Commvault releases patches for two nasty bug chains after exploits proven
https://www.theregister.com/2025/08/20/commvault_bug_chains_patched/

#Infosec #Security #Cybersecurity #CeptBiro #Commvault #Patches #BugChains #ExploitsProven

🚨 Backup ≠ immunity

CISA just added a Commvault SaaS vulnerability to its Known Exploited Vulnerabilities list — signaling that cloud-based backup services are now part of the threat surface.

This isn’t just about Commvault:
☁️ Many orgs use SaaS-based backup platforms (Microsoft, Google, etc.)
🔒 They often assume these systems are “off-limits” to attackers
⚠️ But backup platforms are now being actively exploited

Validate your SaaS backup exposure. Now.

#Cybersecurity #SaaS #BackupSecurity #CISA #Commvault #Infosec

https://www.theregister.com/2025/05/23/cisa_commvault_zero_day/

New vulnerability: A flaw in Commvault Command Center allows pre-authenticated remote code execution via SSRF

⚠️ Impact: If not addressed, this could result in a complete compromise of the Command Center environment, allowing attackers to gain control over affected systems

🛡️ CVE: CVE-2025-34028

🔧 Remediation: Update Commvault to versions 11.38.20 or 11.38.25

#cybersecurity #Commvault

https://thehackernews.com/2025/04/critical-commvault-command-center-flaw.html

⚠️ Cyber threat: Max-severity Commvault bug enables unauthenticated remote code execution 💥🛠️

CVE-2025-34028 is a newly disclosed vulnerability in Commvault’s Command Center (versions 11.38.0 to 11.38.19):
🔓 Allows unauthenticated SSRF-based exploitation
💻 Leads to full RCE on both Windows and Linux
🚫 No authentication required
🛡️ Fix issued in 11.38.20

This is a high-value target — Commvault often controls backup infrastructure and critical data repositories.

✅ Mitigation steps:
• Apply patch 11.38.20 immediately
• Isolate backup interfaces from public access
• Monitor for abnormal command execution or data exfiltration

#CyberSecurity #Commvault #DataSecurity #RCE #VulnerabilityManagement
https://www.darkreading.com/cyber-risk/max-severity-commvault-bug-researchers

Commvault Shift’s Cyber Resilience for the AI Era | The Gestalt IT Rundown: October 16, 2024

https://youtu.be/ywM-ey-IR7Q

At Commvault SHIFT 2024, The Futurum Group’s Daniel Newman and Patrick Moorhead sat with CEO Sanjay Mirchandani, who discussed Commvault’s strategic pivot towards a cloud-first approach in cyber resilience. This shift involves key acquisitions, such as Appranix and Clumio, and new partnerships with AWS and Google, aimed at enhancing cloud data protection and recovery. Mirchandani also introduced the concept of “Continuous Business,” highlighting its distinction from traditional business continuity by emphasizing ongoing readiness and adaptability in a dynamic digital landscape.

Apple Podcasts | Spotify | Overcast | Amazon Music | Audio | YouTube

2:57 – Chip Boom Continues with Record-Breaking Demand

Global semiconductor sales jumped 20.6% year-on-year in August 2024, reaching $53.1 billion, with the Americas leading the growth at 43.9%, driven by AI, cloud computing, and automotive demand. Despite the strong recovery, supply chain disruptions and ongoing US-China geopolitical tensions pose significant risks to the industry. While export controls and national security concerns remain, the sector is expected to continue rebounding due to persistent demand across multiple sectors.

Read More: Global semiconductor sales up 20.6% to record $53.1B as trade wars rage on

5:47 – Accenture Pushes Agentic AI Built on NVIDIA

Accenture is positioning itself at the forefront of the emerging agentic AI wave by expanding its partnership with Nvidia to leverage advanced AI capabilities within its operations. The company is launching the Accenture Nvidia Business Group, which will employ an “army of agents” to tackle complex workflows, enhance efficiency, and deliver customized solutions for clients. While agentic AI presents significant opportunities for innovation, Accenture acknowledges the challenges of data security, ethical considerations, and the necessity for human oversight as these systems become increasingly autonomous.

Read More: Accenture Melds Smarts and Wares with NVIDIA for Agentic AI Push

10:53 – AMD AI Chips to Challenge NVIDIA

AMD announced the release of its MI325X AI accelerator in 2025, followed by the MI350 series, which will feature 256GB of memory and 6TBps throughput, surpassing NVIDIA’s H200 series. Additionally, the company introduced the AMD Pensando Pollara 400 Ethernet accelerator and a new 5th Gen EPYC processor that improves performance by up to 17%, while CEO Dr. Lisa Su stressed the importance of leveraging open-source software and building an ecosystem around the ROCm stack to compete effectively in the market. For more on this story, let’s bring in Techstrong.ai’s Mike Vizard to discuss what this means.

