Tag: backup
-
Fehlinterpretation der Verantwortlichkeiten führt zu Backup-Lücke in Microsoft-365
Unternehmen nutzen Microsoft-365 als Grundlage für ihre Produktivität. Doch neben den Vorteilen solcher Produktivitätsplattformen wird immer wieder eine Lücke in der Datenschutzstrategie übersehen: das Prinzip der geteilten Verantwortung. Diese Nachlässigkeit setzt wichtige Geschäftsinformationen erheblichen Risiken aus, die sich in Ausfallzeiten und wirtschaftlichen Verlusten niederschlagen können. Ein Risiko bei der Nutzung von Microsoft-365 besteht dann, wenn…
-
From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even…
-
Estimated 96% of EMEA financial services sector not ready for DORA
Research from data backup provider Veeam indicates that vast majority of European financial services firms do not feel ready to meet the resiliency requirements of the EU’s DORA act First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627913/Estimated-96-of-EMEA-financial-services-sector-not-ready-for-DORA
-
Erfahrungsbericht WienIT: Reduzierung des Backup-Datenspeichers um 50 Prozent und NIS-2-Konformität
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/erfahrungsbericht-wienit-reduzierung-backup-datenspeicher-nis-2-kpnformitaet
-
The 10 most common IT security mistakes
Tags: access, attack, backup, best-practice, bsi, business, control, cyber, cyberattack, cybercrime, data, detection, group, incident response, infrastructure, Internet, login, mfa, microsoft, monitoring, network, office, password, ransomware, risk, security-incident, service, skills, strategy, technology, threat, tool, vpn2. Gateway: Weak passwords: The problem: Weak passwords repeatedly make it easier for cybercriminals to gain access to a company network. A domain administrator password with six characters or a local administrator password with only two characters is no obstacle for perpetrators. It is more than clear that this issue is often neglected in practice,…
-
GPS on the fritz? Britain and France plot a backup plan
Cross-Channel pact aims to bolster navigation and timing tech as satellite signals face growing jamming threats First seen on theregister.com Jump to article: www.theregister.com/2025/07/14/britain_france_navigation_alternatives/
-
Modernes Backup ohne Tape und Cloud ist möglich
Ein vollständiges und sicheres Backup sowie ein zuverlässiges und schnelles Restore sind die Grundlagen zum Schutz vor Datenverlust und den Folgen eines Cyberangriffs Tape hat hier ausgedient und auch die Public Cloud ist verzichtbar. Zwei in der Datensicherung eingesetzte Technologien stehen derzeit bei vielen Unternehmen und Behörden auf dem Prüfstand. Bei Tape sind… First seen…
-
Exploit details released for Citrix Bleed 2 flaw affecting NetScaler
Tags: access, advisory, authentication, backdoor, backup, citrix, credentials, cve, data-breach, endpoint, exploit, flaw, leak, mitigation, password, theft, tool, vulnerability, zero-daySimilarities to the original Citrix Bleed: CVE-2025-5777 has been dubbed Citrix Bleed 2 due to its similarities to a zero-day information disclosure vulnerability fixed in October 2023 (CVE-2023-4966) that received the Citrix Bleed moniker because it enabled attackers to leak session tokens from memory, allowing for session takeover with multifactor authentication bypass.Similarly, CVE-2025-5777 can lead…
-
Microsoft Authenticator on iOS moves backups fully to iCloud
Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-authenticator-on-ios-moves-backups-fully-to-icloud/
-
Bewährtes Open-Source-Tool kombiniert Spiegelung mit inkrementeller Sicherung – Wie rdiff-backup Daten effizient und sicher sichert
First seen on security-insider.de Jump to article: www.security-insider.de/wie-rdiff-backup-daten-effizient-und-sicher-sichert-a-0168b318bb31514b40b2d1dcc3e4fa43/
-
Hybride Backup-Strategien Flexibler Balanceakt zwischen Effizienz, Komplexität, Kosten und Sicherheit
Tags: backupUnternehmen stehen heute vor der Herausforderung, stetig wachsende Datenmengen zuverlässig, sicher und wirtschaftlich zu sichern. Hybride Backup-Strategien sind eine Kombination aus lokalen und cloudbasierten Sicherungslösungen und gewinnen in diesem Kontext zunehmend an Bedeutung. Die moderne Geschäftswelt verlangt nach Backup-Lösungen, die sich dynamisch an wechselnde Anforderungen anpassen. Hybride Backup-Konzepte verbinden das Beste aus zwei Welten: Während…
-
Schutz vor Ransomware, Migration von VMware zu Hyper-V und Backup für Microsoft 365 – Flexible Datensicherung mit Zmanda: Hybridlösungen für Unternehmen
First seen on security-insider.de Jump to article: www.security-insider.de/flexible-datensicherung-mit-zmanda-hybridloesungen-fuer-unternehmen-a-b8f6645bff5b3e471e09cc0d74cee6a2/
-
Synology ABM Vulnerability Leaks Microsoft 365 Sensitive Information
A critical vulnerability inSynology’s Active Backup for Microsoft 365 (ABM)has exposed sensitive data from Microsoft 365 tenants worldwide, potentially impacting over a million organizations relying on the popular backup solution. The flaw, tracked as CVE-2025-4679, allowed attackers to access confidential Microsoft 365 content”, including Teams messages, group memberships, Outlook conversations, and calendar data”, without requiring prior…
-
Beyond Backup: How Coveware is Revolutionizing Veeam’s Ransomware Defense
In March 2024, Veeam, a leader in data protection, made a strategic move that significantly improved its stance on ransomware: the acquisition of Coveware. This wasn’t just another corporate acquisition. It was a deep integration of specialized expertise and cutting-edge technology, transforming Veeam from a backup and recovery solution moving into the security space into..…
-
Cyber-Resilienz und Datensicherheit – Backup war gestern: 6 Best Practices für resilientes Recovery
First seen on security-insider.de Jump to article: www.security-insider.de/backup-war-gestern-6-best-practices-fuer-resilientes-recovery-a-b386a40e14b588353b9a669077d75564/
-
Veeam Backup Replication: Critical RCE Patched
Summary On June 1 7, data resilience vendor Veeam released security updates to fix three vulnerabilities: one critical severity RCE and one high severity ACE First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/06/18/veeam-backup-replication-critical-rce-patched/
-
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions.The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0.”A vulnerability allowing remote code execution (RCE) on the Backup Server by…
-
Veeam Vulnerabilities Expose Backup Servers to Remote Attacks
Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software. These flaws”, assigned CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287″, could allow attackers to execute code remotely or escalate privileges, posing significant risks to organizations relying on Veeam for data integrity and disaster recovery. The Vulnerabilities CVE-2025-23121: Critical…
-
Veeam Vulnerabilities Expose Backup Servers to Remote Attacks
Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software. These flaws”, assigned CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287″, could allow attackers to execute code remotely or escalate privileges, posing significant risks to organizations relying on Veeam for data integrity and disaster recovery. The Vulnerabilities CVE-2025-23121: Critical…
-
Veeam Backup Replication 12.3.2 schließt kritische Schwachstellen (CVE-2025-23121 etc.)
