Recently, Microsoft released Windows Server 2022 and Windows 11 in Insider Preview. Today, we will see whether the old tricks to reset the administrator password and gain access to Windows systems using built-in tools, such as Utilman.exe, still work or were mitigated.

The post Reset a Windows 11 password and the Windows Server 2022 administrator password first appeared on 4sysops.

GitHub a annoncé hier que la plateforme n'accepte plus les mots de passe pour l'authentification des opérations Git CLI, et nécessitera donc l'utilisation d’identifiants plus forts pour toutes les opérations Git authentifiées sur GitHub.com. Cela inclut les clés SSH (pour les développeurs), les tokens d'installation OAuth ou GitHub App (pour les intégrateurs) ou une clé de sécurité matérielle, telle qu'une YubiKey.

The post GitHub passe au sans mot de passe pour une 2FA plus forte, comme avec les YubiKeys first appeared on UnderNews.

Active Directory (AD) account password reset is a common task for support personnel. In this post, we will take a look at several possibilities for how to reset an AD password using PowerShell.

The post How to reset an Active Directory password with PowerShell first appeared on 4sysops.

Il y a quelques semaines, Synology annoncait plusieurs nouveautés  : DSM 7.0 et plusieurs nouvelles fonctionnalités autour de C2 (Cloud maison). L’outil C2 Password vient tout juste d’être mis en ligne (Coffre-fort et Transfert de fichier). Il est actuellement gratuit et une offre payante devrait arriver prochainement. Regardons de plus près ces nouveautés… Synology C2 Password C2 Password est avant tout un gestionnaire de mots de passe. Il permet de générer et conserver vos mots de passe de façon sécurisée… […]

Cet article Synology C2 Password est disponible est apparu en premier sur Cachem

WD My Book NAS Devices Being Remotely Formatted

If you are reading this and you own a WD My Book or WD My Book Live Duo, then you might want to go check on it and maybe disconnect it from the internet for now. In the last 24+ hours, multiple users have reported that whilst trying to access their WD My Book NAS drive, they were barred entry with an ‘invalid password’ and mobile applications have ceased connectivity. Upon further investigation, they then find that their system has been completely formatted (ranging from directories, volumes and pools to in some cases everything) and all their data is now lost. This was originally raised over on the official WD Support blog here and not long after, multiple users at the same time have reported similar issues. Further examination of logs (once access to the system was possible) showed that remote access had been established to the system and a command to reset the system and storage be delivered. So what has happened? How did it happen and can the WD My Book Live data that people have lost be recovered?

How Did WD My Book Live NAS Drives Get Accessed Remotely

The WD My Book Live and My Book Live Duo are designed for access via the network and internet and were amoung some of WD’s first products for traditional NAS use, not just a HDD-on-the-internet, but have a GUI and dedicated CPU handling RAID, backups tasks and general system management. Remote access is conducted by accessing the NAS, through a firewall and via the official WD My Cloud Live servers (included with the cost of the device). However this remote access is what was used to push a command to the WD My Book Live system, executing the system reset with the following showing in the logs of the system )(from user Sunpeak on the WD Forums here)

Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-general
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api

Since this was originally raised yesterday, lots of users have followed reporting the same, clearly showing this is an orchestrated attack of WD My Book Live systems, with the additional sad note that there has been no ransom.txt or other ransomware style communication left – meaning this has been done with the pure intention to destroy people’s data! Pretty lousy stuff! Since then this has gained considerably traction on multiple websites and the details on the National Vulnerability database (click below) has been updated serval times:

 

How Has Western Digital Responded to the WD My Book Live Attack

The response from WD on this NAS attack has been remarkably swift, considerably faster than I have personally seen from other brands suffering similar circumstances in previous years, with official instruction and widespread notification on their platforms in considerably less than a day. WD Have stated on their Security Advisory pages:

WDC Tracking Number: WDC-21008
Product Line: WD My Book Live and WD My Book Live Duo
Published: June 24, 2021

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.

Advisory Summary – At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device.

So, in short, WD believes this has been caused by the use of a remote command push to the WD My Book Live and WD My Book Duo Live NAS systems via an unpatched exploit on the system. They maintain that the issue is not caused from within their server-side, but are working on this right now to get to the bottom of it.

How Can A Vulnerability of the WD My Book Live Not Be Patching in a Firmware Update?