Read More: AMD Extends AI Accelerator Lineup to Challenge NVIDIA

13:22 – Geopolitics’ Impact on Digital Infrastructure

In his latest column on Every.to, Gareth Edwards explores the British government’s decision to transfer sovereignty of the Chagos Islands to Mauritius, an event that will lead to the retirement of the widely used .io domain suffix in the tech and gaming industries. This geopolitical shift highlights the interconnectedness of global politics and digital infrastructure, as the Internet Assigned Numbers Authority (IANA) prepares to eliminate the “IO” country code, impacting numerous existing websites. Citing historical precedents like the fall of the Soviet Union and the breakup of Yugoslavia, Edwards cautions tech founders to consider the implications of their domain name choices, as real-world events can significantly affect the digital landscape.

Read More: The Disappearance of an Internet Domain

16:53 – Cisco sells their stake in Rubrik

Cisco has sold its nearly $6 million stake in cybersecurity firm Rubrik, following the company’s April IPO. Despite the sale, the two companies maintain a strategic partnership, with Rubrik joining Cisco’s SolutionsPlus program in August, making its products available on Cisco’s Global Price List.

Read More: Cisco sells stake in cybersecurity firm Rubrik – report

20:49 – CTERA’s Data Intelligence Enhances GenAI with File Data

CTERA has launched its Data Intelligence offering, designed to enhance retrieval-augmented generation, or RAG, by linking cloud file services data to chosen GenAI models, providing real-time private context to improve response accuracy. CEO Oded Nagel highlighted that the service enables organizations to securely integrate their proprietary data with AI, delivering relevant insights while maintaining data privacy, through features such as semantic engines, identity-based access, and customizable virtual assistants. CTERA’s solution supports both on-premises and cloud deployments, addressing challenges related to unstructured data and facilitating effective AI interactions within enterprise environments.

Read More: CTERA launches Data Intelligence to link file data to AI models

25:28 – Commvault Shift’s Cyber Resilience for the AI Era

At Commvault SHIFT 2024, The Futurum Group’s Daniel Newman and Patrick Moorhead sat with CEO Sanjay Mirchandani, who discussed Commvault’s strategic pivot towards a cloud-first approach in cyber resilience. This shift involves key acquisitions, such as Appranix and Clumio, and new partnerships with AWS and Google, aimed at enhancing cloud data protection and recovery. Mirchandani also introduced the concept of “Continuous Business,” highlighting its distinction from traditional business continuity by emphasizing ongoing readiness and adaptability in a dynamic digital landscape.

Read More: Shifting to Cloud-First Cyber Resilience with Commvault

Gestalt IT Live Blog: Commvault Shift 2024 Live Blog

As we discussed on the September 25th episode of The Rundown, Commvault announced the acquisition of Clumio. This integration, which will launch later this year, aims to accelerate Commvault’s vision of a resilient, cloud-first enterprise by leveraging Clumio’s expertise in AWS to bolster cyber recovery and resilience for customers and partners.

Read More: Commvault Acquires Clumio and Extends Cloud Resilience Capabilities on AWS

Commvault announced significant updates including full availability of its Commvault Cloud platform on AWS, support for Google Workspace protection, and a partnership with Pure Storage to help financial customers comply with the EU’s Digital Operational Resilience Act (DORA), which comes into effect in January 2025. The new offerings, such as Cloud Rewind and the Cyber Resilience Dashboard, aim to enhance cyber resilience by enabling rapid recovery from cyber incidents while ensuring that applications and data are restored efficiently and securely across multiple cloud environments.

Read More: Commvault expands cloud and cyber resilience solutions, including Cloud Rewind

38:51 – The Weeks Ahead

Security Field Day 12 – October 16 – 17

Cloud Field Day 21 – October 23 – 24

Networking Field Day 36 – November 6 – 7

Gestalt IT and Tech Field Day are now part of The Futurum Group.

The Gestalt IT Rundown is your look at the IT news of the week. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.

#AgenticAI #CommvaultShift #Rundown #Accenture #AMD #AShimmy #Cisco #Commvault #CTERA #GarethEdwards86 #GestaltIT #Nvidia #RubrikInc #SFoskett #TechFieldDay #TechstrongTV #TheFuturumGroup #TheSixFiveMedia

https://wp.me/p4YpUP-mJF

Qiskit and IBM’s New Quantum Innovations | The Gestalt IT Rundown: September 25, 2024

https://youtu.be/MZfZa_jF5q8

We’re happy to have Dr. Bob Sutor joining us this week on the Rundown, since he covers quantum and advanced computing for The Futurum Group. IBM made two important announcements in the quantum space this week. The first announcement was Qiskit, a quantum SDK that runs on Python for quantum computers. This promises to bring quantum compute to a more mainstream audience and converting the underlying code to Rust. This solution is much faster than competing solutions from Google, Amazon, and Quantinuuum. IBM is also putting together an app store for quantum applications and runtime functions, including from third-party developers. This matches the moves that we have seen in areas like cloud and AI, and serves to push IBM as the leader in quantum computing. This and more on The Rundown.

