TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Credit card info of 1.8 million people stolen from sports gear sites
CISA urges VMware admins to patch critical flaw in Workspace ONE UEM
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
New stealthy DarkWatchman malware hides in the Windows Registry
This $19 bundle helps fill your résumé with CompTIA certifications
Western Digital warns customers to update their My Cloud devices
Save 50% on access to 2,400 hours of IT training from ITU Online
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Western Digital warns customers to update their My Cloud devices
Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support.
“On April 15, 2022, support for prior generations of My Cloud OS, including My Cloud OS 3, will end,” the company said this week.
“If your device isn’t compatible with My Cloud OS 5, you will lose remote access and will only be able to access it locally. Devices on these older firmware versions will not receive security fixes or technical support.”
Western Digital advises customers to protect their data from attackers after the firmware is no longer supported by backing up their devices, disabling remote access, disconnecting it from the internet, and choosing a unique and strong password.
Those who have eligible devices can update them to My Cloud OS 5 (which will be supported at least until the end of 2026) before the end of support date.
If the device isn’t compatible with the My Cloud OS 5 firmware, they can consider upgrading to a device that is.
“My Cloud OS 5 is a major and fundamental security release that provides an architectural revamp of our older My Cloud firmware and adds new defenses to thwart common classes of attacks,” Western Digital says.
“We will not provide any further security updates to the My Cloud OS3 firmware. We strongly encourage moving to the My Cloud OS5 firmware.”
For details on finding if you have a device compatible with My Cloud OS 5, you can check the Firmware Availability and Supported Devices support page.
To make it easier to upgrade to a supported My Cloud device, in January 2022, the company will send 20% discount coupons to customers with devices that aren’t compatible with My Cloud OS 5 via email.
You will not be required to return your old device to use the coupon, which will be usable for 90 days to buy one of the qualifying products: My Cloud Home (8TB), My Cloud EX2 Ultra (16TB, 24TB, 28TB) or My Book (12 TB). 
To underscore the risks of running unsupported firmware, in July, Western Digital warned of ongoing attacks targeting My Book Live and My Book Live Duo devices.
In some cases, these attacks led to all data from hacked devices being erased after the attackers triggered an unauthenticated factory reset vulnerability (CVE-2021-35941).
The threat actors deployed trojan malware on other compromised devices using exploits targeting a second bug, a critical root remote command execution flaw tracked as CVE-2018-18472.
The vulnerabilities exploited in these attacks were limited to the My Book Live device series that received the final firmware update in 2015.
SanDisk SecureAccess bug allows brute forcing vault passwords
Not a member yet? Register Now
Upgraded to log4j 2.16? Surprise, there’s a 2.17 fixing DoS
New stealthy DarkWatchman malware hides in the Windows Registry
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Police arrests ransomware affiliate behind high-profile attacks

New zero-day exploit for Log4j Java library is an enterprise nightmareALPHV BlackCat…

Alleged ransomware affiliate arrested for healthcare attacks

Grafana fixes zero-day vulnerability after exploits spread over TwitterGoogle disrupts massive Glupteba…

CISA orders federal agencies to patch Log4Shell by December 24th

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsBugs in billions…

Phorpiex botnet returns with new tricks making it harder to disrupt

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…