As previously mentioned, the WD My Book Live and My Book Live Duo were some of their earliest real NAS releases, as far back as 2010. Although these systems received numerous updates, the final update for this system was officially issued in 2015(see below)

Given the predicted life of hard drives, the lifespan of products and their broader commitment to customers, it is not unheard of that they would cease firmware updates on a product line after a given period of time (the same can be said of the majority of software-enabled hardware in our homes and business environment). However, this comes as little comfort to those data that has been deleted. Additionally, this is a vulnerability that was raised back in 2018 by ‘Wizcase’ and found on numerous ‘first generation’ NAS systems that were released in this period. At that time, WD responded to this officially with:

“The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

Once again, there is a balance here that users need to keep in mind between reliance on the hardware purchased and the rigidity of a solution a considerable length of time since release, as well as the maintenance of backups in a robust data storage strategy. It will be interesting to see how WD respond to this situation as it unfolds.

Can The Lost Data on the WD My Book Live and My Book Live Duo Be Recovered?

As this has been a format conducted on the system as a whole, it makes the recovery of data on a Factory Reset/Wipred WD My Book Live very difficult! In previous cases of malware encryption or malicious data destruction, many users have taken advantage of the tremendously useful PhotoRec tool (previously featured in the QNAP Qlocker Recovery guides). PhotoRec is a file data recovery software designed to recover lost files including video, documents and archives from hard disks (as well as legacy storage media like CD-ROMs) and memory cards. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted. However, this is by no means full proof and does require a little more technical knowledge than many might have (with interfacing with the NAS in a software-accessible way being the first major hurdle). Here is an example of a PhotoRec recovery guide, but we are hoping quite soon for a more WD My Book Live specific guide with surface shortly.

Is My WD My Cloud or Regular WD My Book Direct Attach Storage Device Affected?

At this time there are no reports of this affecting the current generations of WD My Cloud, WD My Cloud Pro, WD My Cloud EX2 or WD My Cloud Sentinel Systems (which have far more recent firmware updates). Likewise, this will not affect WD My Book systems lack network/ethernet connectivity, as this lack both the means of communication and the software interface to inject the malicious command remotely.

 

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.   This description contains links to Amazon. These links will take you to some of the products mentioned in today’s video. As an Amazon Associate, I earn from qualifying purchases

A Guide to Recovering Your NAS Files from the QLocker QNAP NAS Malware Attack

Good news for those of you whose QNAP NAS systems were affected by the QLocker Malware attack last month – a recoverable solution has been produced by QNAP on this (with assistance from 3rd party open source project PhotoRec) that, although a little long and technical, is a great deal more understandable than many QLocker solutions that have appeared yet. This new method does not need users to open SSH on their system and although there is a degree of command/code entry involved, it is moderately straightforward and will hopefully allow you to avoid paying the ransomware fee to recover files. This method centres around file recovery, rather than breaking the encryption, so like any data recovery practice, this is not going to be tremendously quick – i.e. it will be largely dictated by the volume of files that need recovery. It will be interesting to see how much QNAP HQ have learned from this Qlocker business, what can be done to avoid this in future and if QRescue and collaborative builds with recovery software like PhotoRec can build towards a standardized NAS tool that can be used more generally in recovery in the future. Nevertheless, below is the guide that was provided by QNAP and includes tools and links to resources that will help you get the recovery completed.

Important Note – Do not attempt this ‘casually’. This method is by no means as intrusive as other methods in the last few weeks that involved messaging with the encrypted files themselves but IS a guide you should be prepared to action from beginning to end in a single session – so make sure you have allowed a good stretch of time to do this! Additionally, you WILL need access to an external Hard Drive/SSD that is 1.5-2 times the size of the data you are trying to recover, as additional space is liked needed during the recovery of files before they are completed. Make sure the external drive is EMPTY as it WILL be formatted.

Step By Step Guide to Recovering Encryptioned QNAP NAS files from QLocker

Make sure your QNAP NAS is running normally and no firmware/restarts are scheduled during the process of running PhotoRec or QRescue on your NAS. Additionally, another reminder that the external HDD/SSD that you use for the recovered files from QLocker WILL be formatted during following these steps. This Guide covers:

 

So, did this QLocker recovery guide work for you? How did you find the PhotoRec and QRescue applications did their job? Let me know in the comments and share with others how well/poorly this guide helped you recover your files from ransomware encryption.

Alternatively, If you still need help choosing the NAS solution for your needs, use the NASCompares free advice section below. It is completely free, is not a subscription service and is manned by real humans (two humans actually, me and Eddie). We promise impartial advice, recommendations based on your hardware and budget, and although it might take an extra day or two to answer your question, we will get back to you.

 

Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.