Tag Archives: developed

Ragnar Locker ransomware attack hides inside virtual machine

Threat actors developed a new type of ransomware attack that uses virtual machines, Sophos revealed Thursday in a blog post.

Sophos researchers recently detected a Ragnar Locker ransomware attack that “takes defense evasion to a new level.” According to the post, the ransomware variant was deployed inside a Windows XP virtual machine in order to hide the malicious code from antimalware detection. The virtual machine includes an old version of the Sun xVM VirtualBox, which is a free, open source hypervisor that was acquired by Oracle when it acquired Sun Microsystems in 2010.

“In the detected attack, the Ragnar Locker actors used a GPO task to execute Microsoft Installer (msiexec.exe), passing parameters to download and silently install a 122 MB crafted, unsigned MSI package from a remote web server,” Mark Loman, Sophos’ director of engineering for threat mitigation, wrote in the post.

The MSI package contained Sun xVM VirtualBox version 3.0.4, which was released August of 2009, and “an image of a stripped-down version of the Windows XP SP3 operating system, called MicroXP v0.82.” In that image is a 49 KB Ragnar Locker executable file.

“Since the vrun.exe ransomware application runs inside the virtual guest machine, its process and behaviors can run unhindered, because they’re out of reach for security software on the physical host machine,” Loman wrote.

This was the first time Sophos has seen virtual machines used for ransomware attacks, Loman said.

It’s unclear how many organizations were affected by this recent attack and how widespread it was. Sophos was unavailable for comment at press time. In the past, the Ragnar Locker ransomware group has targeted managed service providers and used their remote access to clients to infect more organizations.

In other Sophos news, the company published an update Thursday regarding the attacks on Sophos XG Firewalls. Threat actors used a customized Trojan Sophos calls “Asnarök” to exploit a zero-day SQL vulnerability in the firewalls, which the vendor quickly patched through a hotfix. Sophos researchers said the Asnarök attackers tried to bypass the hotfix and deploy ransomware in customer environments. However, Sophos said it took other steps to mitigate the threat beyond the hotfix, which prevented the modified attacks.

Go to Original Article
Author:

Welcoming more women into cybersecurity: the power of mentorships

From the way our industry tackles cyber threats, to the language we have developed to describe these attacks, I’ve long been a proponent to challenging traditional schools of thought—traditional cyber-norms—and encouraging our industry to get outside its comfort zones. It’s important to expand our thinking in how we address the evolving threat landscape. That’s why I’m not a big fan of stereotypes; looking at someone and saying they “fit the mold.” Looking at my CV, one would think I wanted to study law, or politics, not become a cybersecurity professional. These biases and unconscious biases shackle our progression. The scale of our industry challenges is too great, and if we don’t push boundaries, we miss out on the insights that differences in race, gender, ethnicity, sexuality, neurology, ability, and degrees can bring.

As we seek to diversify the talent pool, a key focus needs to be on nurturing female talent. Microsoft has hired many women in security, and we will always focus on keeping a diverse workforce. That’s why as we celebrate Women in Cybersecurity Month and International Women’s Day, the security blog will feature a few women cybersecurity leaders who have been implementing some of their great ideas for how to increase the number of women in this critical field. I’ll kick off the series with some thoughts on how we can build strong mentoring relationships and networks that encourage women to pursue careers in cybersecurity.

There are many women at Microsoft who lead our security efforts. I’m incredibly proud to be among these women, like Joy Chik, Corporate Vice President of Identity, who is pushing the boundaries on how the tech industry is thinking about going passwordless, and Valecia Maclin, General Manager of Security Engineering, who is challenging us to think outside the box when it comes to our security solutions. On my own team, I think of the many accomplishments of  Ping Look, who co-founded Black Hat and now leads our Detection and Response Team (DART), Sian John, MBE, who was recently recognized as one of the top 50 influencers in cybersecurity in the U.K., and Diana Kelley, Microsoft CTO, who tirelessly travels to the globe to share how we are empowering our customers through cybersecurity—just to name a few. It’s important we continue to highlight women like these, including our female cybersecurity professionals at Microsoft who made the Top 100 Cybersecurity list in 2019. The inspiration from their accomplishments goes far beyond our Microsoft campus. These women represent the many Microsoft women in our talented security team. This month, you’ll also hear from some of them in subsequent blog posts on how to keep the diverse talent you already have employed. And to conclude the month, Theresa Payton, CEO at Fortalice Solutions, LLC., and the host of our CISO Spotlight series will share tips from her successful experience recruiting talented women into IT and cybersecurity.

