SecurityWeek reports that Western Digital has prevented all devices on firmware affected by the critical vulnerability, tracked as CVE-2022-36327, from accessing its cloud services since June 15, in an effort to curb cyberattacks that may prompt significant data compromise.
Exploiting the flaw, which affects Western Digitals My Cloud Home, My Cloud Home Duo, My Cloud OS 5 devices, and SanDisk ibi, could enable file writing in locations with particular filesystem types, according to an advisory from the National Institute of Standards and Technology.
The vulnerability, along with other medium-severity flaws, had been resolved by Western Digital on May 15 with the release of My Cloud OS 5 firmware version 5.26.202, while a server-side request forgery bug had been addressed by the company in My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices as part of the firmware version 9.4.1-101 release on May 26.
Nonapplication of the firmware update would hinder users of the aforementioned devices from accessing their data although such could still be done locally on their devices.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news