All news with #backup security tag

🛡️ Amazon GuardDuty Malware Protection for AWS Backup now supports Amazon S3 continuous backups, enabling malware scanning across your continuous backup timeline. You can enable full or incremental scans within your backup plan and run on-demand scans up to any restorable point in time. The new GetPITRMalwareScanResults API lets you query scan status at a specific point in time to confirm a clean recovery point. Support is available in all Regions where GuardDuty Malware Protection for AWS Backup is offered, and you can enable it via the AWS Backup console, API, or CLI.

🔒 Modern ransomware campaigns routinely target backup infrastructure before launching encryption, leaving organizations without viable recovery despite having backups. The article details an attack sequence — initial access, credential theft, lateral movement, backup discovery and destruction, then encryption — and identifies recurring failures like weak isolation, overprivileged credentials, lack of immutability, and untested restores. It recommends identity separation, network segmentation, immutable storage, continuous monitoring, and regular recovery testing, and highlights Acronis Cyber Platform as an integrated example that combines backup, immutability, and threat detection to reduce complexity and improve resilience.

🚀 AWS Backup now completes Amazon EKS cluster state backups up to 10x faster. This improvement reduces backup windows for clusters with large numbers of namespaces and Kubernetes resources from days to hours and is automatically enabled at no additional cost in supported Regions. AWS Backup is a policy-based, fully managed solution to centralize and automate protection across compute, storage, and databases.

🔁 Amazon RDS for SQL Server now supports cross-account snapshot sharing for instances configured with additional storage volumes, allowing snapshots to preserve the original storage layout when shared, copied, or restored across accounts. This capability helps teams create isolated backup environments for compliance and to perform diagnostics by restoring snapshots in separate accounts. The feature is available today in all AWS commercial Regions via the Console, CLI, and SDKs.

🔁 Amazon RDS for SQL Server now supports creating read replicas for database instances that use additional storage volumes. Additional volumes let customers scale database storage up to 256 TiB by attaching up to three additional volumes of up to 64 TiB each, and replicas preserve the source instance's storage layout on creation. After the initial copy, administrators can manage additional volume configurations independently on source and replica instances. The feature is available in all AWS commercial Regions and AWS GovCloud (US) and can be accessed via the AWS Management Console, AWS CLI, or AWS SDKs.

🔔 AWS Backup now supports Amazon Aurora point-in-time recovery (PITR) in six additional AWS Regions: Malaysia, Thailand, Taipei, New Zealand, Canada West (Calgary) and Mexico (Central). The expansion enables policy-based data protection and time-based recovery for Aurora clusters via backup plans. To protect clusters, add them to an existing or new backup plan and ensure continuous backups or PITR are enabled on the relevant backup rule. Management is available via the AWS Backup console, CLI, or SDKs.

🛡️ AWS Backup now supports including Amazon Redshift Serverless namespaces and Amazon Aurora DSQL clusters directly as resource types in AWS Organizations backup policies. Organization administrators can create policy rules that explicitly target these resource types across member accounts rather than relying on tag-based selections or backing up all resources. The capability is available in all AWS Commercial and GovCloud Regions where AWS Backup and the services are offered. For implementation, consult the AWS Organizations backup policies documentation or use the AWS Backup console.

🛡️ This AWS Security Blog post demonstrates how to clone an AWS CloudHSM cluster across Regions using the copy-backup-to-region workflow and Client SDK 5 (recommended version 5.17 or later). It walks through creating and initializing a source cluster, generating a backup, copying that backup to a destination Region, and launching a new cluster from the copied backup, including certificate transfer and security group adjustments. The guide emphasizes that non-exportable keys can only be synchronized to cloned clusters, that users and passwords must be maintained manually after the initial backup, and that Client SDK 3 reached end-of-support on January 1, 2025, so migration to SDK 5 is required.

🛡️ Many businesses assume that backing up data equals protection, but backups alone do not sustain operations during outages. The article contrasts traditional backups, which enable post-incident restore, with BCDR solutions that keep systems running through failover and rapid recovery. It cites research showing recovery expectations often exceed real-world performance and recommends hybrid cloud strategies. Datto sponsors the piece and positions its BCDR tools for MSPs.

🔒 NAKIVO has released Backup & Replication v11.2, introducing an automated real-time replication engine and expanded hypervisor support. The update delivers full compatibility with VMware vSphere 9 and Proxmox VE 9.0 (with 9.1 in scope), plus immutable backups, pre-recovery malware scanning, and air-gapped options to strengthen ransomware resilience. v11.2 also adopts OAuth 2.0 for email notifications and upgrades core platform components to improve stability and recovery speed.

