CISA recommends organizations to apply patches immediately, along with other mitigation measures, including monitoring and reviewing Microsoft ENTRA audit logs, ENTRA logins and unified audit logs, implementing a conditional access policy to limit authentication in unit rental applications, and rotating application secrets and credentials on Commvault Metallic Applications.
Docontrol CEO Omri Weinberg connects the event to a wider trend. “Attackers are spinning from endpoints and network-based attacks to take advantage of over-mastered SaaS environments and misconfigured cloud applications,” Weinberg said. “Security teams need to handle SaaS with the same strict handling as traditional infrastructure – starting with strong access governance, continuous monitoring of third-party applications integration and limiting explosion radius with minimal privileged access.”
The company said in a statement in May that the internal investigation did not reveal any unauthorized access to Commvault stores and protected customer backup data, adding that it does not expect to have any significant impact on Commvault’s business operations or ability to provide products and services.
