The IT Nerd

Researchers have uncovered vulnerabilities in Xerox Versalink C7025 Multifunction printers (MFPs) that could have enabled pass-back attacks. This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP device to send authentication credentials back to the malicious actor which could have been used to capture authentication data.

You can read the details here: https://www.rapid7.com/blog/post/2025/02/14/xerox-versalink-c7025-multifunction-printer-pass-back-attack-vulnerabilities-fixed/

Martin Jartelius, CISO at Outpost24 had this comment:

“While the vulnerabilities in the Xerox VersaLink C7025 printer are important to address, they do not pose a high risk in most corporate environments, as these printers are typically not accessible from the internet. 

However, capturing authentication credentials could allow an attacker to move laterally within the organization, which becomes a concern if the network lacks proper segmentation.

The solution lies in strengthening security by restricting access to the printer’s administrative settings and ensuring the printer is configured correctly.

“The first step is to prevent unauthorized access by locking down the configuration page. Additionally, FTP and LDAP credentials both rely on plain-text protocols, which are outdated and vulnerable; even without changing any settings on the printer, a network tap could expose this information. To improve security, use authentication protocols that are inherently more secure and avoid using older protocols like FTP (defined in 1971) and LDAP (defined in 1997).

“The correct approach to mitigating these risks is universal, regardless of the printer model or software used: set a complex password for the admin account, avoid using Windows authentication accounts with elevated privileges (such as domain admin accounts for LDAP or scan-to-file SMB services), and prevent enabling the remote-control console for unauthenticated users. Implementing strong network security practices, including proper segmentation, will help protect critical systems and limit unnecessary connections between devices.” 

Regardless of the risk, any organization that has one of these printers should take a look at this to get the update that addresses this issue. And they should do so ASAP as now that this is out there, threat actors are going to use it to pwn the unsuspecting.

UPDATE: Jim Routh, Chief Trust Officer at Saviynt adds this:

“Both of the vulnerabilities identified related to administering Xerox printers and obtaining administrator credentials (CVE 2024-12510 and CVE 2024-12511) are indicative of the preference of cyber criminals today to pursue the acquisition of user credentials as the preferred method of attack on enterprises. In this case, threat actors focus on the administration of multifunction printers connected to enterprise networks that also have internet connectivity for users and administrators. In certain configurations with LDAP, user credentials to Windows Active Directory can be harvested for criminal activity. Both vulnerabilities are dependent on specific enterprise configuration settings and the potential for exploitation will vary from enterprise to enterprise. 

Reducing the need for credentials (passwordless options) is the most effective way to shrink this specific attack surface. Other methods include adjustments to configuration settings for LDAP and Windows device administration settings.”

Xerox has announced a new services portfolio, comprised of five horizontal and four industry-specific services that are built to address clients’ digital transformation imperatives.

Xerox Horizontal Services

Streamlining time-consuming, business-critical processes – vital to the success of any operation – can be accomplished with Xerox’s Horizontal Services, which include:

• Xerox Intelligent Workplace Services: transcend the traditional MPS segment by leveraging workflow automation, content management and print infrastructure optimization for more efficient and secure workplaces.
• Xerox Capture & Content Services: provide advanced multichannel capture and process automation, making information available at point of need; drive clients to make more informed and proactive business decisions.
• Xerox Accounts Payable Services: offer a range of invoice processing services, from automated to full e-invoicing; eliminates time-consuming processes while improving data security, giving clients control of the payment schedule. 
• Xerox Digital Hub & Cloud Print Services: provide cloud-based, multi-layered enterprise solutions for fast, cost-controlled printing services; include design, production and delivery of print and digital collateral materials.
• Xerox Campaigns on Demand Services: feature a multi-use marketing campaign solution that scales to any audience size across multiple channels.

Xerox Sector-Specific Services

Addressing the unique needs of industries, such as insurance, healthcare, public sector and retail, Xerox’s first set of sector-specific services provides new ways to enhance the client experience, including:

• Xerox Services for Digital Insurer: empower insurance organizations to meet the demands of numerous touch points across the client journey by helping orchestrate engagement and supporting business processes.
• Xerox Services for Digital Patient: enable healthcare organizations to face the challenges of providing an improved patient experience, from admission to discharge, while supporting compliance with an ever-increasing regulatory environment.
• Xerox Services for Digital Citizen: assist public sector authorities to better navigate and manage the citizen journey; reduce costs associated with supporting regulatory compliance.
• Xerox Services for Digital Retailer: help retailers drive brand engagement and loyalty through an enhanced experience at every stage of the consumer experience.