Our cyber teams must be as diverse as the problems we are trying to solve

You’ve heard me say this many times, and I truly believe this: As an industry, we’ve already acknowledged the power of diversity—in artificial intelligence (AI). We have clear evidence that a variety of data across multiple sources and platforms enhances and improves AI and machine learning models. Why wouldn’t we apply that same advantage to our teams? This is one of several reasons why we need to take diversity and inclusion seriously:

  • Diverse teams make better and faster decisions 87 percent of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20 percent. What ideas have we missed by not including more women?
  • With an estimated shortfall of 3.5 million security professionals by 2021, the current tech talent pipeline needs to expand—urgently.
  • Cyber criminals will continue to exploit the unconscious bias inherent in the industry by understanding and circumventing the homogeneity of our methods. If we are to win the cyber wars through the element of surprise, we need to make our strategy less predictable.

Mentoring networks must start early

Mentorship can be a powerful tool for increasing the number of women in cybersecurity. People select careers that they can imagine themselves doing. This process starts young. Recently a colleague’s pre-teen daughter signed up for an after-school robotics class. When she showed up at the class, only two other girls were in the room. Girls are opting out of STEM before they can (legally) opt into a PG-13 movie. But we can change this. By exposing girls to technology earlier, we can reduce the intimidation factor and get them excited. One group that is doing this is the Security Advisor Alliance. Get involved in organizations like this to reach girls and other underrepresented groups before they decide cybersecurity is not for them.

Building a strong network

Mentoring young people is important, but to solve the diversity challenges, we also need to bring in people who started on a different career path or who don’t have STEM degrees. You simply won’t find the talent you need through the anemic pipeline of college-polished STEM graduates. I recently spoke with Mari Galloway, a senior security architect in the gaming industry and CEO of the Women’s Society of Cyberjutsu (WSC) about this very topic in my podcast. She agreed on the importance of finding a mentor, and being a mentee.

Those seeking to get into cybersecurity need a network that provides the encouragement and constructive feedback that will help them grow. I have mentored several non-technical women who have gone on to have successful roles in cybersecurity. These relationships have been very rewarding for me and my mentees, which is why I advocate that everybody should become a mentor and a mentee.

If you haven’t broken into cybersecurity yet, or if you are in the field and want to grow your career, here are a few tips:

  • Close the skills gap through training and certificate programs offered by organizations like Sans Institute and ISC2. I am especially excited about Girls Go Cyberstart, a program for young people that Microsoft is working on with Sans Institute.
  • Build up your advocate bench with the following types of mentors:
    • Career advocate: Someone who helps you with your career inside your company or the one you want to enter.
    • Coach: Someone outside your organization who brings a different perspective to troubleshooting day-to-day problems.
    • Senior advisor: Someone inside or outside your organization who looks out for the next step in your career.
  • Use social media to engage in online forums, find local events, and reach experts. Several of my mentees use LinkedIn to start the conversation.
  • When you introduce yourself to someone online be clear that you are interested in their cumulative experience not just their job status.

For those already in cybersecurity, be open to those from the outside seeking guidance, especially if they don’t align with traditional expectations of who a cybersecurity professional is.

Mentorship relationships that yield results

A mentorship is only going to be effective if the mentee gets valuable feedback and direction from the relationship. This requires courageous conversations. It’s easy to celebrate a mentee’s visible wins. However, those moments are the result of unseen trench work that consists of course correcting and holding each other accountable to agreed upon actions. Be prepared to give and receive constructive, actionable feedback.

Creating inclusive cultures

More women and diverse talent should be hired in security not only because it is the right thing to do, but because gaining the advantage in fighting cybercrime depends on it. ​Mentorship is one strategy to include girls before they opt out of tech, and to recruit people from non-STEM backgrounds.

What’s next

Watch for Diana Kelley’s blog about how to create a culture that keeps women in the field.

Learn more about Girls Go Cyberstart.

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter.

Go to Original Article
Author: Microsoft News Center

GumGum uses machine learning annotation service Figure Eight

GumGum developed computer vision and NLP technology to help clients better advertise to their users.

