Last week, a vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass resets against vulnerable devices, leading to data loss. Users who examined the logs found that a script named “factoryRestore.sh” ran before the shutdowns and was likely the script created by the threat actors. When Western Digital first caught word of the My Book Live devices being targeted, it was incorrectly believed to be related to a 2018 vulnerability and was not patched because the devices were out of date. After further investigations, it was discovered that the vulnerability was a 0-day found in the latest firmware update for My Book Live devices.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is