Hackers remotely erase Western digital hard drives

A series of ATMs and point of sale terminals can be hacked with a wave from your phone, according to research published this week on vulnerabilities in near-field communication card readers. And flaws in a well-intentioned Dell firmware update mechanism has left 128 recent and popular PC models, including high-end devices with additional security protections, vulnerable to attack.

This week, French authorities charged four former executives of surveillance company Nexa Technologies (formerly Amesys) for alleged torture and war crimes. The allegations are the result of the company that allegedly sold spyware to authoritarian regimes in Libya between 2007 and 2014.

Meanwhile, famous pioneer of antivirus John McAfee he died in prison, declared suicidal, out of Barcelona on Wednesday after a Spanish court ruled he could be extradited to the United States to face charges of tax evasion. It is a suppression of the United States from Iranian media sites raises important questions about the world’s precedents of free speech.

If you’ve been hearing Amazon breathe a sigh of relief lately, take some time this weekend to remember the variety of data that society collects on its users and consider options to protect your own information.

And the The Pentagon has finally released its much-anticipated report on UFOs. It’s important for what he says — and what he doesn’t say.

And there is even more. Every week we add all the WIRED security news not covered in depth. Click on the titles to read the full stories, and stay safe.

The whole point of using a storage device connected to the network is to have a hard drive where you can back up important data and then access the files on the Internet while you are out. But unknown hackers are turning Western Digital My Book NAS hard drives into nightmare backup tools by compromising users ’devices and then erasing all data from them. My Books is controlled by an app, WD My Book Live, which allows customers to remotely access their data and manage their NAS. But users around the world are reporting that their devices have been hijacked and deleted. When trying to connect and access, the remote management panel says “Invalid password”. Western Digital said Bleeping Computer in a statement actively investigating the situation. So far, however, the victims who have lost the data are simply out of luck. The devices in question are at least six years old and received their most recent firmware update in 2015. “Western Digital has determined that some My Book Live devices are compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device, “the company said.” At this time, we recommend disconnecting your My Book Live from the Internet to protect your data on the device. “

Seven months ago, former president Donald Trump fired to tweet the latest director of the Cyber ​​Security and Infrastructure Agency, Chris Krebs, to agree with the intelligence agency’s conclusion that the 2020 elections had been held safe against foreign intrusion. Since then, Krebs has yet to be replaced – even as the United States has faced some of the worst cyber attacks on government agencies and critical infrastructure in history, including the SolarWinds intrusion, the mass compromise. of Exchange servers from China’s Hafnium hackers, and ransomware attacking the Colonial Pipeline. Yet this week U.S. Senator Rick Scott (R-Florida) announced that he would block the appointment of a new CISA director, the eminently qualified Jen Easterly, until Vice President Kamala Harris visits the southern border – delaying the appointment until after the summer of the Senate recess. Officials and cybersecurity practitioners, frightened by the highly politicized delay to a critical post for U.S. national security, have spoken out on Twitter. “The cyberthreat facing America is too real and too immediate to use the nomination of one of the most important cyber officers as a hostage to an unrelated political matter,” Senator Angus King (I-Maine) said in a statement. ). “This is a spectacular dereliction of duty from Senator Scott,” tweeted former Facebook CSO Alex Stamos. “Have a nice summer!”

The cryptocurrency exchange Binance announced this week that it was working with law enforcement to help track cryptocurrency used in the operations of the ransomware gang Cl0p, six of whom were arrested by Ukrainian police in Kyiv last week. According to Binance, ransomware operators have also managed their own cryptocurrency exchange focused on money laundering, helping to earn criminal revenue from the hacking operations of Cl0p and those of other groups. In total, the Cl0p band has laundered no less than half a billion dollars, according to Binance and two blockchain analytics companies it has worked with, TRM Labs and Crystal. In fact, the six operators arrested last week may represent the money laundering component of Cl0p’s operations more than its current piracy team. Despite last week’s arrests, Cl0p added a new company to its list of ransomware victims Tuesday this week.

Amazon Web Services announced Friday that it has acquired the end-to-end encrypted chat application Wickr. The service offers secure communication and collaboration for individual users and for businesses, governments and military customers. Wickr had raised nearly $ 60 million in funding since its founding in 2012. AWS says it will continue to operate Wickr in its current form and offer the platform to AWS customers. “This gives security-conscious businesses and government agencies the ability to put in place important governance and security controls to help them meet their compliance requirements,” the AWS vice president wrote Friday. the head of information security.

More Great WIRED Stories

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button