Tag Archive for: Book

Alarming Western Digital My Book Live Hack Reportedly Involved Two Dueling Security Exploits

/in


hackers may be battling over western digital my book live devices
Last week, hundreds if not thousands of My Book Live customers awoke to their devices being wiped and, in some cases, unrecoverable. At that time, it was simply thought that Western Digital had not patched a critical vulnerability from 2018 that allowed attackers to do this, but it seems there is more to the story than initially thought.

On June 23rd, WD Community Forum user sunspeak created a forum post that would ultimately spearhead the community outcry over the wiping of My Book Live devices. There have now been over 46,000 views and 763 replies on that post at the time of writing, some of which have devolved into fighting whether a company can just “end-of-life” (EOL) a product and not support it when there are glaring security issues. In any case, it seems the unpatched 2018 vulnerability was not the only thing at play here.

cve hackers may be battling over western digital my book live devices

We now know that the attackers were using the 2018 vulnerability to download a malicious payload, run it, and join the WD My Book Live devices to a botnet, as researchers at Censys explain. Then, the attacker password-protected their way in so, in theory, no one else could come in and take their work to build the botnet. However, this does not explain why some users found that their devices were being factory reset.

auth code hackers may be battling over western digital my book live devices
Commented Out Code That Disables Authentication For Factory Restore

As it turns out, the mass device wipes are part of a separate unauthenticated 0-day vulnerability in an endpoint named system_factory_restore, which does what the name implies. When the Censys team unpacked the firmware Western Digital shipped and looked at this endpoint, they surprisingly found the “authentication code commented out (disabled) at the top.” In short, this means a simple request to this endpoint would trigger the factory restore process without any authentication.

It is speculated that the mass-device wiping that occurred “could be an attempt at a rival botnet operator to take over these devices or render them useless, or someone who wanted to otherwise disrupt the botnet which has likely been around for some time, since these issues have existed since 2015.” Whatever the case is, there are still 55,348 WD My Book Live devices across the…

Source…

My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks – Threatpost

/in



My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks  Threatpost

Source…

Amazon’s Best Mobile Security Book for IT Professionals

/in


We’ve listed Amazon’s best mobile security books that IT professionals should consider adding to their reading list.

Knowledge of mobile security is in high demand among organizations considering the maintenance and protection of their mobile devices. The “new normal” of pandemics and subsequent remote work further increases the demands on mobile device security knowledge and skills. Few resources match the details and comprehensive details of one of the best mobile security titles on Amazon.

The editors of Solutions Review have done a lot for you by curating this list of the best mobile security titles on Amazon. These books are selected based on the total number and quality of reader user reviews and their ability to add business value. Below is a library of titles from recognized industry analysts, experienced practitioners, and subject matter experts across the depths of mobile device security and management. This edit contains publications for practitioners of all skill levels.

Note: The titles are not listed in any particular order.

6 mobile security books for bookshelves

Book title: Wireless and mobile device security

Our take: The author, Jim Doherty, has held various VP and executive positions in marketing, sales, and engineering teams.In addition to this resource on wireless and mobile security, Doherty Simplified networking A series of books.

Description: The world of wireless and mobile devices is evolving day by day, and many individuals rely solely on wireless devices at work and at home. As the use of mobile devices grows, organizations need to be educated to decide how to protect this technology and protect their assets. Wireless and mobile device security explores the evolution from wired and wireless networks and their impact on the corporate world. Use case studies and real-world events to describe the security measures you need to take to mitigate risk assessments, threats, vulnerabilities, and breaches in your wireless network.

Go to this book

Book title: Mobile Device Security: A Comprehensive Guide to Protecting Information in a Mobile World

Our take: Written by information security expert Stephen Fried, this book covers topics such as mobile…

Source…

Pull your Western Digital My Book Live NAS off the internet now if you value your files • The Register

/in


Western Digital has alerted customers to a critical bug on its My Book Live storage drives, warning them to disconnect the devices from the internet to protect the units from being remotely wiped.

In an advisory, the storage firm said My Book Live and My Book Live Duo devices were being “compromised through exploitation of a remote command execution vulnerability” CVE-2018-18472. The exploit is described as a root remote command execution bug which can be triggered by anyone who knows the IP address of the affected device – and is currently being “exploited in the wild in June 2021 for factory reset commands.”

Reports of the issue emerged on Thursday after owners of the NAS devices took to Western Digital’s support forums to complain.

“All my data is gone too. Message in GUI says it was ‘factory reset’ today! I am totally screwed without that data… years of it,” wrote one user.

“I kept all my documents on this drive. All files gone,” said another.

Device logs published on the Western Digital forums show the devices were remotely factory reset, although the culprits have not been found. In a statement earlier today, the company said it didn’t believe its own servers were compromised.

The Western Digital My Book Live connects to a host computer via USB, with internet access coming via an Ethernet port on the back. Remote access is obtained via Western Digital’s own cloud servers.

NAS drives have a storied history of falling victim to malicious actors. In April, Taiwanese storage giant QNAP urged customers to update their drives in the face of two specifically targeted ransomware strains, Qlocker and eCh0raix.

The previous year, authorities in the US and UK warned of a mass infection of data-stealing malware targeting QNAP drives. Dubbed Qsnatch, the attack compromised an estimated 62,000 devices. Once inside, the malware opened several backdoors – including SSH and a webshell – and resisted attempts by the…

Source…