Par désir de s’émanciper des GAFAM et refus du traçage de leur vie privée, des usagers ont choisi de se passer d’Android (version Google) et d’iOS (version Apple) sur leurs smartphones. Leurs systèmes d’exploitation se nomment /e/, Graphen ou Lineage. Des OS au code libre, qui limitent le partage de données avec les géants du web et désamorcent l’obsolescence des vieux modèles. [Lire la suite]
Les chercheurs du Laboratoire des menaces Avast ont également observé une augmentation des activités des rootkits et de nouvelles approches dans les domaines des kits d'exploit et du cheval de Troie bancaire « Flubot ».
Aujourd’hui les technologies évoluent rapidement. Certains d’entre nous changent de smartphone tous les 1 ou 2 ans pour bénéficier des dernières évolutions. Cela représente un coût… mais certaines choses peuvent être plus compliquées à renouveler. Je veux parler ici de voiture et des technologies embarquées, qui peuvent suivre les évolutions des smartphones. Au début, nous avions la prise jack pour connecter notre téléphone à la voiture. L’objectif était l’écoute de notre musique… pas très pratique pour changer de musique, car […]
Depuis hier, les lecteurs multimédias Amazon sont en promotion et c’est une bonne nouvelle. Avec les dernières mises à jour, les produits ont évolué et l’interface s’est améliorée. Si vous n’avez pas encore de lecteur Android, nous vous les recommandons… Fire TV 4K / Fire TV 4K Max Les 2 lecteurs multimédias 4K d’Amazon sont polyvalents. Il est possible de profiter de nombreux contenus en streaming Netflix, Prime Video, Disney+, Apple TV+… mais aussi Plex, Kodi, Jellyfin 😉 Tout d’abord, […]
Selon l’Anssi, entre 2019 et 2020, le nombre d’attaques par des ransomwares a été multiplié par quatre. Dans ce contexte, un rapport parlementaire publié la semaine dernière propose d’interdire aux assureurs de couvrir les rançons. La députée Valéria Faure-Muntian préconise également de sanctionner les organisations qui « procèdent au paiement des rançons ».
Alors que les entreprises continuent d’être les cibles privilégiées des cyberattaquants et qu’elles continuent de payer leurs rançons afin de limiter les dégâts, notre gouvernement tente d’apporter une réponse avec un rapport qui fait part de recommandations pour "lever les freins au développement en France d'un marché mature de la cyber assurance". L'objectif est défini : en structurant le segment assurantiel, c'est tout l'écosystème numérique français qui pourrait devenir plus robuste grâce à une meilleure prévention.
À la fin de l'été 2021, les solutions de détection automatique de Kaspersky ont empêché une série d'attaques utilisant un exploit portant sur l’élévation de privilèges via plusieurs serveurs Microsoft Windows. Après une analyse plus approfondie de l'attaque, les chercheurs de Kaspersky ont découvert un nouvel exploit Zero-Day.
Une récente étude de Kaspersky sur les difficultés rencontrées au début de la pandémie par les petites et moyennes entreprises à l'échelle française révèle que, pour près de la moitié d'entre elles (43 %), la préservation des emplois était la priorité absolue, à l’instar des PME à l’échelle mondiale. Elles étaient légèrement plus nombreuses (45 %) à viser en priorité l'intégration de nouvelles technologies pour assurer le bon déroulement de leurs activités dans ce nouveau contexte contre 53 % pour les PME dans le monde entier.
If you are reading this and you own a WD My Book or WD My Book Live Duo, then you might want to go check on it and maybe disconnect it from the internet for now. In the last 24+ hours, multiple users have reported that whilst trying to access their WD My Book NAS drive, they were barred entry with an ‘invalid password’ and mobile applications have ceased connectivity. Upon further investigation, they then find that their system has been completely formatted (ranging from directories, volumes and pools to in some cases everything) and all their data is now lost. This was originally raised over on the official WD Support blog here and not long after, multiple users at the same time have reported similar issues. Further examination of logs (once access to the system was possible) showed that remote access had been established to the system and a command to reset the system and storage be delivered. So what has happened? How did it happen and can the WD My Book Live data that people have lost be recovered?
