Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Backup. Show all posts
USB
Backup Cyber Security Data protection Encryption storage USB

USB Drives Are Handy, But Never For Your Only Backup

 

Storing important files on a USB drive offers convenience due to their ease of use and affordability, but there are significant considerations regarding both data preservation and security that users must address. USB drives, while widely used for backup, should not be solely relied upon for safeguarding crucial files, as various risks such as device failure, malware infection, and physical theft can compromise data integrity.

Data preservation challenges

USB drive longevity depends heavily on build quality, frequency of use, and storage conditions. Cheap flash drives carry a higher failure risk compared to rugged, high-grade SSDs, though even premium devices can malfunction unexpectedly. Relying on a single drive is risky; redundancy is the key to effective file preservation.

Users are encouraged to maintain multiple backups, ideally spanning different storage approaches—such as using several USB drives, local RAID setups, and cloud storage—for vital files. Each backup method has its trade-offs: local storage like RAID arrays provides resilience against hardware failure, while cloud storage via services such as Google Drive or Dropbox enables convenient access but introduces exposure to hacking or unauthorized access due to online vulnerabilities.

Malware and physical risks

All USB drives are susceptible to malware, especially when connected to compromised computers. Such infections can propagate, and in some cases, lead to ransomware attacks where files are held hostage. Additionally, used or secondhand USB drives pose heightened malware risks and should typically be avoided. Physical security is another concern; although USB drives are inaccessible remotely when unplugged, they are unprotected if stolen unless properly encrypted.

Encryption significantly improves USB drive security. Tools like BitLocker (Windows) and Disk Utility (MacOS) enable password protection, making it more difficult for thieves or unauthorized users to access files even if they obtain the physical device. Secure physical storage—such as safes or safety deposit boxes—further limits theft risk.

Recommended backup strategy

Most users should keep at least two backups: one local (such as a USB drive) and one cloud-based. This dual approach ensures data recovery if either the cloud service is compromised or the physical drive is lost or damaged. For extremely sensitive data, robust local systems with advanced encryption are preferable. Regularly simulating data loss scenarios and confirming your ability to restore lost files provides confidence and peace of mind in your backup strategy.
Read more »
remote code execution Veeam
Backup CVE CVE exploits CVE vulnerability Cyber Security Domain Flaws Ransomware Gangs Ransomwares remote code execution Veeam

Veeam Fixes Critical Remote Code Execution Bug in Backup & Replication Software

 

Veeam has issued new security patches to address multiple vulnerabilities in its Backup & Replication (VBR) software, including a severe remote code execution (RCE) flaw. Identified as CVE-2025-23121, this particular vulnerability was uncovered by researchers from watchTowr and CodeWhite and impacts only installations that are connected to a domain. 

According to Veeam’s advisory released on Tuesday, the vulnerability can be exploited by any authenticated domain user to execute code remotely on the backup server. The flaw requires minimal attack complexity and affects versions of Veeam Backup & Replication 12 and later. The issue has been resolved in version 12.3.2.3617, made available earlier today. 

Although the vulnerability is confined to domain-joined setups, it poses a significant risk due to the ease with which domain users can leverage it. Alarmingly, many organizations have connected their backup servers to Windows domains, going against Veeam’s own security recommendations. These guidelines suggest using a separate Active Directory Forest for backups and enforcing two-factor authentication on administrative accounts to reduce exposure. 

This is not the first time a serious RCE flaw has been found in Veeam’s software. In March 2025, another vulnerability (CVE-2025-23120) was patched that similarly affected domain-joined installations. Earlier, in September 2024, another VBR vulnerability (CVE-2024-40711) was exploited in the wild, eventually being used to deliver the Frag ransomware. That same flaw was later linked to Akira and Fog ransomware attacks starting in October. Cybercriminals have increasingly targeted Veeam Backup & Replication servers as part of their ransomware campaigns. 

These systems often store critical backups, making them ideal targets for attackers looking to maximize damage. Ransomware operators frequently aim to disable these systems before launching full-scale attacks, making recovery more difficult for the victim. Historically, ransomware groups such as Cuba, as well as financially motivated actors like FIN7—known for collaborating with major ransomware operations like REvil, Maze, Conti, and BlackBasta—have been seen exploiting VBR vulnerabilities. 

With over 550,000 organizations relying on Veeam’s solutions globally, including the majority of Fortune 500 companies and most of the Global 2000, the potential impact of such flaws is significant. These repeated discoveries of critical vulnerabilities highlight the urgent need for enterprises to follow recommended configurations and keep their backup software up to date.
Read more »
zero data
Backup commvault Cyber Attacks Data Microsoft zero data

Commvault Confirms Cyberattack, Says Customer Backup Data Remains Secure


Commvault, a well-known company that helps other businesses protect and manage their digital data, recently shared that it had experienced a cyberattack. However, the company clarified that none of the backup data it stores for customers was accessed or harmed during the incident.

