Tech News
Multiple Veeam vulns spark concern among defenders
A series of vulnerabilities in products made by backup and recovery software supplier Veeam, which were disclosed and patched on 4 September 2024, are causing concern in the cyber security community.
The most critical issue revolves around a high-severity flaw fixed by Veeam, known as CVE-2024-40711, which is a remote code execution (RCE) vulnerability in Veeam Backup & Replication.
Discovered by researcher Florian Hauser of Code White, it has a critical CVSS score of 9.8. Code White has chosen not to disclose full technical details of the issue at this time to prevent potential exploitation.
The main worry currently is the potential threat posed by CVE-2024-40711. According to data from threat hunters at Censys, nearly 3,000 Veeam Backup & Replication servers are exposed on the public internet, with a majority in France and Germany.
“This vulnerability is particularly alarming as it is likely to be exploited by ransomware groups to compromise backup systems and possibly lead to double-extortion scenarios,” stated the Censys team.
Rapid7, which has been monitoring for signs of exploitation, has not detected any malicious activity related to CVE-2024-40711 as of Monday, 9 September.
However, Rapid7 cautioned that Veeam Backup & Replication has a wide deployment footprint, and past vulnerabilities in the software have been exploited by ransomware groups.
Rapid7’s data shows that over 20% of incident response cases this year have involved Veeam being accessed or exploited, typically after the attacker has gained access to the victim environment.
In addition to the critical CVE-2024-40711, five other vulnerabilities were disclosed in Backup & Replication, allowing attackers with low-privilege accounts to carry out malicious actions. These issues have been resolved in Backup & Replication 12.2 (build 12.2.0.334), and users are advised to apply the patches promptly.
Veeam has also released fixes for vulnerabilities in Veeam Agent for Linux, Veeam ONE, Veeam Service Provider Console, and Veeam Backup plugins for Nutanix AHV, Oracle Linux Virtualisation, and Red Hat Virtualisation.
Ontario faces calls to dedicate surplus land for long-term care homes to non-profits
SMITE 2 showcases its newest additions with the Wandering Market and new god Cabrakan
Google Responds to Developer Concerns About Long-term Commitment to Android XR
Air Fryer Cooking: 3 Healthy Eating Tips to Try
Instagram, Facebook users confounded by perceived auto-follow for Trump likely followed the POTUS accounts previously
Trump Is Said to Push for Early Reopening of North American Trade Deal
Here’s a demo for Eternal Strands, the Zelda-meets-Colossus wizarding sim from a former Dragon Age director
7 Powerful Reasons Young Men Should Read Personal Development Books
Kearney, Futurum: Big enterprise CEOs make AI core to future
Go grab this Q-series Samsung soundbar with Dolby Atmos for just $199 right now
Singapore Airlines CEO set to join board of Air India, BA News, BA
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
The Top 20 Motivational Instagram Accounts to Follow (2024)
Satisfy Your Meat and BBQ Cravings While in Texas
Soccer team’s drone at center of Paris Olympics spying scandal
15 Best Magnetic Tile Race Tracks for Kids!
Have Unlimited Korean Food at MANY Unlimited Topokki!
Croatia to reintroduce compulsory military draft as regional tensions soar
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
15 of the Best Trike & Tricycles Mums Recommend
-
Destination4 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News8 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation7 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips6 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Tech News6 months agoSoccer team’s drone at center of Paris Olympics spying scandal
-
Toys6 months ago15 Best Magnetic Tile Race Tracks for Kids!
-
Guides & Tips6 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Breaking News5 months agoCroatia to reintroduce compulsory military draft as regional tensions soar