Security News

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. This flaw is an out-of-bounds heap read/write in the Samba vfs fruit VFS module.

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. This flaw is an out-of-bounds heap read/write in the Samba vfs fruit VFS module.

70% of IT leaders find the cloud skills gap to be a great concern, a Cloudreach research reveals. It either slowed them down or posed an existential crisis to the company.

28% of companies are using four or more public/private clouds today, but that is expected to more than double in two years to 65%. "As cloud service providers improve their security and data protection offerings, decision-makers increasingly realize they can't protect their firms' data on-premises as well as they can in the cloud. But migrating existing IAM tools and processes to multicloud IaaS, PaaS, and private clouds creates problems that firms must solve" according to the Forrester study. "According to the Forrester study, firms can't just lift-and-shift existing IAM tools from on-premises to the cloud," said Eric Olden, CEO of Strata Identity.

Cloudreach released data highlighting the latest cloud technology trends, underscoring the impact the cloud skills gap is having on businesses. Multi-cloud capabilities, cloud system development, and cloud governance were the top three areas most impacted by the skills gap, according to respondents.

Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution. The flaw, tracked as CVE-2022-23121, was exploited by the NCC Group's EDG team members and relied on the open-source service named "Netatalk Service" that was included in My Cloud OS. The vulnerability, which has a CVSS v3 severity score of 9.8, allows remote attackers to execute arbitrary code on the target device, in this case, WD PR4100 NAS, without requiring authentication.

Over the past two years, companies' adoption of public cloud services has surged, but fast-paced change and weaker security controls have led to an increase in data breaches, finds a Laminar report. As companies go digital-first, data security professionals are managing an increasingly complex multi-cloud environment, while struggling with a lack of visibility, inadequate controls, and rising shadow data problem.

Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud. The malware was discovered by researchers at Volexity, who retrieved it from the RAM of a MacBook Pro running macOS 11.6, which was compromised in a late 2021 cyberespionage campaign.

Cloud security: How your public cloud environment may be vulnerable to data breach. A report released Tuesday by cloud security provider Laminar examines how a lack of visibility, poor controls and shadow data can leave your cloud environment open to security threats.

A Hornetsecurity hybrid cloud adoption survey of 900+ IT professionals primarily based in North America and Europe found that 93% of businesses are adopting a hybrid of cloud and on-premise solutions or migrating fully to the cloud within 5 years. While 29% of respondents said they are using hybrid cloud solutions as a steppingstone to a full cloud environment, 67% of respondents see hybrid as a final destination for their infrastructure due to workloads that must remain on premise.