Log4J Recommendations – Step by Step Guide

If you’re using any software running on Apache and Java, be aware of this critical zero-day vulnerability. Log4j is a ubiquitous logging tool included in almost every Java application, meaning this vulnerability affects literally millions of servers. The Log4J library vulnerability (CVE-2021-44228) allows an attacker to cause the target system to fetch and execute code from a remote location controlled by the attacker. The second stage, what the downloaded malicious code does next, is fully up to the attacker. This library is used by many software vendors and service providers globally as a standardized way of handling log messages within the software. This blog post is a step-by-step guide (recommendations) that you can follow.

 

Continue reading

Defending Against Crypto-Ransomware with Netwrix

Hi, today we will discuss about data governance and more especially a software called: Netwrix Auditor.

Netwrix Auditor is a visibility and governance platform that enables control over changes, configurations, and access in hybrid cloud IT environments to protect unstructured data regardless of its location. The platform provides security analytics to detect anomalies in user behavior and investigate threat patterns before a data breach occurs.

Continue reading

Conti initiates their attacks on Backup

Cyber groups (cartels) specifically target backup solutions in order to ensure that the victim has no other option except for paying the ransom. Conti group is particularly methodical in developing and implementing backup removal techniques (on-premise and cloud). The full analysis is available here (thanks to ADV INTEL) and is based on their actual proactive victim breach intelligence and subsequent incident response (not a simulated or sandbox environment). Defense-in-depth strategy is the solution and concerns your backup environment…

 

Continue reading

Backup with Trusted Repository Storage

Backup with trusted repository storage is essential (secure, reliable and efficient). Here’s a fresh example of data loss issues Veeam is seeing in support (Anton Gostev’s Weekly Word) from users who chose “low-end” NAS as their backup storage. What makes this one worth highlighting here is the usage of NFS protocol, which removes all those additional quirks of the SMB stack which Anton talked about so much here before, thus leaving very few moving parts.

 

Continue reading

LTO9 and Air Gap with Quantum Active Vault

LTO-9 is now generally available, increasing native media capacity to 18TB and bringing 400 MB/s transfer rates. Aside from increased density this technology apparently improves reliability: BaFe (Barium Ferrite) LTO-9 tapes are rated to maintain stable magnetic characteristics for over 50 years. How the latest innovations in LTO technology are addressing today’s most pressing data storage challenges: Unrelentless cyber threats and exponential data growth. Basically, LTO Tape Technology is a proven solution against modern cyberattacks, offering a layer of protection called air gapping (Offline Backup).

 

Continue reading