Archive for June, 2022

Macmillan Pwned In Ransomware Attack

Posted in Commentary with tags on June 30, 2022 by itnerd

Macmillan, one of the largest book publishers in the US, have been hit by a ransomware attack causing book retailers nationwide the inability to place new orders from the publisher. The company first reported the incident Monday, noting that to prevent further damages to its network, it had taken its systems offline.

Darren Williams, CEO and Founder of BlackFog offered this perspective:

  “Taking systems offline post attack is a reassuring and necessary response to a ransomware attack such as this one against Macmillan, but as ever, prevention is better than cure. 

Organisations need effective, modern protective security measures in place to prevent attacks. A common challenge with traditional defensive approaches to cybersecurity is that they require too much time to adequately protect organisations from these types of attacks, and often lead to a reliance on post-attack measures such as taking systems offline.

Instead of waiting for an attack to happen and then responding, organisations should be focusKevin​,ed on newer technologies that prevent the exfiltration of data from the device, effectively stopping the attacker in their tracks. By looking at the mechanism of action across various ransomware gangs it is possible to stop these attacks at many stages of the attack life cycle and prevent a full blown incident such as the one against Macmillan.”

Hopefully they are able to get things sorted soon. Though I think it is safe to say that their long weekend is ruined.

External Exposure Was The Root Cause Of 82% Of Incidents

Posted in Commentary with tags on June 30, 2022 by itnerd

According to a new report from Tetra Defense, the Root Point of Compromise (RPOC) for attacks against U.S. companies was external exposure.  Patchable and preventable external vulnerabilities were found to be responsible for the bulk of attacks:

In Q1 2022, the vast majority — 82% — of total incidents happened through external exposure of either a known vulnerability on the victim’s network or a Remote Desktop Protocol (RDP). Taking a deeper look into these external exposures, they are classified in two ways:

1. External Vulnerabilities” which could have been mitigated through publicly available security patches and software updates. In these instances, a threat actor utilized a known vulnerability to gain access to the network before the internal organization was able to patch the system. In Q1 57% of total incidents were caused by the exploitation of external vulnerabilities.

2. “Risky External Exposures” which are IT practices such as leaving a Remote Desktop Protocol (RDP) port open to the public internet. These behaviors are considered “risky” because the mitigation relies on an organization’s continued security vigilance and willingness to enforce consistent standards over long periods of time. In Q1, 25% of total incidents Tetra Defense handled were caused by risky external exposures.

That’s not good at all. Mark Bower, VP of Product Management of Anjuna Security had this comment:

     “The report once again highlights the simple fact that in an ideal world, enterprises would patch and monitor untrusted compute and networks to keep data safe from leakage, but in truth it’s impossible to continuously down tools and close all risk gaps that affect modern business success. Vulnerabilities exist because they are discovered – but until that point, they are also exploitable holes in systems or processes. However, modern computing today is beginning to provide fresh new approaches to address risks like this, and we will start to see that at scale and in short order with compute ecosystems that shrink attack surfaces inherently for data at rest, in motion and in use.”

Hopefully enterprises of all sizes read this report and take action to secure themselves. Otherwise, they are prime targets for threat actors who are out to make them the next headline.

UPDATE: Aimei Wei, CTO and Co-founder of Stellar Cyber adds this:

     “External vulnerabilities and risky external exposures accounted for 82% of the incidents responded by Tetra Defense in Q1 2022. This highlights the critical need for having a threat detection and response system that continuously detect the vulnerabilities and exposed risks (such as RDP port open to the public) and respond automatically. Patching definitely pays off for known vulnerabilities. It greatly reduces the attack surface. However, it is hard to guarantee that the patch is always immediately available for the software version you are using and can be applied in time. Organization’s continued security vigilance and enforcement of standards can dramatically reduce the chances for exploitation from exposed risks. However, the exposed risk, even for a short period of time, may still be exploited. Having a detection and response system that can continuously monitor the environment, detect the exploitation and stops the attack from progression to an incident covers the cases missed by not in-time patch or not consistent enforcement or short period of time for exposed risks.”

App Data Could Be Used To Prosecute Women Under Anti-Abortion Laws

Posted in Commentary with tags on June 30, 2022 by itnerd

In the wake of the US Supreme Court overturning reproductive rights, there is now a legitimate concern that prosecutors getting access to data from period tracking apps and other apps like search engines and text messages is a real possibility. Under some state legislation, it could even be illegal to send a text message offering help or support. Via CNN:

A wave of new legislation taking aim at abortion rights across the country is raising concerns about the potential use of personal data to punish people who seek information about or access to abortion services online.

