Security News > 2024 > October > Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware
2024-10-14 08:55

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.0 on the


News URL

https://thehackernews.com/2024/10/critical-veeam-vulnerability-exploited.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-07 CVE-2024-40711 Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
network
low complexity
veeam CWE-502
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Veeam 11 0 8 9 7 24