Last week, a vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass resets against vulnerable devices, leading to data loss. Users who examined the logs found that a script named “factoryRestore.sh” ran before the shutdowns and was likely the script created by the threat actors. When Western Digital first caught word of the My Book Live devices being targeted, it was incorrectly believed to be related to a 2018 vulnerability and was not patched because the devices were out of date. After further investigations, it was discovered that the vulnerability was a 0-day found in the latest firmware update for My Book Live devices.
Because My Book Live devices are no longer supported, a patch is not likely to come. Consumers who still have My Book Live devices exposed to the Internet should bring them offline as a precaution. If that is not possible, it is also recommended to set them up behind a firewall or inside of a local VPN. If Western Digital decides to change its mind about providing updates, patching as soon as possible is also highly recommended.