In some of the most restrictive states, digital rights experts warn that people’s search histories, location data, messages and other digital information could be used by law enforcement agencies investigating or prosecuting abortion-related cases.

Concerns about the digital privacy implications of abortion restrictions come amid a movement by Republican-controlled states, including Georgia, Texas, Mississippi and Oklahoma, in recent years to pass laws severely curtailing access to the service. And they take on additional significance following the leak Monday of the Supreme Court draft opinion that would overturn Roe v. Wade, which guarantees a person’s Constitutional right to terminate a pregnancy before viability (usually around 24 weeks). Overturning the landmark 1973 court ruling would transform the landscape of reproductive health in America, leaving abortion policy up to individual states and potentially paving the way for more than 20 states to pass new laws restricting abortions.

That story from CNN was published before The US Supreme Court struck down reproductive rights. Now in the wake of that decision, states are moving ahead with this sort of legislation. That has led Democrats to pursue legislation to provide legal protection for the privacy of this data. But in the here and now, the risk is still very real. Jake Williams, Executive Director of Threat Intelligence, SCYTHE provides this view and advice:

Search providers are required to comply with subpoenas from law enforcement when the search results themselves are evidence of a crime. Given the rapidly changing laws around access to abortion, searches for abortion and abortion related topics can be risky. While some have recommend searching using private browsing (or Incognito mode), these searches are still tied to your IP address. Ownership or use of the IP can be revealed through your ISP or mobile provider. You should ideally use a VPN when searching for legally ambiguous topics. Some past subpoenas have relied on geofencing to locate mobile phone subscribers within a particular area. It is also conceivable that this technique will be used to identify those who have traveled to a specific location where abortion or abortion related services are offered.

This is a troubling time for American women as things have moved into a place that is more akin to the Margret Atwood novel “The Handmaid’s Tale“. Thus it makes sense that anyone in this position take reasonable precautions to ensure their safety.

Weak Keys and Outdated Machine Identity Management Undermine TLSv1.3 Adoption: Venafi

Posted in Commentary with tags on June 30, 2022 by itnerd

Venafi, the inventor and leading provider of machine identity management, today announced the findings of a new crawler report from security researcher and TLS expert, Scott Helme. The report, which Venafi sponsored, evaluates the use of encryption across the world’s top one million sites over the last six months and reveals the need for a control plane to automate the management of machine identities in increasingly complex cloud environments.

The research suggests that while progress has been made in some areas, more education is needed to ensure that machine identities are used in the most effective way to protect our online world: 

  • Use of TLSv1.2 has declined by 13% over the last six months, with v1.3 in use by almost 50% of sites — more than twice as many sites as v1.2. The adoption of v1.3 is being driven by widespread digital transformation. initiatives, cloud migration and new cloud native stacks that default to v1.3.
  • Even though organizations are adopting stronger TLS protocols, they are failing to couple this with a move to stronger keys for TLS machine identities.
  • Industry-standard ECDSA keys are now used by just 17% of websites — up from 14% six months ago. Slower, less secure RSA keys are still used by 39% of the top one million websites.
  • Growth in the adoption of HTTPS has plateaued at 72% — the same level as in December.

Let’s Encrypt continues to be the Certificate Authority (CA) of choice for the top one million, but Cloudflare is making up ground. This uptake seems to be the driving force behind TLS v1.3 adoption, with 50% of the websites deploying v1.3 doing so through Cloudflare. The decline in use of Extended Validation (EV) certificates has also continued, with a 16% decrease in the past six months, following changes from browser makers that dramatically reduced the value of EV certificates to website owners. 

There is some good news in this analysis. The data suggests that organizations are taking more steps to manage their machine identity environments. Since December, there has also been a 13% increase in the number of sites making use of Certificate Authority authorization (CAA), which enables companies to create a list of approved CAs that can be used within their organizations. The adoption of this control is a positive sign that organizations seem aware of the importance of machine identities in overall security and are showing increased vigilance in the ways in which they manage them.

For more information on the report please visit the blog.

Review: MorfCraftStudio Airpods Pro Leather Case

Posted in Products on June 30, 2022 by itnerd

Followers of my Twitter account might have seen me take a few pictures of all the red tech items that my wife owns:

However she recently got a set of AirPods Pro and I wanted to give them the same red treatment. But I wanted to do something different that I wouldn’t get roasted over she would appreciate. So after some looking around, I came across an Etsy seller called MorfCraftStudio which sells a leather AirPods Pro case that you can get in many colours and even customize. I got it red (no shock there) and put my wife’s name on it:

The outside is leather and you can actually smell it. It feels like a quality product and appears to be put together well. The inside of the case is crafted from high-impact resistant plastic so that if you drop it, the AirPod Pros and the case will be safe. You can see a ring to allow you to put a carabiner or keyring on it.

The inside of the top half of the case has adhesive that allows you to stick it to your AirPods Pro Case.

The bottom half is friction fit to the AirPods Pro case. And I can say it isn’t coming off easily when you slide it off. You can also see the hole for the Lightning cable that charges the AirPods Pro.

You can also see that the indicator light for the AirPods Pro is still visible.

The bottom line is that this is a well designed product. Clearly a lot of effort went into making this. Installation took a couple of minutes at most and the net result is that you have an AirPods Pro case that feels good in the hands and looks unique. And that look will likely get even more unique as it will patina over time. I will note that the corners do not line up perfectly because it’s leather and handmade. But that is an extremely minor grip for a product that I have no issues recommending to you.

Pricing starts at $26.59 USD (though these are currently on sale for 30% off as I type this). Add engraving and the price jumps $39.86 USD (again these are currently on sale for 30%). And there’s shipping on top of that. But given the quality of this case, I think it is well worth the price.

Three New And Dangerous Versions Of A Norton Billing #Scam Are Making The Rounds…. Let Me Tell You About Them [UPDATED]

Posted in Commentary with tags , on June 29, 2022 by itnerd

In the last few days I have become aware of three versions of a scam involving Norton products that you need to be aware of. All of them have the same theme. You’ve renewed your subscription for some Norton product and if you need further information or you want to dispute it, it provides a number to call. It will look something like this:

Now I took out the email header to preserve my client’s privacy, but there are three things that you should be aware if. The most important thing to be aware of is if you do not have an active subscription to a Norton product, do not call the number in the email. Beyond that, if you look at who sent it, you’ll likely see that it was sent from an email account other than That’s a big hint that this is a scam. The third thing that you should note is if you look at the quality of the English used in the email, it’s poor. And on top of that it creates a sense of urgency to get you to call the number. Which you should not do. In short, this is likely a phishing attempt to get your credit card details at the very least. Or further to that, create the conditions to access your computer to do who knows what to it.

The second version of this scam is something that I came across over the weekend when a older couple phoned me in a panic after getting an email with a PDF attached that looked like this:

Now I suspect that the scammers behind this one have moved to using a PDF because it is less likely to be picked up by an ISP’s spam filter. But other than that, it’s the same scam. And in the case of this older couple, it almost cost them $13,000 Canadian and caused them all sorts of grief when the scammer got hostile with them. I am working on a write up about this and that will be out in the coming days. But I will say that this illustrates how dangerous these sorts of scams can be.

The final version of this scam is extremely dangerous. Let’s start with the email that you will get:

You’ll note that like the second scam, you’ll get an email with an attachment. In this case an ISO file which is a disk image file that is commonly used to burn CD, DVDs or act as a container for software. It’s the latter that the scammer is using this for because if you open the ISO file (which by the way I absolutely do not recommend that you do), you will see this:

The first file that ends in .DLL is something that should set off alarm bells. Further investigation on my part shows that this is designed to deliver a virus payload to a Windows computer. And what sort of payload is it? Well, I will get to that in a moment. But let me get to the part about what happens when you use VirusTotal which is a website that analyze suspicious files, domains, IPs and URLs to detect malware and other breaches and automatically share them with the security community:

In this case, the payload was only detected by 6 of 66 virus scanners. Which is bad as that implies that this virus payload is ether new or new and improved. I am guessing the latter, but in either case, this underlines why you should never, ever click on anything in a suspicious email.

But what is the payload? This based on this write up suggests that this is a trojan that in short is designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. The data is then transmitted to the malicious user controlling the Trojan. But because I could not identify the exact trojan in use here, it may do other things that are even more dangerous.

The other thing that I will note is that there’s a phone number in the email. That suggest to me that the the person behind this will also act in the same manner as the first two Norton scams. Something that I briefly looked into by phoning the number and getting a supposed employee of Norton with an Indian accent.

