Critical Veeam Backup & Replication Vulnerability Under Active Exploitation


Security researchers have reported CVE-2024-40711 is under active exploitation by ransomware groups. These groups are reportedly exploiting CVE-2024-40711 as a second stage exploit to create new local Administrator accounts to facilitate further objectives on compromised networks.

Reports warn of exploitation attempts since shortly after official disclosure by Veeam. Enterprise backup and disaster recovery applications are valuable targets for cyber threat groups.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Self-Driving Cars Can Be Hacked By Just Putting Stickers On Street Signs

    August 8, 2017

    Car Hacking is a hot topic, though it’s not new for researchers to hack cars. Previously they had demonstrated how to hijack a car remotely, how to disable car’s crucial functions like airbags, and even how to steal cars. But the latest car hacking trick doesn’t require any extra ordinary skills to accomplished. All it takes is a simple sticker onto ...

  • Exploits Available for Siemens Molecular Imaging Vulnerabilities

    August 4, 2017

    Siemens is readying patches for a number of vulnerabilities in its molecular imaging products, including some where public exploits are available. Advisories published Thursday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) indicate that the flaws are remotely exploitable. “Siemens is preparing updates for the affected products and recommends protecting network access to the Molecular ...

  • Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug

    August 3, 2017

    Cisco fixed 15 vulnerabilities this week in more than a dozen products, including two high severity vulnerabilities that could have let an attacker trigger a denial of service condition or bypass local authentication. The more severe bugs fixed on Wednesday exist in the company’s Identity Services Engine and its Videoscape Distribution Suite. The bypass, which exists ...

  • IBM Patches Reflected XSS in Worklight, MobileFirst

    August 2, 2017

    BM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability (CVE-2017-1500) lingered in the products, Worklight and MobileFirst, for almost a year. Gabriele Gristina, a security consultant for the Italian information security ...

  • Attack Uses Docker Containers To Hide, Persist, Plant Malware

    July 27, 2017

    A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce, senior security researcher, with Aqua Security. The attack works ...

  • CowerSnail — Windows Backdoor from the Creators of SambaCry Linux Malware

    July 27, 2017

    Last month, we reported about a group of hackers exploiting SambaCry—a 7-year-old critical remote code execution vulnerability in Samba networking software—to hack Linux computers and install malware to mine cryptocurrencies. The same group of hackers is now targeting Windows machines with a new backdoor, which is a QT-based re-compiled version of the same malware used to ...