Tag
#backup
6 posts tagged #backup.
-
Field Note · Jun 24, 2026 · Colten Anderson
Your backups say success. Have you ever restored one?
A green backup job confirms bytes landed at the destination. It says nothing about whether you can boot the workload back. Here's the procedure to find out before the disaster does.
-
Field Note · Jun 22, 2026 · Colten Anderson
Commvault CVE-2025-34028: upgrading to 11.38.20 is not the whole fix
CVE-2025-34028 gives pre-auth RCE on Commvault Command Center. The patch landed in April and the federal deadline passed in May, but the fix requires supplemental update packages beyond the base version, and most shops check the version number and stop there.
-
Analysis · May 20, 2026 · Colten Anderson
Why ransomware crews love a backup server twice over
CVE-2022-36537 is a ZK Framework bug that handed attackers ConnectWise R1Soft backup servers. A backup server is the perfect ransomware target for two reasons at once: it can push code to everything it protects, and destroying it removes the one thing that lets a victim refuse to pay.
-
Analysis · May 20, 2026 · Colten Anderson
Ransomware crews keep hitting Veeam for the same two reasons
Four Veeam Backup & Replication CVEs feed the same playbook. Attackers target the backup server because it can destroy your recovery option and because it holds the credentials to everything it backs up. CVE-2024-40711 took Akira and Fog from access to ransomware fast.
-
Analysis · May 20, 2026 · Colten Anderson
The backup agent on every server was ALPHV's way in
Veritas Backup Exec's agent listens on every machine it backs up. Three 2021 CVEs in it, CVE-2021-27876, 27877, and 27878, let ALPHV/BlackCat affiliates get in. Backup infrastructure isn't just a destruction target; its agents are an attack surface on every host.
-
Analysis · May 9, 2026 · Colten Anderson
Skip the optional preview: KB5083631 isn't worth your Tuesday morning
May 12 ships the same 34 fixes plus the month's security patches in one tested package. The preview brings the same risk for none of the upside.