Security News
Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs. Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication software.
"This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," Google's Christiaan Brand said. The update, which also brings a new icon to the two-factor authenticator app, finally brings it in line with Apple's iCloud Keychain and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones.
On Friday, U.S. Cybersecurity and Infrastructure Security Agency increased by five its list of security issues that threat actors have used in attacks, three of them in Veritas Backup Exec exploited to deploy ransomware. Of the five vulnerabilities that CISA added to the catalog of Known Exploited Vulnerabilities today, only one was rated critical, an issue in Veritas' data protection software tracked as CVE-2021-27877 that allows remote access and command execution with elevated privileges.
An ALPHV/BlackCat ransomware affiliate was observed exploiting three vulnerabilities impacting the Veritas Backup product for initial access to the target network. Mandiant tracks the ALPHV affiliate as 'UNC4466' and notes that the method is a deviation from the typical intrusion that relies on stolen credentials.
I've still lost access to data for a whole truckload of other reasons, mostly down to simple but regrettable mistakes such as saving over the wrong file, wiping the wrong device, uploading last month's data over this month's data in the cloud, or even just realising I'd left my laptop at home when I really needed to look something up on it. Given that it's World Backup Day today, here are five short and simple tips for keeping your precious data safe.
An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, according to Continuity. The findings underscore a significant gap in the state of enterprise storage and backup security, and shows how much it lags behind the security of other layers of IT. With the growing sophistication of data-centric attacks, the high volumes of data at risk and tightened regulations, enterprise storage and backup security clearly require urgent attention.
Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra's Security Features Survey. Digging further, businesses share the types of security features they consider to be "Must-haves." 76% cite data backups as a dealbreaker when choosing software.
TechRepublic Premium Electronic communication policy This policy from TechRepublic Premium provides guidelines for the appropriate use of electronic communications. It covers topics such as privacy, confidentiality and security; ensures electronic communications resources are used for appropriate purposes; informs employees regarding the applicability of laws and company policies to electronic communications; and prevents disruptions to and misuse of company electronic communications .....
Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. The nature of CVE-2023-27532 has not been explained - Veeam only says that "The vulnerable process, Veeam.Backup.Service.exe, allows an unauthenticated user to request encrypted credentials."
Veeam urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software.The flaw was reported in mid-February by a security researcher known as Shanigen, and it affects all Veeam Backup & Replication versions.