The Santa Monica, Calif.-based vendor, founded in 2008, automatically scans video, audio, images and text on webpages, identifying and extracting key elements. It then uses that data to help advertisers place relevant ads on the webpages.

To power its machine learning and computer vision technology, GumGum needs a lot of training data. To meet its data needs, about two years ago the company turned to Figure Eight, a crowdsourcing machine learning annotation vendor.

Acquired by Appen, another crowdsourcing machine learning annotation company, in April 2019, Figure Eight provides training data to a variety of similar vendors. Figure Eight relies on a network of contributors to annotate huge amounts of data.

The contributors are trained, although they are mostly not data scientists, and are screened for security purposes. Their large contributor network enables Figure Eight to train data at scale, as well as continue to review annotated data while a job is running.

Getting training data

Before using Figure Eight, GumGum employed full-time staff for machine learning annotation, said Erica Nishimura, data curator  at GumGum. That worked, but it was costly and, at times, slow. With large amounts of data, it could take months to get useable training data. Besides, the staff could only work in English, but GumGum has clients internationally.

Figure Eight, machine learning annotation
Figure Eight uses a contributor network to provide training data for companies like GumGum

Figure Eight, meanwhile, works in a number of languages. At the time, Nishimura said, it was one of the only companies that worked in Japanese. As GumGum has a thriving Japanese division, the language support was one of the main reasons it chose Figure Eight.

Scalability, said Lane Schechter, product manager at GumGum, was the other reason GumGum chose Figure Eight.

Working with Figure Eight has increased GumGum’s data capacity tenfold, Schechter said. Also, instead of taking months to get completed machine learning annotation, it now happens in about a week.

Problems

Still, that’s not to say that working with Figure Eight has been without its share of problems.

One of the biggest challenges has been communicating directly with Figure Eight’s crowdsource contributors, Nishimura said.

At times, the contributors have had trouble understanding exactly what GumGum wants, but, because there is no way to directly interact with the contributors, Nishimura said it is hard to know if the contributors are having problems, or what they might be.

The best GumGum can do is put in a message, Nishimura said, but there is no way to alert each contributor to the message. Besides, a single message isn’t the same as having a conversation, she added.

While she was unsure if other similar crowdsourcing machine learning annotation companies have a better way to communicate with contributors, Nishimura said some other companies have their own checkers, who do spot-checks on completed annotations.

“It’s one more step to ensure quality,” Nishimura said. But, she added, the prices of those services are generally higher than those of Figure Eight’s.

Go to Original Article
Author:

Google to unveil post-Chronicle cloud cybersecurity plans

Google is set to reveal how cloud cybersecurity technologies developed by Chronicle have been worked into its portfolio for large enterprise customers.

In June, Google Cloud announced it had acquired Chronicle, a startup launched within parent company Alphabet in 2015. Integration work has proceeded since then, and details will be shared at the Cloud Next ’19 UK conference, which begins in London on Nov. 20.

A recent report on Chronicle from Vice’s Motherboard publication painted a bleak picture of the company post-Google acquisition, with key executives including its founder and CEO departing, and dismal morale in the product-development trenches.

“People keep quitting. Sales doesn’t know what to do, since there’s no real product roadmap anymore. Engineering is depressed for the same reason,” an unnamed Chronicle employee told the site.

Asked for comment, a Google spokeswoman pointed to the company’s blog post on the upcoming announcements at Cloud Next UK, and did not address the claims of unrest at Chronicle.

Google plans to announce “multiple new native capabilities” for security, as well as planned new features for Backstory, Chronicle’s main cloud cybersecurity product, according to the blog.

Backstory can ingest massive amounts of security telemetry data and process it for insights. It is geared toward companies that have a wealth of this information but lack the staff or resources to analyze it in-house.

Customers upload their telemetry data to a private repository on Google Cloud infrastructure, where it is indexed and analyzed by Chronicle’s software engine. The engine compares the customer’s data against threat intelligence signals mined from many sources and looks for problematic correlations.

Backstory will compete with both on-premises security information and event management platforms and cloud cybersecurity systems, such as Sumo Logic and Splunk. Rival cloud providers have responded as well, with one prominent case being Azure Sentinel, which Microsoft launched this year.