That covers these Norton billing scams that you should be aware of. In the coming days, I will be doing a write up about the second scam in detail so that you can see what the scumbags behind these scams will do to you if you fall for these scams. And I will also be doing a more detailed investigation of the third scam to see if I can get any additional details that I will share with you in hopes of keeping you safe. So stay tuned for all of that. But in the meantime, be careful out there folks.

UPDATE: Well, investigating the third scam didn’t last long.

I phoned the number that was listed in the third scam (which for the record you should never ever do) using a phone that doesn’t allow the caller ID to be shown at their end and the phone was answered by someone with an Indian accent claiming to be working for the “Norton LifeLock Cancellation Department”. I then pretended to be someone who had gotten the email and asked the guy why I have got charged. He then proceeded to try and supposedly help me to cancel the subscription to Norton LifeLock which of course I didn’t have a subscription to said product. I guess it was at that point he noticed that I was calling from a blocked number and hung up the phone. I tried two more times and got two more people with Indian accents and got the same results. I am guessing that their playbook involves grabbing the phone number so that they can call back if they have to, or to use it to perpetrate future scams, or both. I am also guessing that if they see that the number is blocked, they see it as a threat and they hang up the phone.

So my take away is that they don’t get you with the virus, they’re going to get you if you call the number. Thus don’t fall into either of those traps by not opening any attachment that you get in any email that might be suspicious, or phoning any number that is associated with an email like this.

Go on an epic adventure with Netflix’s “The Sea Beast”

Posted in Commentary with tags on June 29, 2022 by itnerd

Craving a different type of drive this summer? Go on a high-seas adventure without stepping off land. Activate Waze’s latest driving experience, inspired by Netflix’s newest movie, “The Sea Beast.” (Check out the trailer and the film on Netflix July 8.)

Starting today, you’ll meet the dynamic duo of Maisie, a precocious stowaway, and Blue, a little beast with a huge mischief streak, and revel in the unlikely comedy of their friendship as they help you navigate every turn you take on Waze. And don’t worry: Maisie will help translate Blue’s sounds for you. You’ll also get to know some other Beasts that they find on their journey when you choose between three new Moods: Blue, Red and Yellow. Don’t forget to swap your vehicle for a Lifeboat, to get into the true adventurer’s spirit.

With Sea Beast Mode activated, get ready to explore the world together, on a journey full of surprise, wonder and funny banter — because where the map ends, the adventure begins.

If you’re interested in seeing the magic in real life, Netflix is hosting a series of experiences across the U.S. at aquariums, museums and more to celebrate the launch of The Sea Beast.

For a drive that takes you to the seas, visit Waze or click “My Waze” in your Waze app and tap the “Turn on Sea Beast Mode” banner to activate. It’s available globally, in English, for a limited time.

The Nikon Z 30 And NIKKOR Z 400MM f/4.5 VR S Super-telephoto Prime Lens for the Nikon Z Mount System Announced

Posted in Commentary with tags on June 29, 2022 by itnerd

Nikon’s newest Z 30 mirrorless camera is designed specifically for video content creators, vloggers and streamers. This small, lightweight, feature-packed camera applies Nikon’s expertise in all things imaging, giving creators the ability to easily produce the kind of video content that gets noticed. 

With the Nikon Z 30, it’s simple to consistently create professional-looking 4K UHD video to get the look you want, with sharp focus, beautiful blurred backgrounds and appealing audio- all on the first take. Swivel front-facing LCD and REC lamp? Got it. Mic input? Better low light performance? Of course. Even though it’s got an affordable price and simple controls, the Z 30 is packed with more advanced features that level up with you, helping to take your content and your channel further. 

Creator-Centric Features That Make Sense:

