Security News

Tomorrow is 31 March 2022, and the last day of March is World Backup Day. Even if you don't regularly backup every data file you've ever created.

Cyberattackers are targeting uninterruptible power supply devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are high.

Deadbolt ignores the desktops and laptops on your network, instead finding and attacking vulnerable network-attached storage devices directly over the internet. If you'd inadvertently set up your backup device so that its web portal was accessible from the "Internet side" of your network connection - the port that's probably labelled WAN on your router, short for wide-area network - then anyone who knew the security hole patched in QSA-21-57 could attack your backup files directly.

Veeam Software has patched two critical vulnerabilities affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code.Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.

WordPress plugins need to be kept up-to-date just as keenly as WordPress itself. That's why we thought we'd write about a recent warning from the creators of Updraft and Updraft Plus, which are free and premium plugins respectively that are dedicated to backing up, restoring and cloning WordPress sites.

Rather it's more likely to be used very selectively, at least on those that haven't patched. The advisory [PDF] recommends only one type of password, Cisco's Type 8, which uses either Password-Based Key Derivation Function version 2, SHA-256, an 80-bit salt - one NSA wit described it as "What Type 4 was meant to be," in the document.

Patches have been issued to contain a "Severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, allowing untrusted users access to backups," the maintainers of the plugin said in an advisory published this week.

The WordPress plug-in "UpdraftPlus" was patched on Wednesday to correct a vulnerability that left sensitive backups at risk, potentially exposing personal information and authentication data. UpdraftPlus is a tool for creating, restoring and migrating backups for WordPress files, databases, plug-ins and themes.

Ransomware merchants know that corrupting your backups means you will have little choice but to pay up. Protecting your backups then is crucial to ensuring you're able to recover from an attack.

The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. The incident occurred between December 14 and 16, 2021, and resulted in 34 million files from 14 research groups being wiped from the system and the backup file.