Zero-day Vulnerabilities In My Book Live Devices Caused For The Mass-Factory Resets

A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. Recently My Book Live owners got hit by another cyberattack, leading to the disappearance of their stored files. The new attack actually used another zero-day bug that allowed a remote attacker to perform factory resets on Internet-connected devices. In the aptly named system_factory_restore script in the My Book Live's firmware, the authentication checks were commented out, letting anyone with access to the device to perform a factory reset. Read more...