FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFlux principal

Reset a Windows 11 password and the Windows Server 2022 administrator password

20 septembre 2021 à 16:05
Par : Leos Marek

Recently, Microsoft released Windows Server 2022 and Windows 11 in Insider Preview. Today, we will see whether the old tricks to reset the administrator password and gain access to Windows systems using built-in tools, such as Utilman.exe, still work or were mitigated.

The post Reset a Windows 11 password and the Windows Server 2022 administrator password first appeared on 4sysops.

GitHub passe au sans mot de passe pour une 2FA plus forte, comme avec les YubiKeys

17 août 2021 à 14:38
Par : UnderNews

GitHub a annoncé hier que la plateforme n'accepte plus les mots de passe pour l'authentification des opérations Git CLI, et nécessitera donc l'utilisation d’identifiants plus forts pour toutes les opérations Git authentifiées sur GitHub.com. Cela inclut les clés SSH (pour les développeurs), les tokens d'installation OAuth ou GitHub App (pour les intégrateurs) ou une clé de sécurité matérielle, telle qu'une YubiKey.

The post GitHub passe au sans mot de passe pour une 2FA plus forte, comme avec les YubiKeys first appeared on UnderNews.

How to reset an Active Directory password with PowerShell

10 août 2021 à 17:06
Par : Leos Marek

Active Directory (AD) account password reset is a common task for support personnel. In this post, we will take a look at several possibilities for how to reset an AD password using PowerShell.

The post How to reset an Active Directory password with PowerShell first appeared on 4sysops.

Synology C2 Password est disponible

23 juillet 2021 à 07:00
Par : Fx

synology C2 password 300x225 - Synology C2 Password est disponibleIl y a quelques semaines, Synology annoncait plusieurs nouveautés  : DSM 7.0 et plusieurs nouvelles fonctionnalités autour de C2 (Cloud maison). L’outil C2 Password vient tout juste d’être mis en ligne (Coffre-fort et Transfert de fichier). Il est actuellement gratuit et une offre payante devrait arriver prochainement. Regardons de plus près ces nouveautés… Synology C2 Password C2 Password est avant tout un gestionnaire de mots de passe. Il permet de générer et conserver vos mots de passe de façon sécurisée… […]

Cet article Synology C2 Password est disponible est apparu en premier sur Cachem

WD My Book Live NAS – Remote Format Attack Reported

25 juin 2021 à 21:58

WD My Book NAS Devices Being Remotely Formatted

If you are reading this and you own a WD My Book or WD My Book Live Duo, then you might want to go check on it and maybe disconnect it from the internet for now. In the last 24+ hours, multiple users have reported that whilst trying to access their WD My Book NAS drive, they were barred entry with an ‘invalid password’ and mobile applications have ceased connectivity. Upon further investigation, they then find that their system has been completely formatted (ranging from directories, volumes and pools to in some cases everything) and all their data is now lost. This was originally raised over on the official WD Support blog here and not long after, multiple users at the same time have reported similar issues. Further examination of logs (once access to the system was possible) showed that remote access had been established to the system and a command to reset the system and storage be delivered. So what has happened? How did it happen and can the WD My Book Live data that people have lost be recovered?

How Did WD My Book Live NAS Drives Get Accessed Remotely

The WD My Book Live and My Book Live Duo are designed for access via the network and internet and were amoung some of WD’s first products for traditional NAS use, not just a HDD-on-the-internet, but have a GUI and dedicated CPU handling RAID, backups tasks and general system management. Remote access is conducted by accessing the NAS, through a firewall and via the official WD My Cloud Live servers (included with the cost of the device). However this remote access is what was used to push a command to the WD My Book Live system, executing the system reset with the following showing in the logs of the system )(from user Sunpeak on the WD Forums here)

Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-general
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api

