Security News

Veeam has patched a high-severity vulnerability in Veeam Service Provider Console and is urging customers to implement the patch. Veeam Service Provider Console is a cloud platform used by managed services providers and enterprises to manage and monitor data backup operations.

Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. Fixes for the issues are available in the below versions -.

Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical."A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database," an advisory published today says about the bug tracked as CVE-2023-38547.

The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools. BlackBerry's Threat Research and Intelligence team, which spotted the latest campaign in early June 2023, reports that Cuba now leverages CVE-2023-27532 to steal credentials from configuration files.

Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs. Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication software.

Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication software. The flaw affects all VBR versions and can be exploited by unauthenticated attackers to breach backup infrastructure after stealing cleartext credentials and gaining remote code execution as SYSTEM. Veeam released security updates to address this vulnerability for VBR V11 and V12 on March 7, advising customers using older releases to upgrade to secure vulnerable devices running unsupported releases.

Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. The nature of CVE-2023-27532 has not been explained - Veeam only says that "The vulnerable process, Veeam.Backup.Service.exe, allows an unauthenticated user to request encrypted credentials."

Veeam urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software.The flaw was reported in mid-February by a security researcher known as Shanigen, and it affects all Veeam Backup & Replication versions.

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation in the wild. "The Veeam Distribution Service allows unauthenticated users to access internal API functions," Veeam noted in an advisory published in March 2022.

The threat actor behind the RomCom RAT has refreshed its attack vector and is now abusing well-known software brands for distribution. In a new campaign discovered by BlackBerry, the RomCom threat actors were found creating websites that clone official download portals for SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro, essentially disguising the malware as legitimate programs.