A second exploit has emerged in the sad WD My Book Live data deletion saga

It looks like there may have been more than one exploit used to cause the mass deletion of data from WD My Book Live NASes last week, according to a report from Ars Technica. When news broke that people were finding that their data was missing, some (including WD itself), pointed to a known exploit from 2018, which allowed for root access of the device. However, it appears as though there’s more going on than was initially suspected.

If you have one of these devices, you should unplug it from the internet before reading any further — it’s clear at this point that your data is at risk if the device is online.

The second exploit, reported by Ars Technica, doesn’t give an attacker full control over the device like the other exploit. It just allows them to remotely wipe the device without having to know the password. Tragically for those who lost data, it seems that code that would’ve prevented this was actually present in the WD My Book Live’s software, but it appears to have been commented out (or deactivated) by WD at some point — because of this change, the software didn’t run authentication when asked to do a factory reset.

WD had stopped supporting these devices in 2015. While the exploit has been around since at least then, it’s not necessarily a scenario where an obvious security issue persisted through years and years of updates. The question still remains, though, as to why hackers decided to factory reset the devices.

Ars Technica has a wild theory, based on analysis by security firm Censys: the data deletion happened as the result of a fight between hackers, with one botnet owner potentially trying to take over or disrupt another’s. One hacker (or group of hackers) was using the known exploit to control the devices for some nefarious purposes. Then, another entity used the unknown remote wipe exploit to erase those devices. It likely would’ve removed the first entity’s access to the hardware — but users’ data was caught in the crossfire.

The theory does make sense, given the competing nature of the exploits used. (Why would a hacker burn a previously unreported exploit to factory reset the machines after already having root access?) For its part, WD told Ars that it could confirm that both exploits were used, at least in some cases. The company said it was “not clear why the attackers exploited both vulnerabilities,” but noted that it would update its security advisory about the second exploit.

The Verge didn’t immediately receive a response when it reached out to WD for comment on the findings.

Repost: Original Source and Author Link


Senua’s Saga: Hellblade 2 Development Detailed In New Video

While it wasn’t shown at all during Xbox & Bethesda’s E3 Game Showcase, Senua’s Saga: Hellblade 2 did make a short appearance during the Xbox Games Showcase Extended. However, the video shown wasn’t a trailer or gameplay reveal, according to Tameem Antoniades, the chief creative ninja at Ninja Theory. Instead, it was a “montage of the kind of work we’ve been up to.”

Antoniades says that the game is still very much in development at Ninja Theory. “What we’re doing right now is building a good, chunky slice of the game before we then move into full production to build out the rest.” He went on to say that, despite its name, Senua’s Saga: Hellblade 2 is not a “straight sequel,” but rather “something extra special.” The game will still follow the same character in the same setting, ninth-century Iceland.

The team at Ninja Theory has been flown out to the country to photograph land to recreate in the game and has been building costumes to scan into the game. Players should also expect some high-quality animation from the game, with Milena Juergens, the actress for Senua, undergoing two years of training. The game’s animators have also been undergoing combat training, to get a better idea of the movements that come with swinging a sword or ax.

While, today’s video shown at the Xbox Games Showcase Extended didn’t show any real gameplay, there were some snippets here or there of Senua walking. Otherwise, it was filled with sparse footage of combat being filmed, along with trippy visuals. The trailer did have a voice-over from Senua that may hint at the game’s story. The video ended with the line :”They may see them as gods, but we will show them what lies behind our eyes.”

Editors’ Choice

Repost: Original Source and Author Link


Microsoft shares a behind-the-scenes look at ‘Senua’s Saga: Hellbade II’ development

It’s been nearly two years since Microsoft announced Senua’s Saga: Hellblade II at The Game Awards in late 2019. Since then, we’ve heard little about the sequel to one of 2017’s best games. But during the company’s second E3 showcase, Microsoft shared an update on the title — only it wasn’t your usual progress report.

Instead of a new cinematic trailer or gameplay reveal, Ninja Theory founder Tameem Antoniades detailed some of the work that’s been going into the game before it enters full production. For example, he said the studio has sent out art and audio teams to photograph and capture Iceland. Alongside satellite imagery, Ninja Theory plans to use those materials to recreate “large sways” of the country’s landscape within the game. 

The studio has also been making actual costumes that it’s been scanning into the Unreal engine. To make combat “extra real and brutal, actor Melina Juergens has been training for the past two years and “all of our animators have undergone combat training.” That’s not something you expect your average game developer to say, but then this is Tameem Antoniades we’re talking about.

What the montage makes clear is that the scope of Hellblade II will be different from its predecessor. A team of about 20 people made the first game, with Ninja Theory styling the project as an independent AAA game. The work Antoniades described makes Hellblade II sound like a much more ambitious project.  

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link


LEGO Star Wars: The Skywalker Saga hit with a delay

We’ve been waiting on LEGO Star Wars: The Skywalker Saga for a couple of years now, but now it seems we’ll have to wait a bit longer. Traveller’s Tales announced today that the game has been delayed beyond its original spring release, though the company was exceptionally light on details when it came to why the game is being delayed.

In truth, we never had a specific release date for LEGO Star Wars: The Skywalker Saga to begin with, but now its release timing has become even more of a nebulous concept. While Traveller’s Tales announced the game’s delay today, it didn’t actually provide us with a new release date or even a release window. You can see the studio’s statement on the delay embedded in the tweet below.

“All of us at TT Games are working hard to make LEGO Star Wars: The Skywalker Saga the biggest and best-ever LEGO game – but we’re going to need more time to do it,” the studio said. “We won’t be able to make our intended Spring release date, but will provide update launch timing as soon as possible.”

Unfortunately for us, that statement makes no indication of how far along in development The Skywalker Saga is. That makes predicting new releasing timing impossible, so we could be waiting a matter of months or we could be looking at a release that’s been pushed back further than that. With Traveller’s Tales originally targeting a spring release, the hope is that the studio closing in on the finish line and just needs more time to apply some polish and quash some bugs, but without more from the company, that’s just pure speculation on our part.

It seems safe to assume that LEGO Star Wars: The Skywalker Saga is going to be a pretty big when game when it finally does release, as it’ll feature gameplay centered around all 9 mainline Star Wars movies. We’ll let you know when there are more details to share, so stay tuned for more.

Repost: Original Source and Author Link