Beyond performance and results, pricing may be a key factor for Backstory. Chronicle has made much of the fact that it won’t be priced according to data volume, but the exact nature of the business model still isn’t clear. Microsoft uses a tiered, fixed-fee pricing scheme for Azure Sentinel based on daily data capacity.

Backstory’s biggest opportunity may be outside Google Cloud

Jon OltsikJon Oltsik

While Chronicle’s staff would have enjoyed more freedom if kept independent from Google Cloud, there’s no evidence to suggest it’s being held back at this point, according to Jon Oltsik, senior principal analyst for cybersecurity at Enterprise Strategy Group.

The Google Cloud management team needs to give Chronicle the latitude to innovate and compete.
Jon OltsikSenior principal analyst, cybersecurity, Enterprise Strategy Group

“The Google Cloud management team needs to give Chronicle the latitude to innovate and compete against a strong and dynamic market,” he said. “This should be the model moving forward and I’ll be monitoring how it proceeds.”

There is an emerging market for specific security analytics and operations tools for monitoring the security of cloud-based workloads, which aligns well with Google Cloud, Oltsik added. But the bigger opportunity lies with customers who aren’t necessarily Google Cloud users, he added.

Go to Original Article
Author:

For Sale – Mac Mini 2011 i7 FAULTY

My mac mini has developed a fault with (I believe) the dedicated GPU (see photo). It doesn’t get past the boot up screen.

I personally don’t have the time (or inclination) to want to try to fix this.

The spec of this machine is:

  • Mac Mini mid-2011
  • 2.7GHz dual-core Intel Core i7
  • 8GB RAM (2 x 4GB sticks)
  • 500GB hard drive
  • AMD Radeon HD 6630M graphics processor

As far as I can tell, it’s only the GPU that’s causing problems, all the ports, wifi, bluetooth all work.

This is being sold as NOT WORKING and therefore no returns accepted, it might be right for someone who has the time and tools to attempt a fix. Note that as I couldn’t get past the boot screen I have opened this up to get the drive out to recover data and then wipe it.

Please do ask questions if you’re interested.

Go to Original Article
Author:

For Sale – Mac Mini 2011 i7 FAULTY

My mac mini has developed a fault with (I believe) the dedicated GPU (see photo). It doesn’t get past the boot up screen.

I personally don’t have the time (or inclination) to want to try to fix this.

The spec of this machine is:

  • Mac Mini mid-2011
  • 2.7GHz dual-core Intel Core i7
  • 8GB RAM (2 x 4GB sticks)
  • 500GB hard drive
  • AMD Radeon HD 6630M graphics processor

As far as I can tell, it’s only the GPU that’s causing problems, all the ports, wifi, bluetooth all work.

This is being sold as NOT WORKING and therefore no returns accepted, it might be right for someone who has the time and tools to attempt a fix. Note that as I couldn’t get past the boot screen I have opened this up to get the drive out to recover data and then wipe it.

Please do ask questions if you’re interested.

Go to Original Article
Author:

For Sale – Mac Mini 2011 i7 FAULTY

My mac mini has developed a fault with (I believe) the dedicated GPU (see photo). It doesn’t get past the boot up screen.

I personally don’t have the time (or inclination) to want to try to fix this.

The spec of this machine is:

  • Mac Mini mid-2011
  • 2.7GHz dual-core Intel Core i7
  • 8GB RAM (2 x 4GB sticks)
  • 500GB hard drive
  • AMD Radeon HD 6630M graphics processor

As far as I can tell, it’s only the GPU that’s causing problems, all the ports, wifi, bluetooth all work.

This is being sold as NOT WORKING and therefore no returns accepted, it might be right for someone who has the time and tools to attempt a fix. Note that as I couldn’t get past the boot screen I have opened this up to get the drive out to recover data and then wipe it.

Please do ask questions if you’re interested.

Go to Original Article
Author:

NetSpectre is a remote side-channel attack, but a slow one

Researchers developed a new proof-of-concept attack on Spectre variant 1 that can be performed remotely, but despite the novel aspects of the exploit, experts questioned the real-world impact.

Michael Schwarz, Moritz Lipp, Martin Schwarzl and Daniel Gruss, researchers at the Graz University of Technology in Austria, dubbed their attack “NetSpectre” and claim it is the first remote exploit against Spectre v1 and requires “no attacker-controlled code on the target device.”