Since this was originally raised yesterday, lots of users have followed reporting the same, clearly showing this is an orchestrated attack of WD My Book Live systems, with the additional sad note that there has been no ransom.txt or other ransomware style communication left – meaning this has been done with the pure intention to destroy people’s data! Pretty lousy stuff! Since then this has gained considerably traction on multiple websites and the details on the National Vulnerability database (click below) has been updated serval times:

 

How Has Western Digital Responded to the WD My Book Live Attack

The response from WD on this NAS attack has been remarkably swift, considerably faster than I have personally seen from other brands suffering similar circumstances in previous years, with official instruction and widespread notification on their platforms in considerably less than a day. WD Have stated on their Security Advisory pages:

WDC Tracking Number: WDC-21008
Product Line: WD My Book Live and WD My Book Live Duo
Published: June 24, 2021

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.

Advisory Summary – At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device.
CVE Number:CVE-2018-18472

So, in short, WD believes this has been caused by the use of a remote command push to the WD My Book Live and WD My Book Duo Live NAS systems via an unpatched exploit on the system. They maintain that the issue is not caused from within their server-side, but are working on this right now to get to the bottom of it.

How Can A Vulnerability of the WD My Book Live Not Be Patching in a Firmware Update?

As previously mentioned, the WD My Book Live and My Book Live Duo were some of their earliest real NAS releases, as far back as 2010. Although these systems received numerous updates, the final update for this system was officially issued in 2015(see below)

Given the predicted life of hard drives, the lifespan of products and their broader commitment to customers, it is not unheard of that they would cease firmware updates on a product line after a given period of time (the same can be said of the majority of software-enabled hardware in our homes and business environment). However, this comes as little comfort to those data that has been deleted. Additionally, this is a vulnerability that was raised back in 2018 by ‘Wizcase’ and found on numerous ‘first generation’ NAS systems that were released in this period. At that time, WD responded to this officially with:

“The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

Once again, there is a balance here that users need to keep in mind between reliance on the hardware purchased and the rigidity of a solution a considerable length of time since release, as well as the maintenance of backups in a robust data storage strategy. It will be interesting to see how WD respond to this situation as it unfolds.

Can The Lost Data on the WD My Book Live and My Book Live Duo Be Recovered?

As this has been a format conducted on the system as a whole, it makes the recovery of data on a Factory Reset/Wipred WD My Book Live very difficult! In previous cases of malware encryption or malicious data destruction, many users have taken advantage of the tremendously useful PhotoRec tool (previously featured in the QNAP Qlocker Recovery guides). PhotoRec is a file data recovery software designed to recover lost files including video, documents and archives from hard disks (as well as legacy storage media like CD-ROMs) and memory cards. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted. However, this is by no means full proof and does require a little more technical knowledge than many might have (with interfacing with the NAS in a software-accessible way being the first major hurdle). Here is an example of a PhotoRec recovery guide, but we are hoping quite soon for a more WD My Book Live specific guide with surface shortly.

Is My WD My Cloud or Regular WD My Book Direct Attach Storage Device Affected?

At this time there are no reports of this affecting the current generations of WD My Cloud, WD My Cloud Pro, WD My Cloud EX2 or WD My Cloud Sentinel Systems (which have far more recent firmware updates). Likewise, this will not affect WD My Book systems lack network/ethernet connectivity, as this lack both the means of communication and the software interface to inject the malicious command remotely.

 


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.   This description contains links to Amazon. These links will take you to some of the products mentioned in today’s video. As an Amazon Associate, I earn from qualifying purchases