📁 AWS Backup now supports backup and restore for Amazon FSx for Windows File Server, FSx for OpenZFS, and FSx for Lustre in five additional Regions — Malaysia, Taipei, Thailand, Canada West (Calgary), and Mexico (Central). You can centrally manage FSx backup policies, automate schedules, and monitor backup activity through AWS Backup in those Regions. AWS Backup also supports cross‑Region and cross‑account copy of FSx backups across 14 Regions, available for on‑demand copies and scheduled copy rules. In opt‑in Regions, backups can be placed in logically air‑gapped vaults to help defend against accidental deletion and ransomware.

🔁 Amazon S3 Lifecycle now prevents expiration and transition actions on objects that failed replication, helping operators avoid unintended deletions or storage-class transitions when replication is misconfigured or lacks permissions. Objects that fail replication will be skipped by lifecycle rules until replication is corrected. After you fix replication configuration or permissions and run S3 Batch Replication to catch up, lifecycle will automatically process those objects according to your configured rules.

🔒 The 2026 State of the SOC Report, based on more than 909,000 alerts observed via the Adlumin MDR at the N-able SOC between March and December 2025, lays out five practical steps to preserve operations when attackers strike. It urges layered, defense-in-depth designs that combine identity, endpoint, network, cloud, and perimeter visibility rather than relying on single-point solutions. The guidance highlights automation and SOAR to move containment and remediation to machine speed, modernized endpoint and ITDR identity controls to detect credential abuse, validated immutable backups to enable rapid recovery, and rigorous oversight of AI-driven processes to manage emerging attack surfaces.

🔒 Amazon RDS for Oracle now supports cross-account snapshot sharing for database instances configured with additional storage volumes. Customers can create, share, and copy DB snapshots that preserve the original storage layout, including up to three attached volumes, across AWS accounts and Regions. Use cases include isolated backups for compliance and restoring snapshots in separate accounts for diagnostics, development, and testing. This capability is available today via the AWS Management Console, AWS CLI, and AWS SDKs.

🔒 Ransomware increasingly targets home backups and personal NAS units, using automated scans, weak credentials, and social engineering to encrypt photos, documents, and synced cloud folders. Once inside, malware removes Windows shadow copies, encrypts connected external drives and mapped network shares, and corrupts cloud sync clients so remote copies mirror the damage. Follow the updated 3-2-1-1 rule: keep an offline copy, unplug external backups after each use, enable cloud versioning, enforce strong passwords and firmware updates, and back up authenticator data. Also enable features like System Watcher, avoid pirated installers, and test restore procedures regularly.

🔒 AWS Backup now supports Amazon Redshift Serverless in seven additional AWS Regions: Asia Pacific (Osaka, Hyderabad, Taipei, Kuala Lumpur, Auckland), Europe (Milan), and Africa (Cape Town). This expansion enables policy-based data protection and recovery for Redshift Serverless data warehouses in those Regions. Administrators can add resources to existing backup plans or create new plans and attach Redshift Serverless resources, using the AWS Backup console, CLI, or SDKs to get started.

🏢 Amazon RDS for Oracle is now available on AWS Outposts, enabling customers to run a managed Oracle database service on-premises with the same operational model used in AWS Regions. The offering supports Oracle Database 19c and 21c under a BYOL model and includes automated backups, automated patching, point-in-time recovery, CloudWatch monitoring, and encryption at rest with AWS KMS. It also supports multi-AZ deployments across Outposts racks for high availability and provides options for disaster recovery to the parent AWS Region or across Outposts.

🔒 Broadcom’s acquisition of VMware has accelerated migrations to alternatives such as Microsoft Hyper‑V, Azure Stack HCI, Nutanix AHV, Proxmox VE and KVM, but switching hypervisors introduces complex risks around disk formats, drivers, networking models and snapshot behavior. Successful transitions depend not on conversion tools but on verified, restorable, application‑consistent backups and rehearsed recovery drills performed before cutover. A unified, platform‑agnostic cyber protection approach with immutability, tightened RBAC and an off‑site copy reduces downtime, rollback risk and long‑term vendor lock‑in.

🔒 AWS Backup now supports protecting Amazon EKS clusters with logically air-gapped vaults. These vaults store immutable backup copies that are locked by default and encrypted with AWS-owned keys or customer-managed keys, and they can hold backups in the same account or across accounts and Regions. You can target a vault as the primary backup or copy destination via the console, API, or CLI, share recovery access through AWS Resource Access Manager (RAM) or multi-party approval, and initiate direct restore jobs from the recipient account without copying first to reduce recovery time.

🔒 AWS Backup now supports Amazon RDS Multi‑AZ clusters in 17 additional AWS Regions, extending managed backup coverage across Asia Pacific, Europe, South America, Africa, and Canada. The expansion brings centralized lifecycle management and immutable backups via AWS Backup Vault Lock to Multi‑AZ RDS clusters, improving retention controls and tamper protection. Administrators can add clusters to existing backup plans or create new plans and attach clusters using the console, AWS CLI, or SDKs.