Security News

Hackers target vulnerable Veeam backup servers exposed online
2023-04-29 14:41

Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs. Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication software.

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
2023-04-25 04:33

"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," Google's Christiaan Brand said. The update, which also brings a new icon to the two-factor authenticator app, finally brings it in line with Apple's iCloud Keychain and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones.

CISA orders agencies to patch Backup Exec bugs used by ransomware gang
2023-04-07 21:07

On Friday, U.S. Cybersecurity and Infrastructure Security Agency increased by five its list of security issues that threat actors have used in attacks, three of them in Veritas Backup Exec exploited to deploy ransomware. Of the five vulnerabilities that CISA added to the catalog of Known Exploited Vulnerabilities today, only one was rated critical, an issue in Veritas' data protection software tracked as CVE-2021-27877 that allows remote access and command execution with elevated privileges.

ALPHV ransomware exploits Veritas Backup Exec bugs for initial access
2023-04-04 15:43

An ALPHV/BlackCat ransomware affiliate was observed exploiting three vulnerabilities impacting the Veritas Backup product for initial access to the target network. Mandiant tracks the ALPHV affiliate as 'UNC4466' and notes that the method is a deviation from the typical intrusion that relies on stolen credentials.

World Backup Day is here again – 5 tips to keep your precious data safe
2023-03-31 18:14

I've still lost access to data for a whole truckload of other reasons, mostly down to simple but regrettable mistakes such as saving over the wrong file, wiping the wrong device, uploading last month's data over this month's data in the cloud, or even just realising I'd left my laptop at home when I really needed to look something up on it. Given that it's World Backup Day today, here are five short and simple tips for keeping your precious data safe.

Top 5 security risks for enterprise storage, backup devices
2023-03-23 04:00

An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, according to Continuity. The findings underscore a significant gap in the state of enterprise storage and backup security, and shows how much it lags behind the security of other layers of IT. With the growing sophistication of data-centric attacks, the high volumes of data at risk and tightened regulations, enterprise storage and backup security clearly require urgent attention.

Data backup, security alerts, and encryption viewed as top security features
2023-03-21 04:00

Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra's Security Features Survey. Digging further, businesses share the types of security features they consider to be "Must-haves." 76% cite data backups as a dealbreaker when choosing software.

Validated Storage for Commvault Backup & Recovery
2023-03-20 12:00

TechRepublic Premium Electronic communication policy This policy from TechRepublic Premium provides guidelines for the appropriate use of electronic communications. It covers topics such as privacy, confidentiality and security; ensures electronic communications resources are used for appropriate purposes; informs employees regarding the applicability of laws and company policies to electronic communications; and prevents disruptions to and misuse of company electronic communications .....

Veeam Backup & Replication admins, get patching! (CVE-2023-27532)
2023-03-10 05:45

Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. The nature of CVE-2023-27532 has not been explained - Veeam only says that "The vulnerable process, Veeam.Backup.Service.exe, allows an unauthenticated user to request encrypted credentials."

Veeam fixes bug that lets hackers breach backup infrastructure
2023-03-08 18:13

Veeam urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software.The flaw was reported in mid-February by a security researcher known as Shanigen, and it affects all Veeam Backup & Replication versions.