June 11, 2023

Shortly after hackers remotely wiped internet-connected My Book Live devices, researchers shared a new zero-day vulnerability affecting Western Digital products running MyCloud OS 3.

Researchers discovered this vulnerability in 2020 and planned to present it at the Pwn2Own hacking competition last November. Western Digital addressed the vulnerability with the release of MyCloud OS 5. But not presented

That doesn’t mean the vulnerability is irrelevant. MyCloud OS 5 isn’t available for all Western Digital products, and some customers have reportedly held off on updating because it lacks features available in MyCloud OS 3. Unfortunately that also leaves these devices open to attack.

Western Digital has also said it won’t provide additional updates for MyCloud OS 3, so devices running the operating system will continue to be affected by this vulnerability.

People affected by this flaw have a few ways to defend themselves from attack: Upgrade to MyCloud OS 5, purchase a device capable of running MyCloud OS 5, install custom firmware that has to be re-enabled when the device is powered on, or disable remote access entirely.

Tags:

Leave a Reply

You may have missed

VMware Patches Vulnerabilities in Aria

VMware Patches Vulnerabilities in Aria

June 10, 2023
Fractureiser Malware Targets MineCraft

Fractureiser Malware Targets MineCraft

June 10, 2023
MoveIt New SQL Vulnerability ! Patch It

MoveIt New SQL Vulnerability ! Patch It

June 10, 2023
Japanese Pharma Eisai Victim of Ransomware Attack

Japanese Pharma Eisai Victim of Ransomware Attack

June 9, 2023
ACT Government Victim of Barracuda ESG Vulnerability

ACT Government Victim of Barracuda ESG Vulnerability

June 9, 2023
Anonymous Sudan Claims Responsible for Outlook Outages

Anonymous Sudan Claims Responsible for Outlook Outages

June 9, 2023
%d bloggers like this: