Found 11 bookmarks
Custom sorting
Veeam warns of critical RCE bug in Service Provider Console
Veeam warns of critical RCE bug in Service Provider Console
​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
·bleepingcomputer.com·
Veeam warns of critical RCE bug in Service Provider Console
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's no point deploying cryptolocker malware on a target unless you can also deny access to backups, and so, this class of attackers absolutely loves to break this particular software. With so many eyes focussed on it, then, it is no huge surprise that it has a rich history of CVEs. Today, we're going to look at the latest episode - CVE-2024-40711. Well, that was a complex vulnerability, requiring a lot of code-reading! We’ve successfully shown how multiple bugs can be chained together to gain RCE in a variety of versions of Veeam Backup & Replication.
·labs.watchtowr.com·
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
·bleepingcomputer.com·
Veeam warns of critical RCE flaw in Backup & Replication software
Patch or Peril: A Veeam vulnerability incident
Patch or Peril: A Veeam vulnerability incident
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.
·group-ib.com·
Patch or Peril: A Veeam vulnerability incident
FIN7 tradecraft seen in attacks against Veeam backup servers
FIN7 tradecraft seen in attacks against Veeam backup servers
WithSecure Intelligence identified attacks which occurred in late March 2023 against internet-facing servers running Veeam Backup & Replication software. Our research indicates that the intrusion set used in these attacks has overlaps with those attributed to the FIN7 activity group. It is likely that initial access & execution was achieved through a recently patched Veeam Backup & Replication vulnerability, CVE-2023-27532.
·labs.withsecure.com·
FIN7 tradecraft seen in attacks against Veeam backup servers
CVE-2023-27532
CVE-2023-27532
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
·veeam.com·
CVE-2023-27532
CVE-2023-27532
CVE-2023-27532
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
·veeam.com·
CVE-2023-27532