The US has accused two brothers of being part of the hacker group Anonymous Sudan, which allegedly went on a wild cyberattack spree that hit hundreds of targets—and, for one of the two men, even put lives at risk.
Security Latest – Read More
Mistral AI, a rising star in the artificial intelligence arena, launched two new language models on Wednesday, potentially reshaping how businesses and developers deploy AI technology. The Paris-based startup’s new offerings, Ministral 3B and Ministral 8B, are designed to bring powerful AI capabilities to edge devices, marking a significant s…Read More
Security News | VentureBeat – Read More
Google has released Android 15 with new security features to keep devices and sensitive applications better protected.
The post Android 15 Rolling Out With New Theft, Application Protection Features appeared first on SecurityWeek.
SecurityWeek – Read More
Getting buy-in can be difficult. Safe-U founder and CEO Jorge Litvin explains how to create a common language between the CISO and the rest of the C-suite.
Security | TechRepublic – Read More
A critical vulnerability, CVE-2024-40711, was discovered in Veeam Backup & Replication, allowing unauthenticated remote code execution.
CVE-2024-40711 has a CVSS score of 9.8, indicating an urgent need for remediation due to its severity.
Threat actors are actively exploiting this vulnerability to deploy Akira and Fog ransomware.
Veeam issued security updates to address these vulnerabilities in early September 2024.
Multiple Veeam products were also affected by different vulnerabilities, including Veeam Backup & Replication, Veeam ONE, and Veeam Agent for Linux, among others.
Organizations are urged to implement regular update protocols, enhance monitoring, and develop incident response plans to mitigate risks.
Threat actors have exploited a recent critical vulnerability in Veeam Backup & Replication to deploy Akira and Fog ransomware. This vulnerability, designated as CVE-2024-40711, is rated 9.8 out of 10.0 on the Common Vulnerability Scoring System (CVSS) scale, highlighting its severe nature. Veeam addressed this security flaw in version 12.2 of Backup & Replication, released in early September 2024.
Florian Hauser, a security researcher with CODE WHITE based in Germany, discovered the vulnerability and reported it to Veeam. Hauser emphasized the urgency of patching systems, stating, “Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own @frycos—no technical details from us this time because this might instantly be abused by ransomware gangs.”
The exploitation of this vulnerability has raised security concerns. In a recent attack linked to the Fog ransomware, threat actors managed to deploy the ransomware on an unprotected Hyper-V server. During the same operation, they utilized the rclone utility to exfiltrate sensitive data.
However, other attempts to deploy ransomware were reportedly unsuccessful. Attempted exploits picked up by Sophos endpoint detection all used compromised VPN gateways lacking multifactor authentication (MFA) to exploit Veeam on the widely exposed port 8000, triggering the Veeam.Backup.MountService.exe to launch net.exe. The exploit creates a local account, “point,” and adds it to the local Administrators and Remote Desktop Users groups.
Veeam took prompt action by disclosing the vulnerability and releasing security updates on September 4, 2024. Following this, watchTowr Labs published a technical analysis of the vulnerabilities on September 9, 2024.
Notably, they delayed the publication of proof-of-concept exploit code until September 15, 2024, to give administrators adequate time to secure their systems. Given its widespread use, Veeam’s products are a prime target for malicious actors looking for quick access to backup data, emphasizing the need for timely remediation.
Moreover, according to an advisory from Cyble, CVE-2024-40711 is just one of several vulnerabilities that affected Veeam products. The Cyble advisory released a summary of the latest vulnerabilities and patches from various vendors, focusing on the following CVEs linked to Veeam:
CVE-2024-40711: Critical, CVSS score 9.8, allowing unauthenticated remote code execution.
CVE-2024-40713: High severity.
CVE-2024-40710: High severity.
CVE-2024-39718: Medium severity.
CVE-2024-40714: High severity.
CVE-2024-40712: Medium severity.
CVE-2024-40709: Medium severity.
CVE-2024-42024: Medium severity.
CVE-2024-42019: Medium severity.
CVE-2024-42023: Medium severity.
CVE-2024-42021: Medium severity.
CVE-2024-42022: Medium severity.
CVE-2024-42020: Medium severity.
CVE-2024-38650: Medium severity.
CVE-2024-39714: Medium severity.
CVE-2024-39715: Medium severity.
CVE-2024-38651: Medium severity.
CVE-2024-40718: Medium severity.
The vulnerabilities primarily impact several Veeam products, posing significant security risks. Among these is Veeam Backup & Replication, which is widely used for data protection and disaster recovery. Additionally, the Veeam Agent for Linux is affected, as well as Veeam ONE, which provides monitoring and analytics for backup operations.
Furthermore, the Veeam Service Provider Console is included in the list of vulnerable products, along with Veeam Backup for Nutanix AHV. Lastly, Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization also face these security concerns. Organizations utilizing any of these products should take immediate action to secure their systems against potential exploitation.
CVE-2024-40711 is classified as a remote code execution vulnerability, allowing unauthenticated attackers to send a malicious payload that can lead to a complete system takeover. The affected software versions include Veeam Backup & Replication 12.1.2.172 and all earlier versions.
During an investigation, Cyble’s ODIN scanner identified approximately 2,466 internet-exposed instances of Veeam Backup, predominantly in the United States.
The CVE-2024-40711 vulnerability is not an isolated incident. On March 7, 2023, Veeam patched another high-severity vulnerability, CVE-2023-27532, which was exploited in attacks linked to the financially motivated FIN7 threat group, notorious for its connections to various ransomware operations including Conti, REvil, Maze, Egregor, and BlackBasta.
Here are several mitigation and recommendation strategies for addressing the vulnerabilities in Veeam products:
Ensure that the latest patches released by Veeam are implemented immediately to address the critical vulnerabilities.
Create a routine schedule for regular updates across all Veeam products to maintain security and compliance.
Regularly perform security assessments and audits to identify and remediate potential vulnerabilities in your systems.
Isolate Veeam products from the internet wherever possible to reduce the attack surface and minimize exposure to potential threats.
Enforce MFA for accessing Veeam management interfaces to add an additional layer of security against unauthorized access.
Utilize comprehensive monitoring tools to detect suspicious activities and potential exploitation attempts in real-time.
Establish and regularly update an incident response plan that includes procedures for identifying, responding to, and recovering from security incidents.
Assess any third-party tools or integrations used with Veeam products to ensure they do not introduce additional vulnerabilities.
Veeam’s products, used by over 550,000 customers globally, including 74% of the Global 2000 companies, represent a dangerous risk if not properly secured. Organizations relying on Veeam’s Backup & Replication solutions must act swiftly to apply the necessary patches and protect their defenses against potential ransomware attacks.
The post Critical Vulnerability in Veeam Products Exploited by Ransomware Gangs appeared first on Cyble.
Blog – Cyble – Read More
Learn how data from call detail records can help you find fraud calls made by your phone system — and prevent them from happening again.
Security | TechRepublic – Read More
With its questionable privacy policy, slow VPN performance, and lack of independent audits, Urban VPN fails to offer a secure and quality VPN experience.
Security | TechRepublic – Read More
Hackers have targeted the devices of Ukraine’s draft-aged men with MeduzaStealer malware spread through Telegram, researchers have found.
The Record from Recorded Future News – Read More
As in golf, security requires collaboration across the entire organization, from individual contributors in each department to the executive level and the board.
darkreading – Read More