Apple Podcasts | Spotify | Overcast | Amazon Music | Audio | YouTube

1:57 – Qualcomm to Buy Intel?

Qualcomm is exploring a potential acquisition of Intel, a move that could strengthen both companies and enhance U.S. leadership in the chip industry, despite potential antitrust review. Intel, under CEO Pat Gelsinger, is pursuing strategic changes to boost its competitive edge, including expanding its manufacturing capabilities and investing in next-generation technologies. A successful deal would significantly broaden Qualcomm’s portfolio and position both companies for growth in the rapidly evolving AI and semiconductor markets.

Read More: Qualcomm Approached Intel About a Takeover in Recent Days

4:11 – Kioxia No Longer Planning IPO

Kioxia has postponed its planned IPO, which we discussed on the August 28 show, due to challenges in achieving its target valuation amid a broader market downturn. Despite recent improvements in memory chip prices, the company has been impacted by a slump in the chip market, which they had already previously delayed its IPO in 2020. Kioxia, with a 14% share in the flash memory market, remains focused on listing when market conditions improve.

Read More: Exclusive: Bain-backed chipmaker Kioxia scraps October IPO plan, sources say

6:42 – Announcements from Dreamforce

At its Dreamforce conference, Salesforce introduced Agentforce, a suite of AI-powered agents designed to streamline app development and improve customer experiences across industries. The platform’s low-code AI tools, new partnerships, and enhanced AI models aim to drive adoption of these autonomous agents, helping businesses automate tasks and unlock the full potential of their data. By integrating AI more deeply across its ecosystem, Salesforce seeks to differentiate its offering and support customers in modernizing operations and achieving higher ROI through scalable AI solutions. For more on this, let’s turn it over to The Futurum Group’s Keith Kirkpatrick who was at the event.

Read More: Dreamforce Announcements Focus on AI, Agentforce, and Cloud Enhancements

16:32 – Commvault Buys Clumio

Commvault just announced its acquisition of Clumio, an AWS data protection specialist we’ve previously discussed here on the Rundown. The acquisition enhances Commvault’s cyber resilience capabilities for cloud-native applications and allows the company to leverage Clumio’s innovations, including rapid access to Amazon S3 data during critical recovery operations, expanding its offerings for AWS-based businesses. Clumio’s expertise in protecting complex data sets will now reach a global scale through Commvault’s platform.

Read More: Commvault Accelerates Cyber Resilience Capabilities for AWS with Acquisition of Clumio

20:07 – CISA Wants to Say Ciao to Ivanti EOL Units

In a very telling move, CISA has made a statement telling customers to move off of Ivanti Cloud Services Appliance 4.6. The notice comes as yet another security update has been released and Ivanti is not porting it to versions prior to 5.0. The CISA has been very up front about exploits this year and Ivanti is no stranger to having issues with their underlying code quality.

Read More: Ivanti Releases Security Update for Cloud Services Appliance

22:47 – Veeam Acquires Alcion

Veeam announced today that they are acquiring Alcion. Alcion has focused on SaaS backups since being founded back in 2022. Veeam had led an investment round for Alcion in 2023 and Veeam had also acquired Kasten, which was the startup that had been founded previously by Alcion founders. In addition to the acquisition, Niraj Tolia will move into the vacant CTO role at Veeam to help guide the integration between all the products.

Read More: Veeam, the #1 Data Resilience Company, Appoints Niraj Tolia as Chief Technology Officer to Accelerate Innovation of Data Resilience as a Service

25:29 – Qiskit and IBM’s New Quantum Innovations

We’re happy to have Dr. Bob Sutor joining us this week on the Rundown, since he covers quantum and advanced computing for The Futurum Group. IBM made two important announcements in the quantum space this week. The first announcement was Qiskit, a quantum SDK that runs on Python for quantum computers. This promises to bring quantum compute to a more mainstream audience and converting the underlying code to Rust. This solution is much faster than competing solutions from Google, Amazon, and Quantinuuum. IBM is also putting togetther an app store for quantum applications and runtime functions, including from third-party developers. This matches the moves that we have seen in areas like cloud and AI, and serves to push IBM as the leader in quantum computing.

Read More: Quantum in Context: IBM Qiskit Boosts Software Development Speed

Read More: Microsoft unveils new quantum computing hybrid solution in Azure

34:27 – The Weeks Ahead

Networking Field Day Exclusive with Nokia – September 24

AI Data Infrastructure Field Day 1 – October 2 – 3

Commvault Shift – October 8 – 9

Security Field Day 12 – October 16 – 17

Cloud Field Day 21 – October 23 – 24

Gestalt IT and Tech Field Day are now part of The Futurum Group.

The Gestalt IT Rundown is your look at the IT news of the week. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.

#Dreamforce #Qiskit #QuantumComputing #Rundown #1 #Alcion #Clumio #Commvault #GestaltIT #IBM #Intel #IntelBusiness #Qualcomm #Salesforce #SFoskett #TechFieldDay #TheFuturumGroup #Veeam

https://wp.me/p4YpUP-mDQ