Veeam Urges Updates After Discovering Critical Vulnerability

December 4, 2024 at 03:54PM Veeam has released an update to fix a critical vulnerability (CVE-2024-42448, CVSS 9.9) in its Service Provider Console (VSPC), which could enable remote code execution. A secondary vulnerability (CVE-2024-42449, CVSS 7.1) could leak sensitive data. Users are urged to update to the latest patch, as no mitigations exist. **Meeting Takeaways: … Read more

Veeam Warns of Critical Vulnerability in Service Provider Console

December 4, 2024 at 01:38PM Veeam released patches for two vulnerabilities in its Service Provider Console, including a critical remote code execution flaw (CVE-2024-42448) with a CVSS score of 9.9. Service providers are urged to update to version 8.1.0.21999. The second flaw (CVE-2024-42449) allows potential data leaks and file deletion. ### Meeting Takeaways 1. **Vulnerabilities … Read more

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

December 4, 2024 at 12:45AM Veeam released security updates for a critical vulnerability (CVE-2024-42448) in its Service Provider Console, which allows remote code execution. Another vulnerability (CVE-2024-42449) poses risks of NTLM hash leakage and file deletion. Users must upgrade to version 8.1.0.21999 to mitigate risks as there are no alternative fixes. **Meeting Takeaways – December … Read more

Veeam warns of critical RCE bug in Service Provider Console

December 3, 2024 at 01:14PM Veeam has issued security updates for two critical vulnerabilities in its Service Provider Console (VSPC), including a high-severity remote code execution flaw (CVE-2024-42448). Users of VSPC versions 7 and 8 are urged to upgrade to the latest patch to prevent exploitation, which has already been linked to ransomware attacks. ### … Read more

Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands

November 11, 2024 at 07:02AM Veeam has issued a hotfix for a critical authentication bypass vulnerability in Backup Enterprise Manager, addressing an expanding exploitation of the previous flaw. This update aims to enhance security and protect users from potential risks associated with the vulnerability. ### Meeting Notes Summary: – **Topic**: Veeam Hotfix Release – **Issue**: … Read more

Critical Veeam RCE bug now used in Frag ransomware attacks

November 8, 2024 at 03:28PM A critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication has been exploited in multiple ransomware attacks, including Frag. Discovered by Code White, the flaw allows remote code execution. Delays in revealing exploit details were intended to protect users, but previous attacks showed little impact, highlighting Veeam’s popularity among threat actors. … Read more

Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

October 14, 2024 at 05:00AM Threat actors are exploiting a critical vulnerability in Veeam Backup & Replication (CVE-2024-40711) to deploy Akira and Fog ransomware, leveraging compromised VPN credentials. Sophos warns of successful attacks via unprotected systems. In parallel, new ransomware variants like Lynx and Trinity are emerging, highlighting increasing cybersecurity threats across sectors. ### Meeting … Read more

Akira and Fog ransomware now exploit critical Veeam RCE flaw

October 10, 2024 at 06:10PM Ransomware gangs are exploiting a critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication servers, allowing remote code execution. Disclosed on September 4 with updates, attackers used compromised VPNs to deploy Akira and Fog ransomware. Veeam has a history of vulnerabilities attracting such malicious activity, impacting many global organizations. **Meeting Takeaways:** … Read more

1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam

September 19, 2024 at 04:10PM A researcher has released a proof-of-concept exploit and analysis for CVE-2024-40711, a critical vulnerability in Veeam’s backup software. The flaw, with a CVSS score of 9.8, allows unauthenticated remote code execution. Veeam has released patches, but there are concerns about their effectiveness. Enterprises are urged to apply the latest patch … Read more

Veeam Patches Critical Vulnerabilities in Enterprise Products

September 6, 2024 at 08:00AM Veeam announced patches for critical-severity bugs this week, impacting its enterprise products. The vulnerabilities could lead to remote code execution and sensitive information disclosure. The flaws affect various Veeam solutions including Backup & Replication, Veeam ONE, Service Provider Console, Veeam Agent for Linux, and other plugins. Users are advised to … Read more