Tag: backup

Commvault Backup Suite Flaws Allow Attackers to Breach On-Premises Systems

Aug 21, 2025 1:55 PM

Tags: backup, breach, cyber, data, flaw, remote-code-execution, software, threat, vulnerability

Security researchers have uncovered a critical series of vulnerabilities in Commvault’s backup and data management software that could enable attackers to achieve remote code execution and compromise on-premises infrastructure. The flaws, discovered by Watchtowr Labs, represent a significant threat to organizations relying on Commvault’s widely-deployed backup solutions. The vulnerability chain consists of four distinct security…
Commvault plugs holes in backup suite that allow remote code execution

Aug 20, 2025 4:55 PM

Tags: backup, remote-code-execution, vulnerability

Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/commvault-backup-suite-vulnerabilities-fixed/
Backup in SaaS-Umgebungen in der Praxis

Aug 20, 2025 1:54 PM

Tags: backup, cloud, microsoft, saas

Die Datensicherung für Cloud- und Onpremises-Konzepte sollten effizient unter einer Plattform erfolgen und zudem unveränderlichen Speicher unterstützen. Ein mittelständisches Bauunternehmen gibt Einblicke, wie es diese Herausforderung für Microsoft-365 mit Arcserve innerhalb kurzer Zeit gemeistert hat. Traditionelle oder veraltete Backup-Lösungen können kaum noch den adäquaten Schutz für die Daten leisten weder hinsichtlich eines klassischen Ausfalls […]…
Ein Viertel der CISOs wird nach Ransomware-Angriff entlassen

Aug 19, 2025 2:54 PM

Tags: backup, ceo, cio, ciso, cyberattack, group, incident response, mail, phishing, ransomware, rat, risk, sophos, vulnerability

Nach einem Ransomware-Angriff werden CISOs oft dafür verantwortlich gemacht und gekündigt. Laut einem aktuellen Bericht von Sophos haben CISOs eine Chance von eins zu vier, dass ihr Arbeitsplatz einen erfolgreichen Ransomware-Angriff nicht übersteht. Die Ergebnisse des Berichts sind ein Weckruf für Sicherheitsverantwortliche, unabhängig davon, ob sie für solche Angriffe verantwortlich gemacht werden oder über die…
Singapore issues critical alert on Dire Wolf ransomware targeting global tech and manufacturing firms

Aug 19, 2025 1:54 PM

Tags: attack, authentication, backup, business, compliance, control, credentials, cyber, data, defense, email, endpoint, extortion, insurance, intelligence, leak, malicious, mfa, msp, network, phishing, ransom, ransomware, resilience, risk, supply-chain, threat, update

Ripple effects on global enterprises: The global business fallout of Dire Wolf ransomware attacks is significant and poses a multi-layered, high-impact threat to global enterprises.”Its attacks directly disrupt operations and supply chains, particularly in manufacturing and tech, leading to production delays, revenue loss, and downstream customer impact,” said Manish Rawat, analyst at TechInsights. “Financial impact…
Royal Enfield Reportedly Targeted in Ransomware Attack, Hackers Claim Data Encryption

Aug 12, 2025 12:12 PM

Tags: attack, backup, breach, cyber, cybersecurity, data, encryption, hacker, ransomware

Royal Enfield, the storied motorcycle manufacturer celebrated for its classic designs and global fan base, is reportedly grappling with a significant cybersecurity breach. A hacker collective posted a “Complete Breach Notice” on an underground forum, claiming full system compromise at Royal Enfield Corporation. According to the notice, all servers have been encrypted and backups wiped,…
9 things CISOs need know about the dark web

Aug 12, 2025 10:12 AM

Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-day

New groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
Rubrik und Sophos stärken gemeinsam die Cyberresilienz von Microsoft 365

Aug 7, 2025 5:11 PM

Tags: backup, detection, microsoft, sophos

Das Cybersicherheitsunternehmen Rubrik und Sophos haben eine strategische Partnerschaft bekannt gegeben. Gemeinsam bringen sie ‘Sophos M365 Backup and Recovery Powered by Rubrik” auf den Markt die erste für Managed-Detection and Response (MDR) optimierte Microsoft-365-Backup- und Recovery-Lösung, die vollständig in Sophos-Central, der Sicherheitsplattform von Sophos, integriert ist. Die neue Lösung unterstützt IT- und Cybersicherheitsteams, indem […]…
Sophos und Rubrik stärken gemeinsam die Cyberresilienz von Microsoft 365

Aug 7, 2025 3:11 PM

Tags: backup, microsoft, sophos

Das Cybersicherheitsunternehmen Rubrik (NYSE: RBRK) und der weltweit führende Security-Anbieter Sophos haben eine strategische Partnerschaft angekündigt. Gemeinsam stellen sie eine neue Lösung vor: ‘Sophos M365 Backup and Recovery Powered by Rubrik” First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-und-rubrik-staerken-gemeinsam-die-cyberresilienz-von-microsoft-365/a41644/
Windows tips for reducing the ransomware threat

