Archive for July 1, 2021

Keyfactor and PrimeKey Finalize Merger Under The Keyfactor Brand

Posted in Commentary with tags on July 1, 2021 by itnerd

Keyfactor and PrimeKey today announced they have completed their previously reported merger under the Keyfactor brand.

Keyfactor, the pioneer of PKI as-a-Service, and leader in machine identity management, provides certificate lifecycle automation and crypto-agility solutions. PrimeKey’s EJBCA software offers the most flexible private PKI (public key infrastructure) and certificate authority (CA) supporting DevOps, IoT, manufacturing and enterprise use cases. Combined, both solutions created the industry’s first end-to-end machine identity management platform – with flexible and highly scalable certificate issuance and automated deployment of machine identities across complex enterprise and emerging IoT and OT use cases.

In 2020, Keyfactor and PrimeKey announced a technology integration partnership. The integration combined Keyfactor’s Certificate Automation with PrimeKey’s EJBCA Enterprise product, offering Keyfactor and PrimeKey customers end-to-end visibility and automation to all private and publicly issued certificates via a single platform.

Keyfactor is the leader in cloud-first PKI-as-a-Service and crypto-agility solutions. Its Crypto-Agility Platform empowers security teams to seamlessly orchestrate every key and certificate across their entire enterprise. The company helps its customers apply cryptography in the right way from modern, multi-cloud enterprises to complex IoT supply chains.

With decades of cybersecurity experience, Keyfactor is trusted by more than 500 enterprises across the globe. PrimeKey is one of the world’s leading PKI and signing solutions providers and has developed several innovative products, including EJBCA Enterprise, SignServer Enterprise, PKI Appliance, PrimeKey SEE and Identity Authority Manager. As a pioneer in open-source security software, PrimeKey provides global businesses and organizations the ability to implement vital security solutions, such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation. PrimeKey products are Common Criteria and FIPS-certified, the company’s internal processes are ISO 9001, 14001 and 27001 certified and it has numerous Webtrust/ETSI and eIDAS-audited customers.

Another Exploit Involving Western Digital My Book Live Drives Is On The Streets

Posted in Commentary with tags , on July 1, 2021 by itnerd

Western Digital My Book Live NAS drive owners have a new problem to worry about. After having some of these drives remotely wiped last week, it now seems that these drives were subject to attacks from two different hacker groups who have a “beef” which each other. What’s worse is that this has brought to light a second exploit that was previously unknown.

Initially, after the news broke on Friday, it was thought a known exploit from 2018 was to blame, allowing attackers to gain root access to the devices. However, it now seems that a previously unknown exploit was also triggered, allowing hackers to remotely perform a factory reset without a password and to install a malicious binary file. A statement from Western Digital, updated today, reads: “My Book Live and My Book Live Duo devices are under attack by exploitation of multiple vulnerabilities present in the device … The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device has remote access enabled. This vulnerability may be exploited to run arbitrary commands with root privileges. Additionally, the My Book Live is vulnerable to an unauthenticated factory reset operation which allows an attacker to factory reset the device without authentication. The unauthenticated factory reset vulnerability [has] been assigned CVE-2021-35941.” 

Analysis of WD’s firmware suggests code meant to prevent the issue had been commented out, preventing it from running, by WD itself, and an authentication type was not added to component_config.php which results in the drives not asking for authentication before performing the factory reset. The question then arises of why one hacker would use two different exploits, particularly an undocumented authentication bypass when they already had root access through the command injection vulnerability, with venerable tech site Ars Technica speculating that more than one group could be at work here, with one bunch of bad guys trying to take over, or sabotage, another’s botnet.

Western Digital has advised users to disconnect these drives from the internet. And they are also offering data recovery services beginning in July, and a trade-in program to switch the obsolete My Book Live drives for more modern My Cloud devices. All of which they hope will limit the number of people who sue them. Which to be frank they deserve as Western Digital has really dropped the ball on this one.