Photo Corners headlinesarchivemikepasini.com
A S C R A P B O O K O F S O L U T I O N S F O R T H E P H O T O G R A P H E R
Enhancing the enjoyment of taking pictures with news that matters, features that entertain and images that delight. Published frequently.
Krebs Warns Another Zero-Day Looms For WD Users
6 July 2021
In a blog post today on KrebsonSecurity, security journalist Brian Krebs warns that the recent remote data wipe of MyBook Live devices is not the only problem the company is facing. He cites "a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can't or won't upgrade to the latest operating system."
A flaw in the remote code execution exists in all WD network attached storage devices running MyCloud OS 3, he writes. Last year, the company released MyCloud OS 5, which eliminates the problem.
"If your device is not eligible for upgrade to My Cloud OS 5," the company warned in a March 2021 statement after the release of the new OS, "we recommend that you upgrade to one of our other My Cloud offerings that support My Cloud OS 5."
WD's most recent statement (01-wd-statement.htm) on the MyBook Live issue announced the company's plans to offer data recovery and upgrade options to users afflicted by the attack.
"If attackers get around to exploiting this OS 3 bug, Western Digital might soon be paying for data recovery services and trade-ins for a whole lot more customers," Krebs concludes.