Data: CASIE
Trigger word:
post
Negative Trigger
details
of
a
vulnerability
in
a
popular
cloud
storage
drive
after
the
company
failed to issue
Vulnerability-related.PatchVulnerability
security
patches
for
over
a
year
.
Remco
Vermeulen
found
Vulnerability-related.DiscoverVulnerability
a
privilege
escalation
bug
in
Western
Digital
’
s
My
Cloud
devices
,
which
he
said
Vulnerability-related.DiscoverVulnerability
allows
an
attacker
to
bypass
the
admin
password
on
the
drive
,
gaining
“
complete
control
”
over
the
user
’
s
data
.
The
exploit
works
because
drive
’
s
web-based
dashboard
doesn
’
t
properly
check
a
user
’
s
credentials
before
giving
a
possible
attacker
access
to
tools
that
should
require
higher
levels
of
access
.
The
bug
was
“
easy
”
to
exploit
,
Vermeulen
told
TechCrunch
in
an
email
,
and
was
remotely
exploitable
if
a
My
Cloud
device
allows
remote
access
over
the
internet
—
which
thousands
of
devices
do
.
He
posted
a
proof-of-concept
video
on
Twitter
.
Details
of
the
bug
were
also
independently
found
Vulnerability-related.DiscoverVulnerability
by
another
security
team
,
which
released
its
own
exploit
code
.
Vermeulen
reported
Vulnerability-related.DiscoverVulnerability
the
bug
over
a
year
ago
,
in
April
2017
,
but
said
the
company
stopped
responding
.
Normally
,
security
researchers
give
90
days
for
a
company
to
respond
,
in
line
with
industry-accepted
responsible
disclosure
guidelines
.
After
he
found
Vulnerability-related.DiscoverVulnerability
that
WD
updated
Vulnerability-related.PatchVulnerability
the
My
Cloud
firmware
in
the
meanwhile
without fixing
Vulnerability-related.PatchVulnerability
the
vulnerability
he
found
Vulnerability-related.DiscoverVulnerability
,
he
decided
to
post
Vulnerability-related.DiscoverVulnerability
his
findings
.
A
year
later
,
WD
still
hasn’t released
Vulnerability-related.PatchVulnerability
a
patch
.
The
company
confirmed
Vulnerability-related.DiscoverVulnerability
that
it
knows
Vulnerability-related.DiscoverVulnerability
of
the
vulnerability
but
did
not
say
why
it
took
more
than
a
year
to
issue
Vulnerability-related.PatchVulnerability
a
fix
.
“
We
are
in
the
process
of
finalizing
a
scheduled
firmware
update
that
will resolve
Vulnerability-related.PatchVulnerability
the
reported
issue
,
”
a
spokesperson
said
,
which
will arrive
Vulnerability-related.PatchVulnerability
“
within
a
few
weeks.
”
WD
said
Vulnerability-related.DiscoverVulnerability
that
several
of
its
My
Cloud
products
are vulnerable
Vulnerability-related.DiscoverVulnerability
—
including
the
EX2
,
EX4
and
Mirror
,
but
not
My
Cloud
Home
.
In
the
meantime
,
Vermeulen
said
that
there
’
s
no
fix
and
that
users
have
to
“
just
disconnect
”
the
drive
altogether
if
they
want
to
keep
their
data
safe
.
China
’
s
largest
Internet
security
company
,
Qihoo
360
,
has found
Vulnerability-related.DiscoverVulnerability
several
high-risk
security
vulnerabilities
in
EOS
’
s
blockchain
platform
.
These
vulnerabilities
would
enable
remote
attacks
on
all
EOS
nodes
,
Qihoo
360
claimed
Vulnerability-related.DiscoverVulnerability
on
Weibo
Tuesday
,
May
29
.
Qihoo
360
writes
Vulnerability-related.DiscoverVulnerability
that
they
reported
Vulnerability-related.DiscoverVulnerability
the
vulnerability
to
the
EOS
team
and
that
the
EOS
mainnet
will
not
launch
until
the
security
problems
are resolved
Vulnerability-related.PatchVulnerability
.
Local
news
outlet
Jinse
,
which
noted
that
EOS
asked
360
not to report
Vulnerability-related.DiscoverVulnerability
the
vulnerability
,
claimed
that
the
vulnerabilities
have been fixed
Vulnerability-related.PatchVulnerability
on
the
same
day
,
by
around
2:00
pm
China
Standard
Time
.
According
to
360
’
s
Weibo
post
Vulnerability-related.DiscoverVulnerability
,
the
vulnerability
would
allow
an
attacker
to
use
a
smart
contract
with
malicious
code
to
open
a
security
hole
,
and
then
use
the
supernode
to
enter
the
malicious
smart
contract
into
a
new
block
,
thus
putting
all
network
nodes
under
the
attacker
’
s
control
.
Once
this
action
has
been
completed
,
the
attacker
could
then
control
the
digital
currency
on
the
EOS
network
,
obtain
user
’
s
private
keys
and
data
,
launch
a
cyber
attack
,
or
begin
mining
for
other
cryptocurrencies
.
360
describes
Vulnerability-related.DiscoverVulnerability
these
vulnerabilities
as
a
new
“
series
of
unprecedented
security
risks
”
that
could
affect
other
blockchain
platforms
besides
EOS
:
“
360
expressed
[
hope
]
that
the discovery and disclosure
Vulnerability-related.DiscoverVulnerability
of
this
loophole
will
cause
the
blockchain
industry
and
security
peers
to
pay
more
attention
to
the
security
of
such
issues
and
jointly
enhance
the
security
of
the
blockchain
network.
”
EOS
,
whose
mainnet
is
scheduled
to
launch
on
June
2
,
is
currently
down
by
2.76
percent
over
a
24
hour
period
,
trading
at
around
$
11.70
by
press
time
,
according
to
Coinmarketcap
data
.