Availability

The first release of the new Xerox Services portfolio is now available in the United States, United Kingdom, Canada and France. For more information on Xerox Services visit www.xerox.com/services or contact a Xerox sales representative.

New software enhancements to these Workplace Assistants, enabled with ConnectKey^® technology, allow companies to monitor critical security settings and automatically reset unauthorized changes – a proactive step in stemming security breaches. Plus, a new intuitive user experience gives mid-to-large workgroups more ways to customize everyday tasks – maximizing time and improving productivity.

Proactive security with Xerox

With AltaLink’s new Configuration Watchdog, IT administrators can ensure devices stay within their defined security policies to safeguard critical business data and infrastructure, without external monitoring.

Here’s how it works: administrators can monitor compliance requirements of up to eight security settings. When unauthorized changes are detected, Configuration Watchdog will remediate them to their compliance state; unapproved changes are notified and logged for further response.

The latest AltaLink enhancements enable companies to meet NIST 800-171 standards, which govern the security of data in non-federal information systems and organizations.

For additional protection, the AltaLink MFPs include support for ThinPrint print management software, featuring end-to-end encryption, as well as efficient compression and streaming of print data, delivering faster output speeds.

AltaLink delivers new time saving features

With a tablet-like user experience, AltaLink makes completing daily tasks faster and easier with new features such as:

• Customizable home screen: enables touchscreen re-ordering of frequently used apps and features to place most popular ones at the top for easy access.
• 1-Touch App: simplifies complicated and lengthy workflows by creating shortcuts, such as scanning to email without typing an email address or creating booklets with a single touch; these 1-Touch Apps can be cloned and shared among multiple devices.
• Fleet Orchestrator: automatically deploys software upgrades and tedious configuration changes across multiple devices. A single device, designated as the host, securely shares updates with the remaining fleet, reducing device downtime and manual IT intervention.

Availability

The free AltaLink MFP software upgrade can be downloaded at  https://www.support.xerox.com.

Organizations can now better connect staff to popular business platforms such as Salesforce, QuickBooks Online and Concur, supporting customer relationship management, accounting and invoicing, plus  streamline additional processes with new apps for Xerox ConnectKey  devices. Purchasing and implementing the apps is simple with a new e-commerce-enabled site.

The Morrell Group, a full-service automation controls design and engineering services organization, has experienced the power of ConnectKey apps. The company saved 25 percent by automating its product distribution process with the Sign Me app, built by MidAmerica Technology, a Xerox Personalized Application Builder developer. The app digitizes the document-laden process, accelerating the speed in which products get out the door.

New apps make work easier

The ongoing development of its ConnectKey-enabled portfolio underscores Xerox’s position as a print technology powerhouse. The latest enhancements make labor-intense, time-consuming efforts easier and offer new twists on traditional ways of working.

The Xerox VersaLink and Xerox AltaLink series are the launch pads for apps such as:

·         Xerox Connect App for Salesforce: access to Salesforce’s Customer Relationship Management system right at the multifunction printer (MFP); upload and share sales management information to client folders by scanning the documents directly into Salesforce.

·         Xerox Audio Documents App: securely transforms hardcopy documents into audio files allowing commuters, multitaskers, or audio enthusiasts to listen on the go instead of reading.

·         Xerox Connect App for QuickBooks Online: offers a hassle-free expense reimbursement process with multi-receipt scanning. Receipt data is extracted into an expense report and submitted with notifications sent to reviewers for timely approval. For Concur users, a similar receipt management app will be available by year’s end.

·         Xerox Forms Manager App: simplifies management of multiple forms while reducing paper-based filing risks. With intelligent routing capabilities via embedded QR codes, scanned forms are automatically routed to the appropriate email address.

·         Xerox Quick Link App: enables a fast start to printing without IT support. This intuitive app sends an email directly from the device containing appropriate links to install, and connects computers or mobile devices with the drivers and configuration settings.

Making the grade with educators

With insights gained from working with thousands of education customers, Xerox responds with apps and solutions that increase productivity for teachers and students:

·         Xerox Connect App for Blackboard: provides access to an industry-leading learning management system; documents are digitized and stored into their Blackboard Learn account from the MFP.

·         Xerox Connect App for Remark Test Grading: simplifies grading of bubble tests with the ability to print answer sheets, scan completed sheets back in for automated grading, and email students their grades or print the results right at the device.

·         Xerox Proofreader Service: checks for writing elements in the English language, such as spelling, grammar, style and plagiarism.

·         Xerox and SRC Inc.’s Gateway Capture to Student Information System: streamlines digitizing student records into mandatory K-12 information systems.

Xerox is also introducing its Instant Print Kiosk, a self-serve document processing solution ideal for higher education institutions. Basic printing, copying, scanning and faxing needs are managed with a user-friendly touch screen, and secure credit/debit transactions happen seamlessly right at the printer. Students benefit by scanning and/or printing reading materials and class notes through touch-screen access to the most popular cloud repositories, including Google Drive and Dropbox.

Extra Value for Channel Partners

Alongside an improved design for a better user experience, the e-commerce-enabled Xerox App Gallery provides a global marketplace for channel partners to promote and sell apps. Also, channel partners can share in the revenue when their customers purchase an app.

Availability

Xerox’s newest ConnectKey-enabled apps will be added to the Xerox App Gallery in select geographies between fourth-quarter 2018 and first-quarter 2019.

The company that invented the copier, laser printing and print-on-demand is announcing another first in the world of print – a high speed, six station color press that combines four-color printing with up to two specialty dry inks in one printing pass. The Xerox Iridesse Production Press is the only digital press that can print metallic gold or silver dry ink, CMYK and clear dry ink in a single pass, giving print providers an immediate competitive edge in the growing digital print enhancement market.

Iridesse eliminates multiple presses and processes usually required for print embellishments, increasing capacity and profits for customers. According to Keypoint Intelligence-InfoTrends, digital print enhancement can result in a rapid return on investment as print service providers’ profit margins on such embellishments can be as high as 50 to 400 percent.

With two inline specialty dry ink stations, customers can create lucrative applications with spot colors, metallic and mixed metallic gradients, and specialty enhancements. Gold and silver dry metallic inks can be used on their own or layered under or over CMYK to create unique iridescent palettes. A layer of clear dry ink can be added for an extra touch of dimension or texture.

No designer, no problem

Xerox FreeFlow Core’s pre-built workflows enable print providers to automatically and selectively transform text and graphics for printing gold and silver without editing the source documents. This simplifies enhancing existing applications with high-value embellishments.

Printing at speeds up to 120 pages per minute, the press can run stocks from 52 -400 gsm. Additional press features include:

• The High Definition Emulsion Aggregate (HD EA) Toner process results in the optimal particle size to deliver lower gloss, smooth tints and fine detail more consistently.
• The Xerox EX-P 6 Print Server by Fiery enables customers to create customized workflows for metallic applications with advanced RIP capabilities and color management tools.
• Two Dual Advanced High Capacity Feeders, Bypass and Inserter options let customers run up to eight different stocks in a single job, or do production runs with a total of 12,500 sheets.
• A variety of finishing options are available including the new Xerox Crease and Two-sided Trimmer, which creates a durable crease fold and gives booklets a premium quality edge when used with the Xerox Production Ready Booklet Maker Finisher and Xerox SquareFold Trimmer Modules.

Availability

The Iridesse Production Press will be available for order taking starting in June 2018. Please check with your local sales representative for regional availability.

Mississauga Mayor Bonnie Crombie presents a certificate of recognition to executives of GreenCentre Canada (GCC), the Research Innovation Commercialization Centre (RICC) and the Xerox Research Centre of Canada (XRCC) at the inaugural Innovation4D event at the XRCC’s Innovation Hub in Mississauga on Monday, October 16.