QNAP QLocker Recovery Walkthrough with QRescue Software

27 mai 2021 à 02:00

A Guide to Recovering Your NAS Files from the QLocker QNAP NAS Malware Attack

Good news for those of you whose QNAP NAS systems were affected by the QLocker Malware attack last month – a recoverable solution has been produced by QNAP on this (with assistance from 3rd party open source project PhotoRec) that, although a little long and technical, is a great deal more understandable than many QLocker solutions that have appeared yet. This new method does not need users to open SSH on their system and although there is a degree of command/code entry involved, it is moderately straightforward and will hopefully allow you to avoid paying the ransomware fee to recover files. This method centres around file recovery, rather than breaking the encryption, so like any data recovery practice, this is not going to be tremendously quick – i.e. it will be largely dictated by the volume of files that need recovery. It will be interesting to see how much QNAP HQ have learned from this Qlocker business, what can be done to avoid this in future and if QRescue and collaborative builds with recovery software like PhotoRec can build towards a standardized NAS tool that can be used more generally in recovery in the future. Nevertheless, below is the guide that was provided by QNAP and includes tools and links to resources that will help you get the recovery completed.

Important Note – Do not attempt this ‘casually’. This method is by no means as intrusive as other methods in the last few weeks that involved messaging with the encrypted files themselves but IS a guide you should be prepared to action from beginning to end in a single session – so make sure you have allowed a good stretch of time to do this! Additionally, you WILL need access to an external Hard Drive/SSD that is 1.5-2 times the size of the data you are trying to recover, as additional space is liked needed during the recovery of files before they are completed. Make sure the external drive is EMPTY as it WILL be formatted.

Step By Step Guide to Recovering Encryptioned QNAP NAS files from QLocker

Make sure your QNAP NAS is running normally and no firmware/restarts are scheduled during the process of running PhotoRec or QRescue on your NAS. Additionally, another reminder that the external HDD/SSD that you use for the recovered files from QLocker WILL be formatted during following these steps. This Guide covers:

  • Overview
  • Requirements

Steps

  • Part 1. Configure external HDD with the name “rescue” and create folders with the name “recup1” for recovery.
  • Part 2. Download and Manually Install the QRescue App
  • Part 3. Run PhotoRec
  • Part 4. Run QRescue
  • Part 5. Move the recovery data to your NAS.

Let’s begin.

Overview:

QRescue is the data recovery tool for Qlocker-encrypted 7z files. It contains:

  • PhotoRec (Open Source Project / GNU General Public License / Project Link):
    File recovery software designed to recover lost files from hard disks and CD-ROMs, and lost pictures (thus the Photo Recovery name) from the storage medium.
  • QRescue (Powered by QNAP):
    The script to recover file structures from the encrypted 7z files and PhotoRec files.

Requirements:

  • Download the QRescue app from this link.
    https://download.qnap.com/QPKG/QRescue.zip
  • Prepare an external hard disk drive with a capacity larger than the total used storage space on your NAS.
    • Note: It’s advised to prepare an external HDD with 1.5 to 2x free space than the total used storage space on your NAS. Additional space might be required during the recovery process. If the available space is less than the suggested value, error and other issues may occur.

Steps:

Part 1. Configure external HDD with the name “rescue” and create folders with the name “recup1” for recovery.

QRescue will process the recovery process to external drive first, and we need to do some configuration for this recovery process and create the specific destination and folder name.

  1. You need to prepare an external HDD that its usable capacity is larger than the total used storage size of your NAS. This is because you will recover the files to the external device first. Please check your used volume size first by clicking More > About on the QTS desktop.
  2. Insert the external drive to your NAS. Please go to Storage Manager > External Device > Select your external device > Click “Actions” > Click “Format” to format the external drive.
  3. The File System must be “EXT4”, and the Label name must be key in “rescue”. If these configuration is ready, please click “Format

    Notice:
    The QRescue app will use “rescue” as the external drive name. If you use other names, the recovery process might fail.
  4. (Optional) If you disable the admin account or you don’t use admin to login QTS, you might not see the external drive on the File Station. Please go to Control Panel > Privilege > Shared Folder > Edit Shared Folder Permission to enable or change read / write permission for “rescue” folder and to match the account that you log in the NAS.
    • Sample:
      Grant other administrator group account (Example: “_qnap_support” is the administrator group account for read/write permission to external hard drive naming “rescue”).

  5. Using File Station to check the volume for the correct external device name.
  6. Create the new folder and name as “recup1” (format: recup+{number}). If you have more than one storage volume, you need to add more folders for recovery.

    Notice:
    The QRescue app will use “recup+{number}” as the folder name. If you use other names, the recovery process might fail.

    Part 2. Download and Manually Install the QRescue App

    This QRescue app is a special build. Therefore, you need to manually install this app from the QTS App Center.

  7. Please go to this link to download the QRescue app.
    https://download.qnap.com/QPKG/QRescue.zip
  8. Please go to App Center > Click Install Manually > Click Browse to find the QRescue app location on your computer.
  9. After selecting the app location, you can click Install. Wait until the installation completes and open the QRescue app on QTS desktop or side-bar.
  10. When you open the QRescue app, you will see the web console. It can help to run PhotoRec and QRescue to recover your files.

    Part 3. Run PhotoRec

    Running PhotoRec can help you to recover the lost files from hard disks to the external drive. Now you will recover the NAS files to the “recup1” (example: recup+{disk_number}) folder on the external drive.

  11. Type this command and press Enter on your keyboard. You will start to run PhotoRec.
    Command:
    photorec
  12. Use Up/Down arrows to choose the hard drive. And you can start to select the NAS disk for running recovery by PhotoRec.
    • Sample:
      • /dev/mapper/cachedev1 as 1st data volume
      • /dev/mapper/cachedev2 as 2nd data volume
      • /dev/mapper/cachedev20 as 20th data volume
    • Note:
      You can check the number of data volumes in Storage & Snapshots > Storage/Snapshots
  13. Select the “ext4” partition and press “Enter
  14. Select the file system as [ ext2/ext3 ] and click “Enter” key.
  15. Select the space as [ Whole ] and click the “Enter” key.
  16. Now we need to select the external device’s folder as the recovery destination.
    • Source Destination: /share/external/DEV3301_01/qpkg/QRescue   [QRescue qpkg]
    • Recovery Destination: /share/rescue/recup1 [External Device]
    • Click “..” to go back to the upper level folder
      • Sample destination: External disk on QRescue app
      • Sample: External Device (name: rescue) > Destination Folder (name: recup1)
  17. Please click “C” on the keyboard when the destination is “/share/rescue/recup1”.
  18. Start to run the recovery process by PhotoRec. Now you can see the estimated time to completion.
  19. When you finish the PhotoRec, you can press enter when you select  [Quit] or type in “ctrl-c” to exit.

    Part 4. Run QRescue

    Run QRescue can help you to recover the files retrieved by PhotoRec. Now you will recover the files from the “recup+{number}” folder to the “restore+{number}” folder which auto creates on your external drive.

  20. Type this command and click Enter on your keyboard. You will start to run QRescue.
    Command:
    qrescue.sh
  21. (Optional) If you have two or more data volumes on your NAS, the screen will let you select which data volume you will start the process. Please type the number and press “enter”. If you only have one data volume, you might not see this step.

  22. (Optional) Now you can see the progress for which files were completed in the recovery process.
  23. When all of the QRescue process is completed, the screen will show the result summary and the process for sending the system log.
  24. QRescue app also will send the event log to QuLog Center / System Log and notify you on finishing the whole recovery process. If you have opened the QNAP support ticket, don’t forget to make the feedback for your case. QNAP support team will help you to double check. Thank you very much.

Part 5. Move the recovery data to your NAS.

You can move the recovery data to your NAS by File Station


 

So, did this QLocker recovery guide work for you? How did you find the PhotoRec and QRescue applications did their job? Let me know in the comments and share with others how well/poorly this guide helped you recover your files from ransomware encryption.

Alternatively, If you still need help choosing the NAS solution for your needs, use the NASCompares free advice section below. It is completely free, is not a subscription service and is manned by real humans (two humans actually, me and Eddie). We promise impartial advice, recommendations based on your hardware and budget, and although it might take an extra day or two to answer your question, we will get back to you.

 


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  
❌