How Did WD My Book Live NAS Drives Get Accessed Remotely
The WD My Book Live and My Book Live Duo are designed for access via the network and internet and were amoung some of WD’s first products for traditional NAS use, not just a HDD-on-the-internet, but have a GUI and dedicated CPU handling RAID, backups tasks and general system management. Remote access is conducted by accessing the NAS, through a firewall and via the official WD My Cloud Live servers (included with the cost of the device). However this remote access is what was used to push a command to the WD My Book Live system, executing the system reset with the following showing in the logs of the system )(from user Sunpeak on the WD Forums here)
Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script: Jun 23 15:14:05 MyBookLive shutdown: shutting down for system reboot Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start Jun 23 16:02:29 MyBookLive _: pkg: wd-nas Jun 23 16:02:30 MyBookLive _: pkg: networking-general Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav Jun 23 16:02:31 MyBookLive _: pkg: date-time Jun 23 16:02:31 MyBookLive _: pkg: alerts Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api
Since this was originally raised yesterday, lots of users have followed reporting the same, clearly showing this is an orchestrated attack of WD My Book Live systems, with the additional sad note that there has been no ransom.txt or other ransomware style communication left – meaning this has been done with the pure intention to destroy people’s data! Pretty lousy stuff! Since then this has gained considerably traction on multiple websites and the details on the National Vulnerability database (click below) has been updated serval times:
How Has Western Digital Responded to the WD My Book Live Attack
The response from WD on this NAS attack has been remarkably swift, considerably faster than I have personally seen from other brands suffering similar circumstances in previous years, with official instruction and widespread notification on their platforms in considerably less than a day. WD Have stated on their Security Advisory pages:
WDC Tracking Number: WDC-21008 Product Line: WD My Book Live and WD My Book Live Duo Published: June 24, 2021
Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.
Advisory Summary – At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device.
So, in short, WD believes this has been caused by the use of a remote command push to the WD My Book Live and WD My Book Duo Live NAS systems via an unpatched exploit on the system. They maintain that the issue is not caused from within their server-side, but are working on this right now to get to the bottom of it.
How Can A Vulnerability of the WD My Book Live Not Be Patching in a Firmware Update?
As previously mentioned, the WD My Book Live and My Book Live Duo were some of their earliest real NAS releases, as far back as 2010. Although these systems received numerous updates, the final update for this system was officially issued in 2015(see below)
Given the predicted life of hard drives, the lifespan of products and their broader commitment to customers, it is not unheard of that they would cease firmware updates on a product line after a given period of time (the same can be said of the majority of software-enabled hardware in our homes and business environment). However, this comes as little comfort to those data that has been deleted. Additionally, this is a vulnerability that was raised back in 2018 by ‘Wizcase’ and found on numerous ‘first generation’ NAS systems that were released in this period. At that time, WD responded to this officially with:
“The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”
Once again, there is a balance here that users need to keep in mind between reliance on the hardware purchased and the rigidity of a solution a considerable length of time since release, as well as the maintenance of backups in a robust data storage strategy. It will be interesting to see how WD respond to this situation as it unfolds.
Can The Lost Data on the WD My Book Live and My Book Live Duo Be Recovered?
As this has been a format conducted on the system as a whole, it makes the recovery of data on a Factory Reset/Wipred WD My Book Live very difficult! In previous cases of malware encryption or malicious data destruction, many users have taken advantage of the tremendously useful PhotoRec tool (previously featured in the QNAP Qlocker Recovery guides). PhotoRec is a file data recovery software designed to recover lost files including video, documents and archives from hard disks (as well as legacy storage media like CD-ROMs) and memory cards. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted. However, this is by no means full proof and does require a little more technical knowledge than many might have (with interfacing with the NAS in a software-accessible way being the first major hurdle). Here is an example of a PhotoRec recovery guide, but we are hoping quite soon for a more WD My Book Live specific guide with surface shortly.
Is My WD My Cloud or Regular WD My Book Direct Attach Storage Device Affected?
At this time there are no reports of this affecting the current generations of WD My Cloud, WD My Cloud Pro, WD My Cloud EX2 or WD My Cloud Sentinel Systems (which have far more recent firmware updates). Likewise, this will not affect WD My Book systems lack network/ethernet connectivity, as this lack both the means of communication and the software interface to inject the malicious command remotely.
Articles Get Updated Regularly - Get an alert every time something gets added to this page!
This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below
SEARCH IN THE BOX BELOW FOR NAS DEALS
Need Advice on Data Storage from an Expert?
We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and
on the articles when buying to provide advert revenue support or to donate/support the site below.Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you.Need Help?
Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry.
Terms and Conditions
Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.
This description contains links to Amazon. These links will take you to some of the products mentioned in today’s video. As an Amazon Associate, I earn from qualifying purchases
Be Regularly Updated on Security Concerns with Synology & QNAP NAS
Recently there has been a spotlight on some NAS brands and their security and protection from attacks by hackers and online intruders. In some cases, this has been down to holes being found in the system software or system protocol over time that, if left unpatched can lead to Ransomware like the QNAP QLocker of 2021, the Synology Synolocker of 2014. Typically, these can stem from many methods but ultimately revolve around hackers boarding the latest firmware and finding loopholes/backdoors within the system software each time it has an official update. This is not unusual and practically ALL the computer software-related services and hardware in your home/business environment go through this – most updates to the firmware in everything from your phone to your TV, router, console and more are specifically designed to close these newly found chinks in the armour. It is a constant game of cat and mouse, however, in almost all cases the vulnerability in software (that led to your system being penetrated) will be down to the fact your device has not been updated in firmware/software in a considerable length of time.
