Hackers remotely wipe Western Digital hard drives

A display of ATMs and point-of-sale terminals can be hacked with a wave from your phone, according to a study published this week on the vulnerabilities of near-field communication card readers. And loopholes in a well-intentioned Dell firmware update mechanism left 128 recent and popular PC models, including high-end devices with additional security protections, vulnerable to attack.

This week, the French authorities indicted four former executives of the surveillance company Nexa Technologies (formerly Amesys) for alleged complicity in torture and war crimes. The charges are the result of the company allegedly selling spyware to authoritarian regimes in Libya between 2007 and 2014.

Meanwhile, notorious antivirus pioneer John McAfee death in prison, apparently by suicide, outside Barcelona on Wednesday after a Spanish court ruled he could be extradited to the United States to face tax evasion charges. And a withdrawal by the United States from Iranian media sites raises important questions about global precedents for free speech.

If you’ve been feeling Amazon breathing down your neck lately, take some time this weekend to remember the diversity of data the company collects about its users and consider options to protect your own information.

And the Pentagon finally released long-awaited UFO report. It is important for what he says and what he does not say.

And there’s more. Each week, we collect all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.

The whole point of using a network attached storage device is that you have a hard drive where you can save important data and then access files over the Internet while you are on the move. But unknown hackers are turning Western Digital My Book NAS hard drives into nightmare backup tools by compromising users’ devices and then deleting all the data they contain. My Books are controlled by an application, WD My Book Live, which allows customers to access their data remotely and manage their NAS. But users around the world are reporting that their devices have been hacked and wiped out. When they try to log in and access it, the Remote Management Dashboard shows “Invalid Password”. Western Digital said Beeping computer in a statement that he is actively investigating the situation. So far, however, victims who have lost data are simply out of luck. The devices in question are at least six years old and received their last firmware update in 2015. “Western Digital has determined that some My Book Live devices are compromised by malware. In some cases, this compromise has led to a factory reset that appears to erase all data on the device, ”the company said. “For now, we recommend that you disconnect your My Book Live from the Internet to protect your data on the device. . “

Seven months ago, the former president Donald Trump tweeted the last director of the Cybersecurity and Infrastructure Security Agency, Chris Krebs, for accepting the intelligence agencies’ conclusion that the 2020 elections were shielded from foreign interference. Since then, Krebs has yet to be replaced, although the United States has faced some of the worst cyber attacks on government agencies and critical infrastructure in history, including SolarWinds intrusions, massive server compromise. Exchange by Chinese hackers Hafnium and ransomware. attack on the colonial pipeline. And yet, this week, US Senator Rick Scott (R-Florida) announced that he would block the appointment of a new CISA director, the highly skilled Jen Easterly, until Vice President Kamala Harris travels to the southern border, delaying the appointment until after the Senate summer. break. Colleagues and cybersecurity practitioners, dismayed by the highly politicized delay of a US national security critical post, spoke on Twitter. “The cyber threat facing America is too real and too immediate to use the appointment of one of the most important cyber officials as a hostage to an unrelated political issue,” said Senator Angus King (I-Maine ) in a press release. “This is a spectacular dereliction of duty on the part of Senator Scott,” tweeted former Facebook CSO Alex Stamos. “Have a good summer!”

Cryptocurrency exchange Binance announced this week that it has been working with law enforcement to help trace the cryptocurrency used in the operations of the Cl0p ransomware gang, six of which have been arrested by police. Ukrainian in Kiev last week. According to Binance, the ransomware operators also ran their own money-laundering-focused cryptocurrency exchange, helping to cash in the criminal proceeds of Cl0p’s hacking operations as well as those of other groups. In total, the Cl0p gang has laundered no less than half a billion dollars, according to Binance and two blockchain analytics companies it has worked with, TRM Labs and Crystal. In fact, the six operators arrested last week may represent the money laundering component of Cl0p’s operations more than its actual hacking team. Despite arrests last week, Cl0p added a new company to its ransomware victim list on Tuesday of this week.

Amazon Web Services announced Friday that it has acquired the Wickr end-to-end encrypted chat application. The service provides secure communication and collaboration for individual users as well as businesses, governments and military customers. Wickr had raised nearly $ 60 million in funding since its inception in 2012. AWS said it will continue to operate Wickr in its current form and offer the platform to AWS customers. “This gives security-conscious businesses and government agencies the ability to implement important governance and security controls to help them meet their compliance requirements,” Stephen Schmidt, vice president and director wrote on Friday. information security from AWS.

More great WIRED stories

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *