US warns agencies to secure NAKIVO backups now

The US government is warning agencies to secure their data backups due to a serious security flaw in NAKIVO software. This vulnerability was fixed in November 2024, but it has now been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, indicating that cybercriminals are actively exploiting it. The vulnerability, known as CVE-2024-48248, affects the Backup & Replication software. It can allow hackers to execute code remotely, which poses a high risk to sensitive data. NAKIVO stated that exploiting this flaw could lead to data breaches by exposing important files, backups, and user credentials. CISA has set a deadline for federal agencies to act. They must apply the available patch or stop using the software by April 9, 2025. CISA described these types of vulnerabilities as common targets for cyberattacks, highlighting their potential threat to federal operations. While the directive primarily applies to federal agencies, CISA recommends that all businesses take similar steps to protect themselves. NAKIVO is a US-based company that specializes in backup and disaster recovery solutions, serving a range of clients including Honda, Cisco, and Coca-Cola. It has a client base of 25,000 customers in 183 countries.