly targeted by malicious actors, with a 21 percent increase in total endpoint bugs reported in the last year. Thus, HP has decided to launch a printer-only vulnerability disclosure program encouraging researchers to discover and report bugs. Depending on the scale of the vulnerability, bug bounties will vary between $500 and $10,000.

It should be noted that the bounty program will be (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: