in

Another WD My Book Live information delete information exploit has been uncovered

"use strict"; var adace_load_61439b55a55d4 = function(){ var viewport = $(window).width(); var tabletStart = 601; var landscapeStart = 801; var tabletEnd = 961; var content = '%09%3Cdiv%20class%3D%22adace_ad_61439b55a55b6%22%3E%0A%0A%09%09%0A%09%09%09%0A%09%09%09%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%0D%0A%3C%21--%20Ad1%20--%3E%0D%0A%3Cins%20class%3D%22adsbygoogle%22%0D%0A%20%20%20%20%20style%3D%22display%3Ablock%22%0D%0A%20%20%20%20%20data-ad-client%3D%22ca-pub-1901661950726093%22%0D%0A%20%20%20%20%20data-ad-slot%3D%227951881710%22%0D%0A%20%20%20%20%20data-ad-format%3D%22auto%22%0D%0A%20%20%20%20%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%0D%0A%3Cscript%3E%0D%0A%20%20%20%20%20%28adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D%29.push%28%7B%7D%29%3B%0D%0A%3C%2Fscript%3E%0A%09%09%09%3C%2Fdiv%3E%0A%09'; var unpack = true; if(viewport=tabletStart && viewport=landscapeStart && viewport=tabletStart && viewport=tabletEnd){ if ($wrapper.hasClass('.adace-hide-on-desktop')){ $wrapper.remove(); } } if(unpack) { $self.replaceWith(decodeURIComponent(content)); } } if($wrapper.css('visibility') === 'visible' ) { adace_load_61439b55a55d4(); } else { //fire when visible. var refreshIntervalId = setInterval(function(){ if($wrapper.css('visibility') === 'visible' ) { adace_load_61439b55a55d4(); clearInterval(refreshIntervalId); } }, 999); }

})(jQuery);

More than one exploit was possible used to delete information from customers’ WD My Book Live NAS drives final week, based on a brand new report from Ars Technica.

While WD initially pointed to a recognized exploit first uncovered again in 2018 that allowed unhealthy actors root entry to My Book drives, it appears there’s extra to the story.

Ars Technica says that whereas this second exploit doesn’t give hackers full management over the machine, it permits them to remotely wipe the drive with out figuring out the password. This vulnerability was first launched in 2011 and will have been mounted, however was de-activated so WD’s software program wouldn’t authenticate when performing a manufacturing unit reset on the drive, based on Censys analysts.

It’s unclear why hackers would wish to reset a bunch of NAS drives, however based on Ars Technica, it may have one thing to do with a considerably wild struggle between totally different hacking teams and botnets.

WD has a full evaluation of the exploit up on its web site. It’s unclear if there are any plans to repair the issue, although it does say that it’s going to present affected clients free information restoration providers and a trade-in program for a brand new model of the drive that also receives software program assist.

With all of this in thoughts, should you personal an older WD NAS drive, it’s possible a good suggestion to disconnect it from the web to stop your information from mysteriously disappearing.

Image credit score: WD

Source: Ars Technica, WD, Censys

What do you think?

Written by Gideon

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0