A few years back the D-Link DNS-320L NAS device made headlines thanks to the discovery of a hardwired user and password present which allowed anyone access to your device. Western Digital seems to have completely ignored that previous furor as it turns out they reused that same firmware, without the update D-Link provided years back, on a number of My Cloud devices. As of now, if you are running any of the devices listed by The Register here with a firmware version below 4.x you are exposed. If you can't find newer firmware, which may well be the case, you can use D-Link's 2.30.174 firmware patch on your My Cloud; as always back up anything you don't want to lose before doing a firmware update.
"If you have a Western Digital My Cloud network attached storage device, it's time to learn how to update its OS because researcher James Bercegay has discovered a dozen models possess a hard-coded backdoor."
Here is some more Tech News from around the web:
- AMD CES 2018 Announcement Roundup @ [H]ard|OCP
- CES 2018 : The Acer Nitro 5 2018 Gaming Laptop @ TechARP
- Intel's eighth-gen Core processors with Radeon RX Vega M graphics @ The Tech Report
- CES 2018 : New Acer Swift 7 + Spin 3 Laptops @ TechARP
- Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches @ The Register
- Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too @ The Register
- Microsoft Halts Bitcoin Transactions Because It's An 'Unstable Currency' @ Slashdot
- EUV Lithography Finally Ready for Chip Manufacturing @ IEEE Spectrum
- EWin Champion Series Ergonomic Computer Gaming Chair Review @ OCC