October 14, 2024 at 05:00AM Threat actors are exploiting a critical vulnerability in Veeam Backup & Replication (CVE-2024-40711) to deploy Akira and Fog ransomware, leveraging compromised VPN credentials. Sophos warns of successful attacks via unprotected systems. In parallel, new ransomware variants like Lynx and Trinity are emerging, highlighting increasing cybersecurity threats across sectors. ### Meeting … Read more
October 10, 2024 at 06:10PM Ransomware gangs are exploiting a critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication servers, allowing remote code execution. Disclosed on September 4 with updates, attackers used compromised VPNs to deploy Akira and Fog ransomware. Veeam has a history of vulnerabilities attracting such malicious activity, impacting many global organizations. **Meeting Takeaways:** … Read more
September 19, 2024 at 04:10PM A researcher has released a proof-of-concept exploit and analysis for CVE-2024-40711, a critical vulnerability in Veeam’s backup software. The flaw, with a CVSS score of 9.8, allows unauthenticated remote code execution. Veeam has released patches, but there are concerns about their effectiveness. Enterprises are urged to apply the latest patch … Read more
September 6, 2024 at 08:00AM Veeam announced patches for critical-severity bugs this week, impacting its enterprise products. The vulnerabilities could lead to remote code execution and sensitive information disclosure. The flaws affect various Veeam solutions including Backup & Replication, Veeam ONE, Service Provider Console, Veeam Agent for Linux, and other plugins. Users are advised to … Read more
July 10, 2024 at 10:33AM Veeam Backup & Replication software contains a patched security flaw being exploited by the ransomware group EstateRansomware. The threat actors used a dormant account to gain initial access, pivoting laterally through the SSL VPN service. They deployed a persistent backdoor to evade detection and carried out attacks, including disabling Windows … Read more
June 7, 2024 at 05:00AM The FBI has 7,000 decryption keys for LockBit ransomware, aiming to help victims. The gang’s infrastructure was dismantled in an international operation, and its administrator, Dmitry Yuryevich Khoroshev, was identified. Despite this, LockBit remains active, with new variants targeting vulnerable Microsoft SQL servers and VMware ESXi systems. Organizations are warned … Read more
May 23, 2024 at 10:41AM Veeam addressed a critical vulnerability in its Backup Enterprise Manager, CVE-2024-29849, which could allow unauthorized access to the VBEM web interface. Although attackers could log in as any user, Veeam confirmed that the flaw wouldn’t lead to backups being deleted due to the immutable backups and authorization measures. Customers are … Read more
May 22, 2024 at 09:03AM Veeam released a Backup & Replication update addressing four vulnerabilities, including a critical Backup Enterprise Manager bug allowing unauthenticated access. The update also resolves high-severity issues related to NTLM relay attacks and stealing NTLM hash. Users are advised to update installations due to potential exploitation by threat actors. Based on … Read more
May 21, 2024 at 06:27PM Veeam has urged customers to address a critical security vulnerability in Veeam Backup Enterprise Manager (VBEM), allowing unauthenticated attackers to access any account. VBEM, not enabled by default, may be patched to mitigate this and other high-severity vulnerabilities. These flaws have been exploited in ransomware attacks targeting global IT infrastructure. … Read more
November 6, 2023 at 04:59PM Veeam has released hotfixes to address four vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform. Two of the vulnerabilities are critical and allow attackers to gain remote code execution and steal NTLM hashes. The remaining two are medium-severity bugs. The company has provided hotfixes for actively supported … Read more