Security News

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. This flaw is an out-of-bounds heap read/write in the Samba vfs fruit VFS module.

Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution. The flaw, tracked as CVE-2022-23121, was exploited by the NCC Group's EDG team members and relied on the open-source service named "Netatalk Service" that was included in My Cloud OS. The vulnerability, which has a CVSS v3 severity score of 9.8, allows remote attackers to execute arbitrary code on the target device, in this case, WD PR4100 NAS, without requiring authentication.

Magnet Forensics announced the release of an IDC survey which revealed that more than half of the respondents are expecting to make major investments in digital forensics and incident response technology over the next two years to address growing cybersecurity threats. "The results of the survey are clear: Digital forensics is going to play a central role in helping enterprises protect their most valuable digital assets over the next several years," said Adam Belsher, CEO at Magnet Forensics.

DevOps - an all-encompassing term for automating and managing digital transformation - helps organizations succeed with digital transformation by shifting the cultural mindset of the business, breaking down silos and paving the way for continuous processes. Ensuring your organization's digital transformation and DevOps processes are secure.

Users of Western Digital's EdgeRover app for Windows and Mac are advised to download an updated version to avoid a security flaw that might allow an attacker unauthorized access to directories and files. According to Western Digital, the flaw meant that EdgeRover was subject to a directory traversal vulnerability, which may have allowed an attacker to carry out a local privilege escalation and bypass file system sandboxing.

Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service attacks. EdgeRover is a centralized content management solution for Western Digital and SanDisk products, unifying multiple digital storage devices under a single management interface.

Consumers are digitally connected in almost all facets of their lives - and it's evident they expect the same from their banks and payment experiences, with consumers overwhelmingly expressing a preference for digital offerings from their financial institutions. "This study highlights how more than ever, consumer banking is about digital interactions first, and that they must create that digital experience with security at its foundation," said Jenn Markey, VP of product marketing at Entrust.

Much of the promise associated with future digital identity infrastructures is associated with greater automation of the identity lifecycle and the provision of greater control of personal data to end-users. New approaches to digital identity aim to provide more autonomy to end-users and to enforce a separation of concerns between the organization that initially verifies an identity and organizations that rely upon the trustworthiness of that identity.

How COVID-19 vaccine passport apps fail to secure data. In addition to failing to protect the data encoded by the QR code, 27 of the 40 vaccine passport apps that Symantec tested turned out to have risky behavior typically associated with mobile apps.

The global digital transformation market size is estimated to reach $1,759. The increasing adoption of advanced technologies, such as the Internet of Things and machine learning, across several industries/sectors, is encouraging businesses to implement connected, analytical, and data-rich solutions via digital transformation.