Hackers use two errors if they can destroy Western Digital tools remotely
[ad_1]
After Western Digital My Book Live owners around the world said their weapons were he wiped away night, company printed a statement against another threat (CVE-2021-35941) at the ceremony. External research conducted by Ars Technica and Derek Abdine | (CTO at the Censys security) has revealed, however, that the perpetrators used another unspecified risk in a file called system_factory_restore.
In most cases, users have to enter their password in order to restart their devices. In fact, the script contains passwords to protect the redundancy policy. However, someone at Western Digital “responded” or, in a non-technical way, abolished the rule by adding a summary / starting point for each line. HD Moore, a security expert, explained to them Ars that this does not make things for the company. “It’s as if they helped pass through,” Moore said, as the attackers need to know the type of script that triggers the redesign to cover the threat.
The devices that were stolen using the CVE-2021-35941 threat were infected with a malicious virus, and at one time, it was a malware program that made the device part of the botnet. Ever since I turned my My Book storage tools into bottles and deleted them is absurd, Abdine’s opinion is that one destroyer used the risk of CVE-2021-35941. Subsequently, a second attacker (possibly an opponent) used an previously unknown threat to control the weapons, which are designed to be a botnet, or to eliminate the first operation.
In any case, this incident only shows that my My Book archives are not as secure as anyone would want here. Those who still have it should follow Western Digital’s advice and get rid of it online immediately.
All sales selected by Engadget are selected by our publishing team, independent of our parent company. Some of our articles include helpful links. If you purchase one of these links, we will be able to make a donation.
[ad_2]
Source link