Why Do People Not Update Their QNAP or Synology NAS System Software Immediately?
Of course, updating the firmware on your NAS every single time a new system software version is released is not quite as simple as that. Sure, the actually ACT of updating is super easy and the NAS system will constantly remind you of updates in your system firmware or individual app software – but many still do not immediately action this update. This is by no means exclusive to NAS either, with many, MANY users choosing to ignore the windows update icon at the bottom right of the screen right now, or the recommended system update restart/remind option at the top right on a Mac. There are several reasons that people do not immediately update their firmware, such as:
The system is currently in use and there is no time right now to allow a restart, as well as having current projects/tabs/services operational
You once/twice experienced an update on a NAS (or really any device that has regular updates) that made the system unable to perform to the previous standard (software feature changed/removed), so you had to perform a complicated firmware roll-back/downgrade and it left you less keen on immediately firmware actions
It is a major firmware update that changes the system GUI and system options notable, so you do not wish to action a software update that will increase the learning curve
(less common but certainly happens) Your NAS system is part of a wider network of systems (part of a CMS) that either cannot or is not recommended to be individually updated without updating every other system at the same time
So, it is all fair and well for me to say ‘you should always update’, but the truth is that many have rather valid/understandable reasons for not actioning these straight away. Of course, the alternative would be for brands to automatically FORCE system updates through, or restrict an app/system able to connect with online services until the update is installed (as found with gaming services like Playstation Network and XBox Live) – but in a NAS, or even desktop/computer/phone-based systems these options would be INCREDIBLY UNPOPULAR! So, that is how we reached the current state of affairs between the NAS Brands, their system updates, individual app updates and how/when users choose to action them. So, how do we resolve this?
How to Remove QSnatch from your QNAP NAS
Protecting Your Synology NAS from Ransomware
What is QNAP QLocker?
How to Remove QLocker from your QNAP NAS
How Can You Stay On Top Of NAS Updates and Be Aware of Vulnerabilities on your NAS?
Many users might not be aware, but the majority of NAS brands (and indeed this extends to enterprise service providers like NetApp, cloud storage like Google Drive and large blob type storage like AWS and Azure) have an online portal that, known as the Security Advisory, that details the latest vulnerabilities, issues, faults and issues that are raised on their respective platforms. These are then available for public view (as they are submitted) and their effect, danger, current investigated status, date of the resolution and recommended action are then displayed. See Below:
These pages are almost certainly a legal requirement as part of their term of service and due diligence, not just a kind and wholesome gesture. However, it can be INCREDIBLY INTIMIDATING to read through them – even a 5-minute glance will make you question how on earth you have not been hacked yet! However, many of these vulnerabilities are exceptionally small and are built on exceptionally outdated firmware (perhaps 2-3 years overdue), require exceptionally weak security settings in place, DMZ network settings or simply are specific to a particular tool being used in a certain way. Nevertheless, many users will see these listings of issues and go one of two ways. One, they IMMEDIATELY UPDATE EVERYTHING and regularly update as soon as updates appear (regardless of the reasons against it listed earlier). Two, they look at the vulnerabilities, scroll through, see that none of them appear to be applicable to their own network hardware/storage setup and then continue to not-update until something more specific to their setup appears. There are pros and cons to either action of course, but better to have all the facts and listed vulnerabilities at your disposal than to proceed on just hunches and guesses!
How to Automatically Get Updated When Synology and QNAP NAS Vulnerabilities are Reported
Pretty much ALL of the brands in NAS, Data Storage and Cloud services have these security advisory pages, but the idea of checking these pages manually (i.e. bookmark etc) every day, week or month is too much of a hassle for many. On the other hand, they all arrive with an RSS feed link that allows users to subscribe to updates BUT many users are not even aware of how to apply an RSS feed (it’s a complex XML feed of text that needs to be injected into an appropriate RSS feed client/agent – so yeah, hardly noob friendly). So, in order to make this 1000x easier, I have (and by me, I mean Eddie the Web Guy spent time on it and I made this article!) made this page that will be constantly updated with the latest vulnerabilities reported on the popular NAS brands and storage-related manufacturers. It is still being built (so more brands are being added) but it will allow you to just chuck your email address below (will not be used for profit or spamming etc) and then you will get an alter EVERY TIME a new security vulnerability is updated by the brands (this is automated, so it will appear here as soon as it appears on the respective security advisory page). Additionally, there will be links back to the brand/manufacturer site so you can find out more about individual exploits and vulnerabilities, how they work, what they do and (most importantly) give you a better idea of whether you should update your NAS/Storage system or not. I hope you find it helpful and if you have any recommendations or idea of what we should add to this page/service to make it even better – let us know in the comments or directing here – https://nascompares.com/contact-us
Sign Up Below to Get Updates as New Vulnerabilities Are Reported
Articles Get Updated Regularly - Get an alert every time something gets added to this page!