Aug 7, 2025 10:11 AM

Tags: access, attack, authentication, backup, breach, cloud, computer, control, credentials, government, identity, infrastructure, login, mfa, microsoft, monitoring, network, ntlm, passkey, privacy, ransomware, risk, service, threat, windows

Susan Bradley / CSOIdeally you should have no such protocols observed.
Ransomware goes cloud native to target your backup infrastructure

Aug 5, 2025 10:28 AM

Tags: access, api, authentication, backup, cloud, container, control, credentials, cybercrime, data, defense, exploit, google, group, identity, infrastructure, least-privilege, linkedin, linux, malicious, malware, mfa, north-korea, ransomware, social-engineering, strategy, threat, vulnerability, vulnerability-management

Credential compromise and misconfiguration woes: More sophisticated threat groups have developed social engineering techniques to the point where they reliably trick targets into helping them to bypass multi-factor authentication (MFA) controls before ransacking compromised cloud-hosted environments.For example, threat actors are using compromised OAuth tokens to bypass MFA and inject malicious code into developer ecosystems via…
Ransomware attacks: The evolving extortion threat to US financial institutions

Aug 4, 2025 2:28 PM

Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trust

Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…
Google Cloud: Threat Actors Increasingly Target Backups Take These Steps Now

Aug 2, 2025 12:28 PM

Tags: backup, best-practice, cloud, google, strategy, threat

Defensive strategy best practices are included in Google’s latest cloud security report. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-cloud-h1-2025-threat-horizons-report/
Summer: Why cybersecurity must be strengthened as vacations abound

Aug 1, 2025 9:28 AM

Tags: access, ai, attack, authentication, automation, awareness, backup, control, corporate, credentials, cybersecurity, data, detection, email, encryption, exploit, infrastructure, malicious, mfa, monitoring, network, office, password, resilience, risk, theft, threat, tool, training, update, usa, vpn, wifi

Guillermo Fernandez, Sales Engineer for Southern Europe at WatchGuard Technologies. WatchGuard Technologies.Another important point is that, during the summer, attackers know that many IT and cybersecurity teams are operating with more limited resources or with staff on vacation. “They take advantage of this to launch phishing campaigns and other targeted attacks, aware that attention and vigilance often…
Mehr Backup-Kontrolle mit integrierten Immutable- und Datenresilienz-Funktionen

Jul 31, 2025 4:28 PM

Tags: backup, cloud, cyber, data, ransomware, resilience

Smarte Ransomware-Abwehr: Neue integrierte Unveränderbarkeit und Data-Resilience-Funktionen von Arcserve bieten mehr Backup-Kontrolle sowohl in der Cloud als auch onpremises. Arcserve-Unified-Data-Protection (UDP) 10.2 und die neuen Funktionen des Arcserve-Cyber-Resilient-Storage helfen Organisationen jeder Größe, die Kontrolle über unveränderbaren Backup-Speicher sowohl in der Cloud als auch vor Ort zu erlangen. Die Softwarelösungen bieten eine integrierte Kontrolle des Immutable…
Ransomware gang tells Ingram Micro, ‘Pay up by August 1’

Jul 31, 2025 5:28 AM

Tags: access, attack, backup, breach, cyber, cyberattack, data, data-breach, encryption, exploit, extortion, government, group, international, Internet, law, leak, organized, ransom, ransomware, technology, tool, vpn, vulnerability

Ransomware attacks increase: In a report on ransomware released this week, researchers at Zscaler ThreatLabz said the number of organizations listed on all ransomware leak sites rose 70% in the 12 month period ending in April.A growing number of ransomware operators are abandoning encryption of data in favour of just data extortion, it noted. For…
Google Cloud Security Threat Horizons Report #12 Is Out!

Jul 30, 2025 10:28 PM

Tags: access, ai, apt, attack, backup, business, cloud, credentials, cyber, cybersecurity, data, data-breach, defense, exploit, finance, google, group, identity, incident response, intelligence, malicious, mfa, ransomware, service, social-engineering, theft, threat, unauthorized, vulnerability

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #12 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10 and #11). My favorite quotes from the report…
HYCU erneut als Visionär im Gartner Magic Quadrant for Backup and Data Protection Platforms positioniert

Jul 29, 2025 11:28 AM

Tags: backup, data, gartner

Die Auszeichnung als Visionär spiegelt nicht nur Innovation wider, sondern symbolisiert auch die Ausrichtung auf die dringenden Anforderungen der IT-Führungskräfte von heute First seen on infopoint-security.de Jump to article: www.infopoint-security.de/hycu-erneut-als-visionaer-im-gartner-magic-quadrant-for-backup-and-data-protection-platforms-positioniert/a41521/
The healthcare industry is at a cybersecurity crossroads

Jul 29, 2025 9:28 AM

Tags: access, ai, api, attack, backdoor, backup, breach, business, ciso, cloud, communications, compliance, control, cyber, cybersecurity, data, encryption, firmware, flaw, framework, governance, government, healthcare, infrastructure, intelligence, Internet, monitoring, network, nist, programming, ransomware, risk, risk-management, service, software, tactics, technology, threat, tool, training, unauthorized, vulnerability

