1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Commvault attack may put SaaS companies across the world at risk,

    From TechnologyDaily@1337:1/100 to All on Monday, May 26, 2025 14:15:09
    Commvault attack may put SaaS companies across the world at risk, CISA warns

    Date:
    Mon, 26 May 2025 13:11:00 +0000

    Description:
    CISA warns of large campaign targeting SaaS companies cloud applications with default configurations

    FULL STORY ======================================================================Nation-s tate hackers are abusing a Commvault zero-day to target SaaS companies CISA
    is warning users to patch their systems A large-scale campaign is currently ongoing, it was said

    The US Cybersecurity and Infrastructure Security Agency (CISA) is warning the recent breach at Commvault could put many Software-as-a-Service (SaaS) providers at risk.

    In a recently published security advisory, the agency said the attack is
    being monitored, and urged Commvaults customers to mitigate possible risks.

    Commvault's flagship product, Metallic. is a cloud -based SaaS data protection platform that provides secure backup and recovery for Microsoft 365, endpoints, VMs, databases, and other workloads. It is all hosted on Microsoft Azure, and CISA says unnamed threat actors may have accessed client secrets for Commvaults (Metallic) Microsoft 365 backup SaaS solution.

    This provided the threat actors with unauthorized access to Commvaults customers M365 environments that have application secrets stored by
    Commvault.

    Get Keeper Personal for just $1.67/month, Keeper Family for just
    $3.54/month, and Keeper Business for just $7/month

    Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

    It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
    to protect against cyber threats.

    Preferred partner ( What does this mean? ) View Deal State-sponsored attackers

    At the same time, Commvault published a blog post in which it said that Microsoft reached out to warn about an ongoing state-sponsored cyberattack.

    The company confirmed a handful of customers were targeted through a zero-day vulnerability tracked as CVE-2025-3928, an unspecified flaw in Commvault Web Server that can be exploited by a remote, authenticated attacker.

    CISA added it to its catalog of known exploited vulnerabilities (KEV) on
    April 28, giving Federal Civilian Executive Branch (FCEB) agencies a three-week deadline to patch things up. The bug was fixed in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

    CISA believes the threat activity may be part of a larger campaign targeting various SaaS companies cloud applications with default configurations and elevated permissions, the agency added in the advisory.

    The agency has also made a list of mitigations that companies should follow
    to minimize the chances of getting struck. These include monitoring Entra audit logs, reviewing Microsoft logs, reviewing the list of Application Registrations and Service Principles in Entra, and more. The entire list can be found on this link .

    Via The Register You might also like Marks & Spencer outage allegedly linked to ScatteredSpider ransomware attack Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/commvault-attack-may-put-saas-companies -across-the-world-at-risk-cisa-warns


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)