QNAP NAS Current Vulnerabilities and Exploits [OPEN ]
Command Injection in QTS Thu, 24 Jun Link Command Injection in QTS Insecure Storage of Sensitive Information in myQNAPcloud Link Wed, 16 Jun Link Insecure Storage of Sensitive Information in myQNAPcloud Link SMB Out-of-Bounds Read in QTS Wed, 16 Jun Link SMB Out-of-Bounds Read in QTS Out-of-Bounds Read in QSS Fri, 11 Jun Link Out-of-Bounds Read in QSS Inclusion of Sensitive Information in QSS Fri, 11 Jun Link Inclusion of Sensitive Information in QSS Improper Access Control in Helpdesk Fri, 11 Jun Link Improper Access Control in Helpdesk Post-Authentication Reflected XSS in Qcenter Thu, 03 Jun Link Post-Authentication Reflected XSS in Qcenter Command Injection in Video Station Thu, 03 Jun Link Command Injection in Video Station DOM-Based XSS in QTS Thu, 03 Jun Link DOM-Based XSS in QTS Relative Path Traversal in QTS Fri, 21 May Link Relative Path Traversal in QTS Qlocker Ransomware Fri, 21 May Link Qlocker Ransomware in Roon Server Fri, 14 May Link in Roon Server eCh0raix Ransomware Fri, 14 May Link eCh0raix Ransomware Command Injection in Malware Remover Thu, 13 May Link Command Injection in Malware Remover Improper Access Control in Music Station Thu, 06 May Link Improper Access Control in Music Station AgeLocker Ransomware Thu, 29 Apr Link AgeLocker Ransomware Improper Authorization in HBS 3 (Hybrid Backup Sync) Thu, 22 Apr Link Improper Authorization in HBS 3 (Hybrid Backup Sync) SQL Injection in Multimedia Console and the Fri, 16 Apr Link SQL Injection in Multimedia Console and the Command Injection in QTS Fri, 16 Apr Link Command Injection in QTS Cross-site Scripting in File Station Fri, 16 Apr Link Cross-site Scripting in File Station
SYNOLOGY NAS Current Vulnerabilities and Exploits [OPEN ]
Synology-SA-21:21 Audio Station Important Resolved 2021-06-16 16:05:29 UTC+8 Synology-SA-21:20 FragAttacks Moderate Ongoing 2021-05-12 18:26:08 UTC+8 Synology-SA-21:19 SRM Important Resolved 2021-05-11 14:23:32 UTC+8 Synology-SA-21:18 Hyper Backup Moderate Resolved 2021-05-04 13:37:52 UTC+8 Synology-SA-21:17 Samba Moderate Ongoing 2021-05-06 11:28:17 UTC+8 Synology-SA-21:16 ISC BIND Moderate Ongoing 2021-05-03 10:34:51 UTC+8 Synology-SA-21:15 Antivirus Essential Important Resolved 2021-04-28 08:12:48 UTC+8 Synology-SA-21:14 OpenSSL Not affected Resolved 2021-03-29 08:56:36 UTC+8 Synology-SA-21:13 Samba AD DC Important Ongoing 2021-05-13 17:31:08 UTC+8 Synology-SA-21:12 Synology Calendar Moderate Resolved 2021-06-19 10:53:03 UTC+8 Synology-SA-21:11 Download Station Important Resolved 2021-06-19 11:15:17 UTC+8 Synology-SA-21:10 Media Server Moderate Resolved 2021-06-19 10:55:28 UTC+8 Synology-SA-21:09 WebDAV Server Moderate Resolved 2021-02-23 11:18:19 UTC+8 Synology-SA-21:08 Docker Low Resolved 2021-06-13 11:21:28 UTC+8 Synology-SA-21:07 Synology Directory Server Moderate Resolved 2021-02-23 11:17:51 UTC+8 Synology-SA-21:06 CardDAV Server Important Resolved 2021-02-23 11:17:26 UTC+8 Synology-SA-21:05 Audio Station Important Resolved 2021-02-23 09:52:31 UTC+8 Synology-SA-21:04 Video Station Moderate Resolved 2021-06-10 16:25:07 UTC+8 Synology-SA-21:03 DSM Important Pending 2021-06-11 09:45:46 UTC+8 Synology-SA-21:02 Sudo Low Ongoing 2021-06-02 17:00:07 UTC+8