Digital transformation of business processes. Examples include telehealth, remote patient monitoring, e-prescribing, and ambient listening/note taking. These systems require new equipment, such as internet of medical things (IoMT), high-speed networks, cloud services, APIs, and tightly integrated applications.Aggressive adoption of AI. AI diagnostics are gaining popularity in areas such as cardiology, oncology, and radiology, especially at…
Werkzeug für automatisierte Datensicherung – BorgBackup: Open-Source-Backup mit Deduplizierung

Jul 28, 2025 9:27 AM

Tags: backup, open-source

First seen on security-insider.de Jump to article: www.security-insider.de/borgbackup-open-source-backup-mit-deduplizierung-a-0f7815c8de218e0b0b7cba64ccd24cc5/
Data resilience critical as ransomware attacks target backups

Jul 28, 2025 8:27 AM

Tags: attack, backup, data, insurance, ransomware, resilience, threat, veeam

With more threat actors targeting backup repositories to ensure a payday, Veeam urges organisations to threat data resilience as a competitive advantage, not just an insurance policy First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366628213/Data-resilience-critical-as-ransomware-attacks-target-backups
UK Signals It Will Back Peddle on Apple Encryption Demand

Jul 23, 2025 9:12 PM

Tags: access, apple, backup, cloud, data, encryption, government, office

Apple, US Took Hard Line Against British Demand. The U.K. government is reportedly set to reverse course on requiring smartphone giant Apple to give police access to device data stored as backups in the California company’s cloud service. The Home Office is basically going to have to back down, a British official said. First seen…
Interlock ransomware threat expands across the US and Europe, hits healthcare and smart cities

Jul 23, 2025 9:12 PM

Tags: access, advisory, attack, authentication, backup, ceo, control, credentials, defense, detection, dns, endpoint, finance, firewall, firmware, government, group, healthcare, identity, infrastructure, mfa, mitigation, network, ransom, ransomware, risk, service, social-engineering, technology, threat, training, update, usa, vulnerability

Target sectors and global reach : The advisory did not disclose the names of targeted organizations, but noted that critical infrastructure and other organizations in North America and Europe have been targeted in the past.”Healthcare has been a primary target, with incidents involving DaVita and Kettering Health. Education, technology, manufacturing, and government have also been…
UK proposal would forbid ransom payments by gov’t agencies, but will it meaningfully decrease ransomware attacks?

Jul 23, 2025 9:12 PM

Tags: attack, backup, business, ceo, dark-web, data, finance, government, group, hacker, intelligence, law, ransom, ransomware, threat

Businesses often want to pay ransom: Fred Chagnon, principal research director at Info-Tech Research Group noted that, from a business continuity perspective, it can make sense to pay the ransom.”Paying the ransom can sometimes be the quickest and least damaging path to restoring operations, especially if backups are compromised or recovery is prohibitively slow. While…
KAWA4096 Ransomware Employs WMI Techniques to Delete Backup Snapshots

Jul 21, 2025 7:40 PM

Tags: backup, cyber, group, monitoring, ransomware, threat

Trustwave SpiderLabs has played a crucial role in monitoring new ransomware variants in the incredibly unstable ransomware threat landscape of 2025, where dozens of new groups have emerged and caused extensive disruptions across multiple sectors. Among these, the KAWA4096 ransomware has been identified as a notable newcomer, first detected in June 2025. This strain has…
Backup tool Rescuezilla resurrects itself across six Ubuntus

Jul 20, 2025 10:40 AM

Tags: backup, browser, tool

2.6.1 adds Plucky Puffin and Firefox actually works this time First seen on theregister.com Jump to article: www.theregister.com/2025/07/18/rescuezilla_261/
New Veeam-Themed Phishing Attack Uses Weaponized WAV File to Target Users

Jul 18, 2025 10:40 PM

Tags: attack, backup, cyber, cybercrime, email, exploit, malware, phishing, social-engineering, software, veeam

Cybercriminals are now leveraging seemingly innocuous voicemail notifications to distribute malware, with a recent campaign impersonating Veeam Software to exploit users’ trust in enterprise backup solutions. This attack vector highlights the growing intersection of social engineering and file-based exploits, where attackers weaponize common audio formats like WAV files to bypass traditional email security filters and…
Building scalable secrets management in hybrid cloud environments: Lessons from enterprise adoption

Jul 18, 2025 2:40 PM

Tags: access, backup, cloud, credentials, data, gitlab, group, iam, identity, infrastructure, jobs, kubernetes, leak, radius, service, supply-chain, tool

Lessons from integration: Identity, Kubernetes and CI/CD : Choosing a secrets management tool is the easy part. Integrating it across an enterprise is where the work begins. We started with identity. Manual user provisioning was not an option. We integrated Vault with our SSO platform using OIDC and mapped groups to Vault policies based on least privilege.…