In Sans News Bites, there is a headline about something called Mybook.
No, we’re not talking about Facebook, Myspace, MyTelespace, or anything like that.
Sans News Bites in their coverage talk about Bleeping Computer and Ars Technica covering this, and Brian Krebs link to both of these within his story of this.
Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a previously unknown critical flaw that can be triggered by anyone who knows the Internet address of an affected device.
To make matters worse, this device hasn’t been supported since 2014 according to Krebs, yet people still have them. It is supposed to be a backup device from what I can gather, but I am sure I don’t have one.
The bug, according to Krebs, was reported back in 2018 to Western Digital, and they said that since it isn’t supported, users shold only have it connected locally and not on the Internet.
The CVE number assigned to this vulnerability is CVE-2018-18472 and it has taken this long for an attack to be launched on these devices.
For the full story, MyBook Users Urged to Unplug Devices from Internet should be read, or find coverage under Sans that was posted to this blog and will be posted again as part of the Security Box for this coming week. Its unfortunate it took this long, but we can’t do anything about it if no coverage of it is made public.
I’m glad that Western Digital made something available at the time, but my question is whether they notified their customers of these devices. I guess we’ll never know.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.