Tech News
Multiple Veeam vulns spark concern among defenders
A series of vulnerabilities in products made by backup and recovery software supplier Veeam, which were disclosed and patched on 4 September 2024, are causing concern in the cyber security community.
The most critical issue revolves around a high-severity flaw fixed by Veeam, known as CVE-2024-40711, which is a remote code execution (RCE) vulnerability in Veeam Backup & Replication.
Discovered by researcher Florian Hauser of Code White, it has a critical CVSS score of 9.8. Code White has chosen not to disclose full technical details of the issue at this time to prevent potential exploitation.
The main worry currently is the potential threat posed by CVE-2024-40711. According to data from threat hunters at Censys, nearly 3,000 Veeam Backup & Replication servers are exposed on the public internet, with a majority in France and Germany.
“This vulnerability is particularly alarming as it is likely to be exploited by ransomware groups to compromise backup systems and possibly lead to double-extortion scenarios,” stated the Censys team.
Rapid7, which has been monitoring for signs of exploitation, has not detected any malicious activity related to CVE-2024-40711 as of Monday, 9 September.
However, Rapid7 cautioned that Veeam Backup & Replication has a wide deployment footprint, and past vulnerabilities in the software have been exploited by ransomware groups.
Rapid7’s data shows that over 20% of incident response cases this year have involved Veeam being accessed or exploited, typically after the attacker has gained access to the victim environment.
In addition to the critical CVE-2024-40711, five other vulnerabilities were disclosed in Backup & Replication, allowing attackers with low-privilege accounts to carry out malicious actions. These issues have been resolved in Backup & Replication 12.2 (build 12.2.0.334), and users are advised to apply the patches promptly.
Veeam has also released fixes for vulnerabilities in Veeam Agent for Linux, Veeam ONE, Veeam Service Provider Console, and Veeam Backup plugins for Nutanix AHV, Oracle Linux Virtualisation, and Red Hat Virtualisation.
Sony’s throwback PS5 Pro limited edition takes us back to the 90s
Commuters warned of delays amid Commercial Broadway Station escalator replacement – BC
Lorne Michaels Weighs In On Who Will Play Donald Trump On ‘SNL’ Season 50
UPDATE: It’s actually happening: Palworld developer Pocketpair is being sued by Nintendo and The Pokémon Company
YouTube Now Displays Adverts When Paused
Faster immigration clearance programme to be launched at 7 more airports soon, BA
Microsoft’s Struggling Military AR Headset Gets Boost From Oculus Founder’s Latest Venture
Pagers explode in Lebanon: Hezbollah chief denounces Israeli attacks as warplane sonic booms rattle Beirut
15 Simple Ways to Spread Happiness and Kindness Around You
Overseas fans rally to save girls’ love manga LOVE-BULLET
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
The Top 20 Motivational Instagram Accounts to Follow (2024)
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
Democrats and allies to flood airwaves, drop more than $125M on abortion push
Family Holiday Checklist | What To Pack Family Holiday
Concord price, beta, preorder details for PS5 and PC confirmed
Turkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
Tim Scott Makes New Push to Woo Black and Hispanic Republicans
Epic Bus Tours New Zealand
-
Tech News3 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation3 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Self Development4 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Destination4 months agoOur new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Activities3 months agoFamily Holiday Checklist | What To Pack Family Holiday
-
Breaking News4 months agoDemocrats and allies to flood airwaves, drop more than $125M on abortion push
-
Destination3 months agoTurkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
-
Gaming3 months agoConcord price, beta, preorder details for PS5 and PC confirmed