Tag: backup
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
Überwachung – Microsoft hat Bitlocker-Schlüssel heimlich an das FBI weitergegeben
Um Windows-Geräte zu entschlüsseln, hat Microsoft Bitlocker-Keys an das FBI übergeben. Möglich ist der Zugang durch eine Backup-Funktion. First seen on computerbase.de Jump to article: www.computerbase.de/news/netzpolitik/ueberwachung-microsoft-hat-bitlocker-schluessel-heimlich-an-das-fbi-weitergegeben.95907
-
Fortinet confirms new zero-day attacks against customer devices
cloud-init@mail.io and cloud-noc@mail.io. Other admin accounts are created with the names: audit, backup, itadmin, secadmin, and support. Mitigation: If these or other IOCs such as IP addresses are identified in configurations or the device logs, the system and its configuration should be considered compromised. Fortinet recommends updating the device to the latest available software release,…
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…
-
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lastpass-phishing-master-passwords/
-
Warum Microsoft-365-Konfigurationen geschützt werden müssen
Tags: access, authentication, backup, ciso, cloud, compliance, framework, least-privilege, mail, mfa, microsoft, office, powershell, risk, zero-trustLesen Sie, warum CISOs den M365-Tenant stärker in den Blick nehmen müssen.Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentliches Element in den Bereichen Kommunikation, Zusammenarbeit und Sicherheit. Dienste wie Entra, Intune, Exchange, Defender, Teams…
-
Don’t click on the LastPass ‘create backup’ link – it’s a scam
Phishing campaign tries to reel in master passwords First seen on theregister.com Jump to article: www.theregister.com/2026/01/21/lastpass_backup_phishing_campaign/
-
Fake Lastpass emails pose as password vault backup alerts
LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-lastpass-emails-pose-as-password-vault-backup-alerts/
-
LastPass warns backup request is phishing campaign in disguise
The company said customers were sent deceptive emails over the holiday weekend claiming the company was doing maintenance.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/backup-request-phishing-campaign-lastpass/810083/
-
LastPass warns backup request is phishing campaign in disguise
The company said customers were sent deceptive emails over the holiday weekend claiming the company was doing maintenance.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/backup-request-phishing-campaign-lastpass/810083/
-
Backup request is actually a phishing campaign, LastPass warns
The company said customers were sent deceptive emails over the holiday weekend claiming the company was doing maintenance.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/backup-request-phishing-campaign-lastpass/810083/
-
For cyber risk assessments, frequency is essential
Tags: access, authentication, backup, breach, ciso, cloud, compliance, cyber, cyberattack, cybersecurity, data, data-breach, exploit, framework, GDPR, infrastructure, mitigation, network, password, radius, ransomware, regulation, risk, risk-assessment, risk-management, strategy, tool, vulnerabilityIdentifying vulnerabilities: A cyber risk assessment helps to identify security gaps in a company’s IT infrastructure, networks, and systems. This provides the opportunity to eliminate these vulnerabilities before they can be exploited by cybercriminals.Prioritize risk management measures: Not every system is critical, and not all of a company’s data is equally important. The results of the risk…
-
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords.The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults…
-
Insider risk in an age of workforce volatility
Tags: access, ai, api, authentication, automation, backdoor, backup, china, ciso, control, credentials, cyber, cybersecurity, data, data-breach, exploit, framework, governance, government, identity, jobs, least-privilege, malicious, mitigation, monitoring, network, risk, strategy, supply-chain, threat, zero-trustEarly warnings: The machine as insider risk/threat: These dynamics are not emerging in a vacuum. They represent the culmination of warnings that have been building for years.As early as 2021, in my CSO opinion piece “Device identity: The overlooked insider threat,” Rajan Koo (then chief customer officer at DTEX Systems, now CTO) observed: “There needs…
-
Cybersichere Backups: Backup ist keine Lebensversicherung für Daten
Geballte Kompetenz mit höchstem Know-how für Cybercrime und Cybersicherheit konnte das Polizeipräsidium Köln als Veranstalter knapp 100 Unternehmen seiner Stadt anbieten. Mitveranstalter waren das DIGITAL.SICHER.NRW als Kompetenzzentrum für Cybersicherheit in der Wirtschaft, die IHK Köln, die Handwerkskammer Köln sowie IT-Sicherheitsberater und Backup-Experten. Diese vermittelten passende Strategien, um möglichen Cyberangriffen mit maximaler Abwehr zu begegnen. ……
-
Iran’s partial internet shutdown may be a windfall for cybersecurity intel
only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs…
-
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.The list of vulnerabilities is as follows -CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated First seen on thehackernews.com Jump to…
-
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.The list of vulnerabilities is as follows -CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated First seen on thehackernews.com Jump to…
-
Wasabi Covert Copy – Unsichtbare Backups für ‘Hot Cloud Storage”
First seen on security-insider.de Jump to article: www.security-insider.de/unsichtbare-backups-fuer-hot-cloud-storage-a-df8115fa72bd118d617eddcfb300b784/
-
Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files
Tags: access, backup, credentials, cve, cvss, cybersecurity, data, exploit, jobs, malicious, monitoring, password, ransomware, remote-code-execution, risk, risk-management, sans, threat, update, veeam, vulnerabilityCVE-2025-59470 (with a CVSS score of 9) allows a Backup or Tape Operator to perform remote code execution (RCE) as the Postgres user by sending a malicious interval or order parameter;CVE-2025-59469 (with a severity score of 7.2) allows a Backup or Tape Operator to write files as root;CVE-2025-55125 (with a severity score of 7.2) allows a Backup…
-
Neue Ransomware-Bedrohung zielt auf deutsche Unternehmen
Tags: backup, ciso, cloud, cyberattack, encryption, extortion, firewall, germany, infrastructure, intelligence, network, ransomware, threat, tool, vmware, vulnerabilityDer Ransomware-Dienst Ransomhouse nutzt jetzt eine komplexe Dual-Schlüssel-Verschlüsselung und automatisierte Angriffe auf VMware ESXi.Sicherheitsexperten haben kürzlich festgestellt, dass die Ransomware-Gruppe Jolly Scorpius ihren RaaS-(Ransomware as a Service)-Dienst Ransomhouse massiv verbessert hat. Wie das Threat-Intelligence-Team von Palo Alto Networks berichtet, nutzt die Gruppe jetzt ein fortschrittliches duales Verschlüsselungssystem.Die Angriffe basieren auf einer aktualisierten Version des Verschlüsselungs-Trojaner…
-
New Veeam vulnerabilities expose backup servers to RCE attacks
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-veeam-vulnerabilities-expose-backup-servers-to-rce-attacks/
-
Veeam resolves CVSS 9.0 RCE flaw and other security issues
Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released patches for multiple Backup & Replication flaws, including a critical RCE vulnerability tracked as CVE-2025-59470 (CVSS score of 9.0). A Backup or Tape Operator can achieve remote code execution as the postgres user by abusing…
-
Veeam resolves CVSS 9.0 RCE flaw and other security issues
Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released patches for multiple Backup & Replication flaws, including a critical RCE vulnerability tracked as CVE-2025-59470 (CVSS score of 9.0). A Backup or Tape Operator can achieve remote code execution as the postgres user by abusing…
-
Veeam resolves CVSS 9.0 RCE flaw and other security issues
Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released patches for multiple Backup & Replication flaws, including a critical RCE vulnerability tracked as CVE-2025-59470 (CVSS score of 9.0). A Backup or Tape Operator can achieve remote code execution as the postgres user by abusing…