The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: cloud storage

Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices

Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices

January 05, 2018Swati Khandelwal
Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital's My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. Western Digital's My Cloud (WDMyCloud) is one of the most popular network-attached storage devices which is being used by individuals and businesses to host their files, and automatically backup and sync them with various cloud and web-based services. The device lets users not only share files in a home network, but the private cloud feature also allows them to access their data from anywhere at any time. Since these devices have been designed to be connected over the Internet, the hardcoded backdoor would leave user data open to hackers. GulfTech research and development team has recently published an advisory detailing a hardcoded backdoor and several vulnerabilities it found in WD My Cloud storage devices that could allow remote attackers to
How A Simple Command Typo Took Down Amazon S3 and Big Chunk of the Internet

How A Simple Command Typo Took Down Amazon S3 and Big Chunk of the Internet

March 03, 2017Swati Khandelwal
The major internet outage across the United States earlier this week was not due to any virus or malware or state-sponsored cyber attack, rather it was the result of a simple TYPO. Amazon on Thursday admitted that an incorrectly typed command during a routine debugging of the company's billing system caused the 5-hour-long outage of some Amazon Web Services (AWS) servers on Tuesday. The issue caused tens of thousands of websites and services to become completely unavailable, while others show broken images and links, which left online users around the world confused. The sites and services affected by the disruption include Quora, Slack, Medium, Giphy, Trello, Splitwise, Soundcloud, and IFTTT, among a ton of others. Here's What Happened: On Tuesday morning, members of Amazon Simple Storage Service (S3) team were debugging the S3 cloud-storage billing system. As part of the process, the team needed to take a few billing servers offline, but unfortunately, it end
Download: 68 Million Hacked Dropbox Accounts are Just a Click Away!

Download: 68 Million Hacked Dropbox Accounts are Just a Click Away!

October 04, 2016Swati Khandelwal
Over a month ago, The Hacker News reported about the Dropbox Hack , where hackers had managed to steal more than 68 Million Dropbox accounts in a data breach that was initially disclosed by the online cloud storage platform in 2012. Although the initial announcement failed to reveal the true scale of the data breach, it was in late August when the breach notification service LeakBase obtained files containing details on over 68 million accounts, which contains email addresses and hashed passwords for Dropbox users. Last month, a hacker was selling this Dropbox data dump on a Dark Web marketplace known as TheRealDeal for around $1200 . However, Motherboard recently discovered that a researcher has just uploaded the full dump of hacked Dropbox database online. Download DropBox Data Dump Here: Thomas White, known online as The Cthulhu, uploaded Monday the full Dropbox data dump onto his website in a move, as he claims, to help security researchers examine the data breach.
WebUSB API — Connect Your USB Devices Securely to the Internet

WebUSB API — Connect Your USB Devices Securely to the Internet

April 12, 2016Swati Khandelwal
Two Google engineers have developed a draft version of an API called WebUSB that would allow you to connect your USB devices to the Web safely and securely, bypassing the need for native drivers. WebUSB – developed by Reilly Grant and Ken Rockot – has been introduced to the World Wide Web Consortium's Web Incubator Community Group (W3C WICG), is build to offer a universal platform that could be adopted by browser makers in future versions of their software. Connecting USB Devices to the Web WebUSB API allows USB-connected devices, from keyboards, mice, 3D printers and hard drives to complex Internet of Things (IoTs) appliances, to be addressed by Web pages. The aim is to help hardware manufacturers have their USB devices work on any platform, including Web, without having any need to write native drivers or SDKs for a dedicated platform. Besides controlling the hardware, a Web page could also install firmware updates as well as perform other essential tasks. Howev
Avira Vulnerability Puts Users' Online Backup Data At Risk

Avira Vulnerability Puts Users' Online Backup Data At Risk

September 20, 2014Wang Wei
A popular Anti-virus software Avira that provides free security software to its customers with Secure Backup service is vulnerable to a critical web application vulnerability that could allow an attacker to take over users’ account, putting millions of its users’ account at risk. Avira is very popular for their free security software that comes with its own real-time protection module against malware and a secure backup service. Avira was considered to be the sixth largest antivirus vendor in 2012 with over 100 million customers worldwide. A 16 year-old security researcher ‘ Mazen Gamal ’ from Egypt told The Hacker News that Avira Website is vulnerable to CSRF (Cross-site request forgery) vulnerability that allows him to hijack users’ accounts and access to their online secure cloud backup files. CSRF VULNERABILITY TO  ACCOUNT TAKEOVER Cross-Site Request Forgery (CSRF or XSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate
How to encrypt your files before uploading to Cloud Storage using CloudFogger

How to encrypt your files before uploading to Cloud Storage using CloudFogger

January 16, 2014Anonymous
In this Internet savvy generation, we want all of our data to be secured at some place. Having backups of your data is always a good idea, whether that data is stored in the Cloud or on your computer. But everyone who is following the Edward Snowden leaks of the NSA 's PRISM program now pushed to hardening their Mobile devices and computers for security, privacy, and anonymity. There are many Free Cloud storage providers including  Google Drive ,  Dropbox, Box, RapidShare, Amazon Cloud Drive, Microsoft SkyDrive  and many more. These services have a limitation that all data is unencrypted, or even if it is encrypted, the encryption keys are still generated by the company's software, meaning the company still has an access to your data. So as an end user, we must think about the security and privacy of our data. We should first encrypt our files on the system level and then upload a copy of it on the cloud storage. For this a robust and highly user friendly tool called Cloud
Smartphones cache poses huge risk for Cloud Storage Security

Smartphones cache poses huge risk for Cloud Storage Security

March 27, 2013Wang Wei
A couple of years ago, the tech world was abuzz about the cloud. Cloud computing refers to computing where the processing or storage takes place on a networked series of computers rather than on the device that you’re using. Whether you’re using a PC, laptop, tablet, smartphone, television, or video game console, everything now connected to Cloud Storage and always in sync. But there is a limitation, that smartphones can essentially remember deleted information, which poses a huge risk to organizations that issue smartphones to employees and to organizations that don't explicitly disable the use of personal devices for work-related computing. Researchers at the University of Glasgow found that cloud storage apps that say they send files to the cloud also leave retrievable versions of files on the devices. They  tested some cloud-based file storage systems tested included Box, Dropbox and SugarSync on HTC Desire, running Android 2.1, and an iPhone 3S running iOS 3. They found tha
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.