Security News

In this video for Help Net Security, Jon Fielding, Managing Director at Apricorn, talks about a survey of thousands of Twitter users, around their personal and corporate data and backup habits, processes and procedures. The survey found that over 50% of respondents couldn't remember when, or even if, they have backed up any of their personal data.

In this video fro Help Net Security, Anthony Cusimano, Solutions Evangelist at Veritas, talks about the current state of enterprise backup and recovery. In the wake of the World Backup Day, enterprise backup and recovery has reached new levels of importance.

Tomorrow is 31 March 2022, and the last day of March is World Backup Day. Even if you don't regularly backup every data file you've ever created.

Cyberattackers are targeting uninterruptible power supply devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are high.

Deadbolt ignores the desktops and laptops on your network, instead finding and attacking vulnerable network-attached storage devices directly over the internet. If you'd inadvertently set up your backup device so that its web portal was accessible from the "Internet side" of your network connection - the port that's probably labelled WAN on your router, short for wide-area network - then anyone who knew the security hole patched in QSA-21-57 could attack your backup files directly.

Veeam Software has patched two critical vulnerabilities affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code.Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.

WordPress plugins need to be kept up-to-date just as keenly as WordPress itself. That's why we thought we'd write about a recent warning from the creators of Updraft and Updraft Plus, which are free and premium plugins respectively that are dedicated to backing up, restoring and cloning WordPress sites.

Rather it's more likely to be used very selectively, at least on those that haven't patched. The advisory [PDF] recommends only one type of password, Cisco's Type 8, which uses either Password-Based Key Derivation Function version 2, SHA-256, an 80-bit salt - one NSA wit described it as "What Type 4 was meant to be," in the document.

Patches have been issued to contain a "Severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, allowing untrusted users access to backups," the maintainers of the plugin said in an advisory published this week.

The WordPress plug-in "UpdraftPlus" was patched on Wednesday to correct a vulnerability that left sensitive backups at risk, potentially exposing personal information and authentication data. UpdraftPlus is a tool for creating, restoring and migrating backups for WordPress files, databases, plug-ins and themes.