Innovation4D was organized by the Innovation Hub and partners to provide Ontario green tech start-ups with the opportunity to pitch venture capitalists on their innovations. The Hon. Reza Moridi, Minister of Research, Innovation and Science, along with Mayor Bonnie Crombie were on hand to open the event. The Innovation Hub was recently cited as one reason for Toronto’s place on the list of Top 10 Cities for Corporate Innovation.

Pictured left to right are Sunil Selby, Trellis Capital and Chair of RICC; Mayor Bonnie Crombie; executive directors of RICC and GCC, Pam Banks and Pete Pigott; the Hon. Reza Moridi, Minister of Research, Innovation and Science; and, XRCC vice president, Dr. Paul Smith.

A book collaboration of epic scale is underway with 14 celebrated and award-winning international writers and creative talents. Xerox’s Project: SET THE PAGE FREE will feature chapters by each of the contributors – including a poem and a song – that together tell the ultimate story of the modern workplace, each with a unique creative perspective on the working world.  

SetThePageFree.com showcases an unparalleled array of contributors. The website – which launches today – is the initial reveal of short video documentaries, exclusive photos, book excerpts and podcasts for the first wave of contributors including Lee Child, Joshua Ferris, Roxane Gay and Gary Shteyngart. In the weeks ahead, additional content from Jonathan Ames, Billy Collins, Jonathan Coulton, Sloane Crosley, Jonathan Safran Foer, Chip Kidd, Valeria Luiselli, Alain Mabanckou, Aimee Mann and Joyce Carol Oates will be revealed.  

Xerox has always focused on innovating the way the world communicates, connects and works. Today, that means delivering breakthrough experiences that allow people to move freely between their physical and digital worlds. This project captures that spirit in a creative, mainstream way.

Xerox technology, software and apps are helping the contributors collaborate throughout the project – whether it’s translating languages using the Xerox Easy Translator Service app, voice recognition technology or scanning and sharing their work in the cloud.

As part of the project, Xerox is aiding global literacy through donations to 92nd Street Y and Worldreader.

The project has been in collaboration with 92nd Street Y, a world-class nonprofit community and cultural center that provided an unparalleled lineup of authors and artists, as well as the editing for production of the finished book. 92nd Street Y forges deep connections between readers and writers all over the world through their global literacy outreach programs, digital festivals, online seminars and livestream events.

Worldreader, a global nonprofit organization, shares Xerox’s belief in the transformative potential of technology. It champions digital reading in underserved communities by creating a world where everyone can be a reader, empowering over 500,000 children and families in 50 countries to read from its free digital library every month.

The book will be released internationally as a free eBook in English in late October. Beginning Sept. 19, the French and Latin American Spanish versions of the site will be launched, for a global program rollout to 22 countries.

For updates on the project including author videos, podcast interviews, contributor excerpts and the latest information about the book release, visit SetThePageFree.com and follow #SetThePageFree.

The project was developed with Xerox’s partner Y&R New York, with media strategy and execution provided by MEC Global.

By: Mohan Mailvaganam – Director of Digital Process Automation at Xerox Canada

As the work world around us speeds into the digital age, more of us are beginning to feel printer’s remorse.

We get the email with a document attached from a colleague or a client. We open it and read it on our computer screen. And then — for a variety of reasons that usually can’t be justified — we hit print.

As the printer hums to life and spits out pages, the feelings of regret and doubt begin to sink in. Did I really need to make a hard copy of this? Did I just waste my time and my company’s resources? Chances are the answer is staring you right in the face from the recycling bin filled with pages that other colleagues have already read and discarded.

Even without seeing the hard numbers that prove how digitizing work processes and reducing our reliance on paper can save significant time and money, we get an inkling in our guts — all that paper shuffling from hand to hand must be lethal to efficiency and productivity.

But still, companies of all sizes — from small- and medium-sized businesses to large corporations — forge ahead and hit the print button far more than they should.

The recent findings from Xerox’s Digitization at Work report reveal that less than 50 percent of IT decision-makers currently use processes that are mostly or fully digitized.

With that in mind, here are five signs you aren’t doing enough to realize the benefits of going digital:

1) You have no idea how much paper you use on a daily basis, let alone why.

Without the right data in hand on print habits, it’s difficult to uncover the hidden opportunities for digitization. You’re stuck guessing on what might work, which is never as reliable as well-analyzed data. Armed with solid print analytics, company executives can then make informed decisions about optimizing or automating key processes.