  • Front-facing Vari-Angle touchscreen-LCD lets you see yourself in the scene as you compose your shots, confirm the frame, adjust focus and make sure you are always camera-ready. The bright 3.0 inch high-res screen will also feel familiar with the ability to swipe, pinch and zoom through playback and menus, while it also tilts to easily frame unique angles from below the hip or from above. 
  • The Nikon Z 30 and NIKKOR Z lenses help you create soft, blurred backgrounds that are a hallmark of higher quality content. The main subject remains sharp, in order to draw your viewer’s attention toward you or anything you want them to see, whether it’s a face or prominent product shot.
  • Reliably fast and sharp autofocus keeps you in focus, precisely following as you move around the scene, with the added benefit of Eye Detection AF. 
  • REC lamp acts as a tally light, illuminating on the front of the camera to confirm recording and peace of mind. 
  • Higher quality audio enhances your content thanks to a built-in stereo microphone, plus an additional input for using a more powerful external stereo or directional microphone.
  • Get it all in one take with more than two hours (125 minutes) of recording time, which is ideal for longer videos such as an extensive DIY.
  • Superior low light performance gives you the freedom to shoot indoors, when it’s cloudy or at night, for clear and sharp video, with minimal noise and fast focus. Even in low light, the full-time focus will continuously track you while walking with the screen in self-portrait mode. The ISO range goes up to 25600 for video and 51200 for photos, enabling sharp rendering of details and textures in lower light.
  • Sharp video quality at up to 4K 30P UHD with plenty of room to punch in, or Full HD up to 120P to easily create dramatic slow-motion. What you see is what you get, as the Z 30 captures 4K with no additional crop so you don’t lose any of your frame. 
  • Get the look you want with the Picture Control Auto function, which adjusts the video settings according to the scene.  There are also 20 different types of Creative Picture Controls to add creative flair to video, and eliminate the need for extra colour grading. 
  • Using Nikon’s precise colour profiling, scenes and skin tones are reproduced naturally and accurately straight out of camera, with a genuinely inviting vibe that’s never cold or clinical. 
  • Record on widely available SD cards, which come in a variety of large sizes. 
  • Keep the camera running using an external USB-C power source, a great feature that can eliminate the need to swap batteries during a shoot. The camera works with Nikon’s free Webcam Utility streaming software to integrate for streaming or web conferences.
  • Minimalist, lightweight design that is easy to carry and vlog with. This is the smallest and lightest Z series mirrorless camera ever made. The form factor and weight is made for content creation, vlogging and streaming. It’s balanced and comfortable to hold for long periods of time and small enough to pack. Simple dials give you complete control of settings like aperture and shutter speed for a desired effect. 
  • Always connected to your phone (iOS or Android) for easy automatic transfer of images using the free Nikon SnapBridge App. If your workflow is editing and posting from your phone, you can also connect to wirelessly send videos from the Z 30 to your device. Using the app, you can also use your phone as a remote control to start and stop your recording, when you are in front of the camera. 

Superb Still-Camera Features

Create better thumbnails and cross-promote posts for your other channels that drive to your video content using the Z 30. The 20 megapixel APS-C /DX-format CMOS sensor captures super-sharp and high-res still images, in any kind of light. Whether you’re shooting a once in a lifetime landscape shot, a cooking close up , the Milky Way at midnight or a gorgeous portrait, users have the option to use fully automatic modes or get creative with advanced settings. The Z 30 is also incredibly fast, with the ability to capture people and pets at up to 11 fps3. What’s more, if you love what you’re seeing in the LCD, you can even snap a selfie while recording video. 

Creativity Has No Limits with NIKKOR Z Lenses

The Z 30 is an interchangeable lens mirrorless camera that opens up an exciting world of possibilities with a wide array of NIKKOR Z lenses, from super–wide lenses for interiors, small spaces and landscapes, incredibly close macro for tiny details on products, or far away action with a telephoto lens. NIKKOR Z glass is specially designed to address the needs of video creators with silent operation, and by minimizing the breathing effect during focusing, while delivering gorgeously rendered colours for a true-to-life experience. Creators can choose a growing collection of more than 30 NIKKOR Z lenses, including:

  • NIKKOR Z DX 16-50mm f/3.5-6.3 VR Lens (included in all Z 30 kits, except when body is sold separately): The Z 30 comes with this extremely small yet versatile zoom lens, that’s great for wide angles, especially when talking directly to the camera. It also features built-in VR (vibration reduction) image stabilization to help create smooth footage and sharp images, even when handheld. 
  • NIKKOR Z DX 50-250mm f/4.5-6.3 VR Lens: Lightweight long zoom lens option with built-in VR that’s great for shots that require extra reach, such as sports and animals. 
  • NIKKOR Z 40mm f/2 and 28mm f/2.8: Super-compact “walk-around” primes that are perfect for flattering portraits, casual shooting, travel and discrete street snaps.
  • NIKKOR Z MC 50mm f/2.8: A fantastic macro lens lets you get closer to the things you love to get all of the details. Great for food shots, product shots, nature images and more. 