“Systems containing the required Spectre gadgets in an exposed network interface or API can be attacked with our generic remote Spectre attack, allowing [it] to read arbitrary memory over the network,” the researchers wrote in their paper. “The attacker only sends a series of crafted requests to the victim and measures the response time to leak a secret value from the victim’s memory.”

Gruss wrote on Twitter that Intel was given ample time to respond to the team’s disclosure of NetSpectre.

Gruss went on to criticize Intel for not designating a new Common Vulnerabilities and Exposures (CVE) number for NetSpectre, but an Intel statement explained the reason for this was because the fix is the same as Spectre v1.

“NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753) and is mitigated in the same manner — through code inspection and modification of software to ensure a speculation-stopping barrier is in place where appropriate,” an Intel spokesperson wrote via email. “We provide guidance for developers in our whitepaper, ‘Analyzing Potential Bounds Check Bypass Vulnerabilities,’ which has been updated to incorporate this method. We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp and Stefan Mangard of Graz University of Technology for reporting their research.”

Jake Williams, founder and CEO of Rendition Infosec, agreed with Intel’s assessment and wrote by Twitter direct message that “it makes sense that this wouldn’t get a new CVE. It’s not a new vulnerability; it’s just exploiting an existing vulnerability in a new way.”

The speed of NetSpectre

Part of the research that caught the eye of experts was the detail that when exfiltrating memory, “this NetSpectre variant is able to leak 15 bits per hour from a vulnerable target system.”

Kevin Beaumont, a security architect based in the U.K., explained on Twitter what this rate of exfiltration means.

Williams agreed and said that although the NetSpectre attack is “dangerous and interesting,” it is “not worth freaking out about.”

“The amount of traffic required to leak meaningful amounts of data is significant and likely to be noticed,” Williams wrote. “I don’t think attacks like this will get significantly faster. Honestly, the attack could leak 10 to 100 times faster and still be relatively insignificant. Further, when you are calling an API remotely and others call the same API, they’ll impact timing, reducing the reliability of the exploit.”

Gruss wrote by Twitter direct message that since an attacker can use NetSpectre to choose an arbitrary address in memory to read, the impact of the speed of the attack depends on the use case.

“Remotely breaking ASLR (address space layout randomization) within a few hours is quite nice and very practical,” Gruss wrote, adding that “leaking the entire memory is of course completely unrealistic, but this is also not what any attacker would want to do.”

RAMpage attack unlikely to pose real-world risk says expert

A group of researchers developed a proof of concept for a variant of the Rowhammer exploit against Android devices and proved that Google’s protections aren’t enough, but one expert said the RAMpage attack is unlikely to pose a real-world threat.

A team of researchers from Vrije Universiteit Amsterdam, the University of California at Santa Barbara, Amrita University of Coimbatore, India and EURECOM — including many of the researchers behind the Drammer PoC attack upon which RAMpage was built — and created both the RAMpage attack against ARM-based Android devices and a practical mitigation, called GuardION.

According to the researchers, the most likely method for attacking a Rowhammer vulnerability on a mobile device is through a direct memory access (DMA) based attack.

As such, they developed the RAMpage attack, “a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses,” researchers wrote in their research paper. “To mitigate Rowhammer exploitation on ARM, we propose GuardION, a lightweight defense that prevents DMA-based attacks — the main attack vector on mobile devices — by isolating DMA buffers with guard rows.”

The researchers said a successful RAMpage attack could allow a malicious app to gain unauthorized access to the device and read secret data from other apps, potentially including “passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.” However, lead researcher Victor van der Veen was careful to note it is unclear how many devices are at risk because of differences in software.

“With RAMpage, we show that the software defenses that were deployed to stop Drammer attacks are not sufficient. This means that the only remaining requirement is having buggy hardware. Since we have seen bit flips on devices with LPDDR2, LPDDR3, and LPDDR4 memory, we state that all these devices may be affected, although it is uncertain how many,” van der Veen wrote via email. “Local access is required. This means that the attacker must find a way to run code (e.g., an app) on the victim’s device. A second requirement is that the device needs to be vulnerable for the Rowhammer bug: it is unclear what percentage of devices expose this issue.”