2) You don’t understand the difference between bad and good paper.

“Good” paper refers to documents that have a valid reason to be in hard-copy form, such as documents that originate on paper, like customers’ handwritten letters or documents that require a “wet ink” signature.

“Bad” paper refers to documents that are in paper format, but without any compelling reason to be so. These could include documents that were printed from digital originals or documents that get shared, stored or transported using physical systems.

Understanding the distinction between them helps identify where you really need to use paper, and where you can get rid of it.

3) Your leadership and your workforce aren’t on the same page.

Going digital involves changing the way people work and how they think. People fear the unknown so communicating the reasons and benefits of change is crucial. By far, the greatest barrier to change is institutional culture. There has to be company-wide buy-in to effect real change.

4) You’re storing reams of documents because you ‘have to’.

Many organizations are required to retain a variety of documents for regulatory reasons. In the past, that used to mean banker’s boxes and multiple copies of the same paperwork. In many cases, government agencies and regulatory bodies now accept digital versions and electronic signatures.

5) Your company isn’t as competitive as you think it should be.

The weight of paper-based processes is holding many Canadian firms back from keeping up with competitors who have already made the digital transformation. Unnecessary paper use wastes resources, undermines productivity, bogs down workflow and prevents them from realizing advantages derived from becoming digital enterprises.

Keep an eye out for these tell-tale signs your ties to paper are too strong. Just recognizing you may have a problem is a good start that you need to get your digital house in order. And it’ll help you avoid those bad feelings you get waiting by the machine for those papers you never needed to print.

Enterprise content management (ECM) used to make sense only for large companies with the size and budgets to make the conversion to digital worthwhile. Now, with the introduction of Xerox DocuShare Flex, small- and medium-sized businesses (SMBs) and company departments can digitize processes like invoicing, sharing files, editing, managing databases and storing documents, just like large companies do.

SMBs tend to rely on inefficient paper-based systems and often lack centralized storage of digital information. According to respondents to a 2016 Association for Information and Image Management (AIIM) survey, poor content management practices result in taking too long to find content (62 percent), duplicated efforts (52 percent) and insufficient re-use (46 percent)¹.

The new DocuShare Flex platform is cloud based and provides the automation, security and scalability of large-scale ECM systems in an affordable package that’s easy to configure and use without IT support.

DocuShare Flex systems will save SMBs hours, days or weeks. Users can complete a range of document-intensive tasks such as:

• Routing documents automatically to facilitate approval processes and version control;
• Automating necessary documentation for ease of compliance with government and industry mandates;
• Simplifying management of the multitude of documents required for transactions, accounting, billing and other document-intensive operations.

Easy to Use, Agile, Low Cost

DocuShare Flex can store and manage a wide range of document types and content. It has a scalable storage capacity of hundreds of millions of documents. Managing documents from creation through archiving and eventual disposal is provided out of the box.

DocuShare Flex customers can add capacity and users incrementally to further control costs. The number of users can range from a minimum of five people up to thousands. It has advanced review-process controls that enable annotation, redaction and simultaneous viewing while controlling versions to keep documents current.

Automating Workflows

DocuShare Flex can automate a range of business processes including storing all project documents in one place, managing review cycles, and meeting potential audit requirements. It can also enforce compliance with best practices since management can observe work status.

DocuShare Flex is designed for non-technical staff with an intuitive search engine and a user interface (UI) that requires little training. The UI is Web-based and will run on a wide range of browsers and mobile devices.

The platform can work with back-end company systems to pull data and link to documents. It’s compatible with Xerox ConnectKey multifunction devices and associated apps for developing specific time-saving workflows, and includes a ConnectKey-based scanning service for scanning directly to DocuShare Flex.

The new DocuShare Flex platform augments the Xerox DocuShare portfolio, including Xerox DocuShare 7, which was recently named as a “Leader” in ECM software by G2 Crowd, and as the 2017 Pick award as Outstanding Document Management Solution by Buyers Laboratory LLC (BLI).

Availability

DocuShare Flex is now available in North America. It will be available in Europe and other select regions by May 31, in Canada in June, and in Asia Pacific by the end of August.