The breach was discovered in February 2025 after Microsoft alerted Commvault about suspicious activity taking place in its Azure cloud services. After being notified, the company began investigating the issue and found that a very small group of customers had been affected. Importantly, Commvault stated that its systems remained up and running, and there was no major impact on its day-to-day operations.

Danielle Sheer, Commvault’s Chief Trust Officer, said the company is confident that hackers were not able to view or steal customer backup data. She also confirmed that Commvault is cooperating with government cybersecurity teams, including the FBI and CISA, and is receiving support from two independent cybersecurity firms.


Details About the Vulnerability

It was discovered that the attackers gained access by using a weakness in Commvault’s web server software. This flaw, now fixed, allowed hackers with limited permissions to install harmful software on affected systems. The vulnerability, known by the code CVE-2025-3928, had not been known or patched before the breach, making it what experts call a “zero-day” issue.

Because of the seriousness of this bug, CISA (Cybersecurity and Infrastructure Security Agency) added it to a list of known risks that hackers are actively exploiting. U.S. federal agencies have been instructed to update their Commvault software and fix the issue by May 19, 2025.


Steps Recommended to Stay Safe

To help customers stay protected, Commvault suggested the following steps:

• Use conditional access controls for all cloud-based apps linked to Microsoft services.

• Check sign-in logs often to see if anyone is trying to log in from suspicious locations.

• Update secret access credentials between Commvault and Azure every three months.


The company urged users to report any strange behavior right away so its support team can act quickly to reduce any damage.

Although this was a serious incident, Commvault’s response was quick and effective. No backup data was stolen, and the affected software has been patched. This event is a reminder to all businesses to regularly check for vulnerabilities and keep their systems up to date to prevent future attacks.

Read more »
Vulnerabilities
Automation Backup Cyber Security Exploits Infrastructure Vulnerabilities

CISA Highlights Major Vulnerabilities in Critical Infrastructure Systems

 

The Cybersecurity and Infrastructure Security Agency (CISA) has released two significant advisories focused on Industrial Control Systems (ICS), urging swift action from organizations operating within vital infrastructure sectors. These advisories—ICSA-25-091-01 and ICSA-24-331-04—highlight newly discovered vulnerabilities that could pose severe threats if left unaddressed.

ICSA-25-091-01 focuses on a critical vulnerability affecting Rockwell Automation's Lifecycle Services, which integrate with Veeam Backup and Replication. This issue stems from improper deserialization of untrusted data (CWE-502)—a known risk that allows remote attackers to execute malicious code. The flaw has received a CVSS v4 score of 9.4, indicating a high-severity, low-complexity threat that is remotely exploitable.

Impacted products include:

  • Industrial Data Center (IDC) with Veeam (Generations 1-5)
  • VersaVirtual Appliance (VVA) with Veeam (Series A-C)
If exploited, the vulnerability could give attackers with admin rights full access to execute arbitrary code, potentially leading to complete system takeover.

"CISA urges organizations to take immediate defensive measures to mitigate the risk, including:
• Minimizing network exposure for all control systems and ensuring they are not directly accessible from the internet.
• Using secure access methods like Virtual Private Networks (VPNs) when remote access is necessary.
• Keeping VPNs up to date to prevent vulnerabilities from being exploited."

Rockwell Automation is collaborating with CISA to inform affected clients—especially those under Infrastructure Managed Service contracts—about available patches and remediation steps.

ICSA-24-331-04 draws attention to multiple security flaws in Hitachi Energy’s MicroSCADA Pro/X SYS600, a system widely used in energy and manufacturing sectors. These vulnerabilities include improper query logic handling, session hijacking via authentication bypass, and path traversal risks.

The most critical issue, CVE-2024-4872, carries a CVSS v3 score of 9.9, making it one of the most severe. It enables attackers with valid credentials to inject harmful code into the system, risking unauthorized access and corruption of persistent data.

Other issues include:
  • CVE-2024-3980: Lack of proper file path limitations
  • Exposure to further system compromise if not promptly patched
"Hitachi Energy has released patches for the affected versions, including a critical update to Version 10.6 for MicroSCADA Pro/X SYS600. Users are also advised to apply necessary workarounds and stay updated with security patches to protect against exploitation."

CISA strongly advises organizations using these systems to implement all recommended mitigations without delay to minimize potential risks.
Read more »
Subscribe to: Comments (Atom)