RAID FAIL: NAS Maker does a CrowdStrike—cleanup on /dev/dsk/c1t2d3s4 please

The post QNAP’s Buggy Security Fix Causes Chaos appeared first on Security Boulevard.

‘Bobby’ flaw flagged WONTFIX: Company doesn’t make storage devices now; has zero interest in fixing this catastrophic vulnerability.

The post These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER appeared first on Security Boulevard.

The post LinkedIn Data Leak, Western Digital NAS Attacks, STIR/SHAKEN Deadline appeared first on The Shared Security Show.

The post LinkedIn Data Leak, Western Digital NAS Attacks, STIR/SHAKEN Deadline appeared first on Security Boulevard.

A 2019 vulnerability is being exploited to remotely wipe WD My Book Live NAS devices, by Eastern-European malefactors.

The post Did your WD My Book NAS get Wiped? Put a Brave Face on It appeared first on Security Boulevard.

Data backup is very crucial for any business. It’s been said that a company is as good as the quality of its data backup plan. In a perfect world, if you have the best backup solution, your need for insurance is significantly reduced—a reliable backup plan ensures your data is safe even when the systems..

The post 5 Essentials to Consider When Backing up Your Data appeared first on Security Boulevard.

The French government’s national cybersecurity agency has released an operating system built using open source components internally over the course of more than 10 years for use by the French administration. Dubbed CLIP OS, the operating system is based on the open source Linux kernel, but focuses on security hardening and provides partitioning mechanisms that..

The post French Government Open Sources Secure Operating System appeared first on Security Boulevard.

The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.

Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.

YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.

To mount any NAS via SMB:

mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:

mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:

hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:

printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.

The post Recovering data from an old encrypted Time Machine backup appeared first on Security Boulevard.

A week ago, leading cyber threat intelligence team Cisco Talos reported that no less than 500,000 IoT devices in up to 54 countries were infected by new malware called VPNFilter. An earlier version, believed to be launched by a nation-state, targeted Ukraine.

The post Malware hits 500k IoT devices, Talos reports appeared first on Health Security Solutions.

The post Malware hits 500k IoT devices, Talos reports appeared first on Security Boulevard.

The post Dome9 Package for Synology NAS appeared first on Security Boulevard.