In a statement, Google downplayed the dangers of the RAMpage attack: “We have worked closely with the team from Vrije Universiteit and though this vulnerability isn’t a practical concern for the overwhelming majority of users, we appreciate any effort to protect them and advance the field of security research. While we recognize the theoretical proof of concept from the researchers, we are not aware of any exploit against Android devices.”

Google also asserted that newer devices include protections against Rowhammer attacks and “the researcher proof of concept for this issue does not work on any currently supported Google Android devices,” though Google did not specify what qualified as a “currently supported Google Android device.” 

Liviu Arsene, senior e-threat researcher at Romania-based antimalware firm Bitdefender, said this could mean “that ‘currently supported devices’ refers to Android builds to which Google still issues security patches, which means that Android Marshmallow (6.0.) and above may not be susceptible” to the RAMpage attack. According to Google’s latest platform numbers, more than 62% of Android devices in the wild are above this threshold.

However, van der Veen thought Google might be referring to its own handsets.

“I believe they hint at the devices that fall under their Android Reward program, which is basically the Pixel and Pixel 2. We did manage to flip bits on a Pixel, and I think that it is likely that there are Pixel phones out there on which the attack will work,” van der Veen wrote. “I don’t see criminals exploiting the Rowhammer bug in a large-scale fashion. It is more likely to be used in a targeted attack. I do think that Google can do a bit more though.”

Arsene agreed that the RAMpage attack does appear “very difficult and unlikely to happen on a mass scale.”

“Attackers would have to know in advance the type of device the target owns, because some manufacturers and OS builds implement different row sizes (e.g. 32KB, 64KB, 128KB), making the attack significantly more complex and less reliable,” Arsene wrote via email. “Google may be right in saying the attack should not be of concern to average users, but it could be used in highly targeted attacks that involve stealthily compromising the device of a high priority individual. For mass exploitation of Android devices there are likely other, less sophisticated methods, for compromise. Attackers will often go for the path of least resistance that involves maximum efficiency and minimum effort to develop and deploy.”

GuardION defense

Despite the relatively low likelihood of the RAMpage attack being used in the wild, researchers developed a mitigation based on protecting Google’s ION DMA buffer management APIs, which were originally added to Android 4.0.

“The main reason for which defenses fail in practice is because they aim to protect all sensitive information by making sure that they are not affected by Rowhammer bit flips. Hence, they are either impractical or they miss cases,” the researchers wrote in their paper. “Instead of trying to protect all physical memory, we focus on limiting the capabilities of an attacker’s uncached allocations. This enforces a strict containment policy in which bit flips that are triggered by reading from uncached memory cannot occur outside the boundaries of that DMA buffer. In effect, this design defends against Rowhammer by eradicating the ability of the attacker to inject bit flips in sensitive data.”

I think they main message should be that Rowhammer-based exploits are still possible, despite Google’s efforts.
Victor van der VeenPhD candidate in the VUSec group at Vrije Universiteit Amsterdam

Van der Veen added via email, “I think they main message should be that Rowhammer-based exploits are still possible, despite Google’s efforts. I think there is also (scientific) value in our breakdown of other proposed mitigation techniques and how they apply to mobile devices, plus our proposed defense, GuardION.”

GuardION may not be real-world ready either though. The researchers noted that Google said the mitigation technique resulted in too much “performance overhead” in apps, but they continue to work with the Android security team “to figure out what a real-world benchmark looks like so that we can hopefully improve our implementation.”

Arsene said “the existence of security research that exploits hardware vulnerabilities does not necessarily mean that users will be more at risk than before.”

“Some of it is purely academic and the practical applications of weaponizing this type research may never become a reality for the masses,” Arsene wrote. “However, users should realize that unpatched, outdated, and unsupported devices and operating systems will always involve significant security risks to their privacy and data.”

WD My Cloud Mk1 enclosure

My WD My Cloud has developed a fault where it falls off the network every few hours, needing a hard reboot. I’ve tested the drive and its in perfect condition so it mus be an overheating issue with the board.

Any road up, I need a new enclosure. If you have one you don’t require any longer, let me know. It must be a MK1 version with the shiny silver enclosure and not the dull grey one.

Cheers.

Location: Belfast, N. Ireland…

WD My Cloud Mk1 enclosure