Comvolt, a leading provider of data protection solutions, says, a nation-state actor said that the one who violates his agorous environment did not have access to customer backup data.
Listed on Nasdaq since March 2006, Commvault S&P MIDCAP is included in the 400 index and provides cyber flexibility services to over 100,000 organizations.
As a company First revealed on 7 March2025, Commvault discovered the incident after Microsoft was informed by Microsoft on 20 February. A follow -up investigation in the violation found that the incident affected only a small number of Comvolt customers and did not affect the company’s operations.
The company’s Chief Trust Officer, Daniel Sheer, Daniel Sheer, Daniel Sheer, Daniel Sheer, Daniel Sheer, “have no unauthorized access to our business operations or our business operations or our business operations, no unauthorized access to customer backup data. Said in Wednesday’s update,
“We are working closely with two major cyber security firms and coordinating with appropriate officials including FBI, Cyber Security and Infrastructure Security Agency (CISA), and others.”
One in Assistant document With the indicators of the agreement, Commvault recommends customers to implement a conditional access access policy to customers all Microsoft 365, Dynamics 365, and Azure Advertising Single-Craid App Registration.
It recommended regular sign-in activity to monitor the efforts arising out of IP addresses outside the permissible range and can be rotated and sinking client secrets between the comvolt and azure portal every 90 days.
“This can quickly help identify potential security violations or account agreement. If any unauthorized access is detected, reports the event for further investigation and treatment for further investigation and treatment,” the company says.
The company also mentioned in the original disclosure that the danger actors now exploited a zero zero-day vulnerability (Cve-2025-3928) In your Commvault web server software that remote authentic attackers with low privileges can exploit from far away to install webshal on the target server.
Sisa is also CVE-2025-3928 vulnerability added Federal agencies needed federal agencies, compulsorily for their known exploited exploited vulnerability catalogs to secure their comvolt software by Binding Operational Directive (BOD) 22-01, released in November 2021.
“These types of weaknesses are frequent attacks for malicious cyber actors and pose significant risk for federal enterprises,” Sisa warns,
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