Nutzer von Veeam Backup & Replication müssen reagieren. Der Anbieter Veeam hat zum 17. Juni 2025 Veeam Backup & Replication 12.3.2 sowie Veeam Agent for Microsoft Windows 6.3.2 veröffentlicht. Veeam Backup & Replication 12.3.2 schließt unter anderem eine kritische Remote … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/17/veeam-backup-replication-12-3-2-schliesst-kritische-schwachstellen-cve-2025-23121-etc/
-
New Veeam RCE flaw lets domain users hack backup servers
Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-veeam-rce-flaw-lets-domain-users-hack-backup-servers/
-
Backups Are Under Attack: How to Protect Your Backups
Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today’s ransomware attacks initially target your last line of defense, your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.…
-
IBM Backup Services Flaw Allows Hackers to Gain Elevated Access
A critical security vulnerability has been identified in IBM’s Backup, Recovery, and Media Services (BRMS) for IBM i, potentially exposing enterprise environments to privilege escalation attacks. The flaw, tracked as CVE-2025-33108, affects versions 7.4 and 7.5 of the BRMS software, which are widely used for automating backup and recovery operations on IBM i systems. Nature…
-
Forgotten patches: The silent killer
Tags: attack, automation, backup, breach, business, cloud, compliance, control, data, defense, detection, endpoint, exploit, infrastructure, tool, update, vulnerabilityAccuracy over convenience: It’s tempting to prioritize speed or ease. But making patching easier cannot come at the expense of accuracy. Light enforcement, delays in applying updates, or gaps between tools and policy all introduce risk.Patch management must detect when systems drift out of compliance, whether due to misconfiguration, agent failure, or an unexpected event,…
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
Russia-linked PathWiper malware hits Ukrainian infrastructure
Tags: apt, attack, backup, cisco, ciso, compliance, control, cyber, detection, endpoint, finance, fortinet, infrastructure, insurance, intelligence, malware, network, PurpleTeam, resilience, risk, russia, tactics, threat, tool, ukraine, vulnerability, zero-trustEchoes of past attacks: While PathWiper shares tactical similarities with HermeticWiper, its enhanced capabilities reveal a clear evolution in wiper malware sophistication. The new variant employs advanced techniques, such as querying registry keys to locate network drives and dismounting volumes to bypass protections, a stark contrast to HermeticWiper’s simpler approach of sequentially targeting drives numbered…
-
Unmasking the silent saboteur you didn’t know was running the show
Tags: 5G, access, ai, api, attack, authentication, backup, blockchain, breach, ciso, cloud, compliance, control, cybersecurity, data, defense, endpoint, firewall, firmware, GDPR, governance, Hardware, incident response, iot, ISO-27001, login, malicious, network, nis-2, PCI, service, siem, supply-chain, threat, zero-trustCybersecurity depends on accurate clocks : Your logs are only as valuable as your clocks are accurate. If your servers are out of sync, forget to reconstruct timelines. You’ll spend hours chasing phantom alerts. Event correlation and forensics Your SIEM is only as good as the timestamps it gets. Correlating events across endpoints, firewalls and cloud…
-
GAO finds backup data testing gaps in Login.gov
First seen on scworld.com Jump to article: www.scworld.com/brief/gao-finds-backup-data-testing-gaps-in-login-gov
-
HPE fixed multiple flaws in its StoreOnce software
Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution. HPE has released security patches for eight vulnerabilities in its StoreOnce backup solution. These issues could allow remote code execution, authentication bypass, data leaks, and more. >>Potential security vulnerabilities have been identified in HPE StoreOnce Software.>These […] First seen on…
-
HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability, Urges Immediate Patch Upgrade
Hewlett Packard Enterprise (HPE) has issued a new security advisory addressing eight newly discovered vulnerabilities in its StoreOnce data backup and deduplication platform. Among these, the most severe is an authentication bypass vulnerability tracked as CVE-2025-37093, which carries a near-maximum CVSS score of 9.8, indicating a critical risk to affected systems. First seen on thecyberexpress.com…