Pricing and Availability

The new Nikon Z 30 will be available in mid-July 2022 in a variety of kit configurations: As a body only for a Manufacturer’s Suggested Retail Price (MSRP) of $879.95, or with a NIKKOR Z DX 16-50mm f/3.5-6.3 lens for $1,049.95 MSRP.  Nikon will also offer a Creators Accessory Kit for $149.95 MSRP, which will include a SmallRig Tripod Grip, the ML-L7 bluetooth remote control, plus the Rode VideoMicro Microphone.  A hot shoe-mounted Wind Muff for the built-in microphone will also be available for $14.95 MSRP. 

For more information about the latest Nikon products, including other NIKKOR Z lenses and the entire collection of Z series cameras, please visit

Guest Post: Pregnancy and period tracking apps corrupt women’s privacy, Atlas VPN study reveals

Posted in Commentary with tags on June 29, 2022 by itnerd

The Roe v. Wade overturn destroyed 50 years of progress in women’s rights to privacy and the ability to choose for themselves.

According to the data collected by the Atlas VPN team, apps dedicated to women’s health, like pregnancy or period trackers, heavily collect sensitive data and share it with third parties. After the Supreme Court in the US overturned Roe v. Wade, information gathered from these apps could be used as evidence for getting an abortion.

A few most popular women’s health apps stand out when looking at trackers. Pregnancy App & Baby Tracker (Babycenter) has 15 trackers on their Android and 20 trackers on iOS applications.

Pregnancy Tracker & baby app WTE has 7 and 22 trackers on its Android and iOS versions, respectively.

Flo Period tracker & calendar app seems to have 2 trackers, the least among Android apps. At the same time, the MeetYou Period Tracker application has 3, the least amount of trackers among women’s health apps on iOS devices.

Permissions spy on your data

Permissions help the user regulate and control which system and device functions the application can access.

MeetYou Period Tracker has 36 permissions on their Android app, 8 of which could be considered dangerous. The iOS application requires 7 permissions, giving access to data that can be used to track you.

Pregnancy Tracker & baby app WTE on Android devices has 19 permissions (3 dangerous), meanwhile, the iOS version has 9. The least amount of permissions on Android and iOS devices can be found in the Spot on period tracker, 7 and 4, respectively.

During our research, we found some apps that even ask for permissions to access your search history and contact information, like your name and email address. Later on, this data could be sold to third-party services and used against women who are considering getting an abortion.

To read the full article, head over to:

Commvault and Oracle Partner to Deliver Metallic Data Management as a Service on Oracle Cloud Infrastructure

Posted in Commentary with tags on June 29, 2022 by itnerd

Commvault, a global enterprise leader in intelligent data services across on-premises, cloud, and SaaS environments, has expanded its strategic partnership with Oracle to include Metallic DMaaS on Oracle Cloud. As part of Commvault’s multi-cloud strategy, Metallic’s industry-leading services will be offered on Oracle Cloud Infrastructure (OCI) and available in all commercial OCI regions globally. 

Metallic and OCI will deliver superior price-performance, built-in enhanced security, and simplified recovery and management for enterprise customers looking to accelerate their OCI transition. Leveraging OCI Storage for advanced air-gapped ransomware protection, Oracle customers can now protect critical data assets in the cloud or on-premises by maintaining flexibility across customer-managed storage or a SaaS-delivered data protection service, inclusive of managed cloud storage. 

In the fight against ransomware and cyberattacks, Metallic DMaaS helps protect data from corruption, unauthorized access, and other threats across vital sectors of business, including insurance, financial services, manufacturing, and defence. With Metallic DMaaS, customers can easily back up their digital footprint in any consumption model, from cloud-native to on-premises workloads, including databases, virtual machines, Kubernetes, and file and object storage. 

By adding support for protecting OCI workloads and writing to OCI Storage, Metallic’s data protection now spans OCI VMs; Oracle Databases; and Oracle Container Engine. Additionally, Oracle Linux is available to over 400,000 Oracle enterprise customers and the more than 100,000 customers who have relied on Commvault technology and are looking to leverage Oracle Cloud Infrastructure to protect their mission-critical data. As a member of the Oracle PartnerNetwork, Commvault will jointly market and sell Metallic DMaaS with Oracle in an alliance that will accelerate Metallic’s global expansion efforts. Metallic DMaaS is available in the Oracle Cloud Marketplace.

To learn more about Metallic DMaaS on Oracle Cloud, please visit