Veeam warns of critical bugs in Veeam ONE monitoring platform

Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws since they let attackers gain remote code execution and steal NTLM hashes from vulnerable servers. The remaining two are medium-severity bugs that require user interaction or have limited impact. "A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database," an advisory published today says about the bug tracked as CVE-2023-38547. "A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service," the company says when describing the second critical vulnerability patched today. Veeam also fixed a security flaw tracked as CVE-2023-38549 that could let attackers with Power User roles steal the access token of an admin in a Cross-Site Scripting attack, which requires user interaction from someone with the Veeam ONE Administrator role. CVE-2023-41723, the fourth vulnerability addressed today, can be exploited by malicious actors with the Read-Only User role to access the Dashboard Schedule. Admins must stop the Veeam ONE monitoring and reporting services on impacted servers, replace the files on the disk with the files in the hotfix, and restart the services to deploy the hotfixes. In March, Veeam also fixed a high-severity Backup Service vulnerability in the Backup & Replication software that can be used to breach backup infrastructure hosts. This flaw was later targeted in attacks linked to the financially motivated FIN7 threat group, known for its connections with multiple ransomware operations, including the Conti syndicate, REvil, Maze, Egregor, and BlackBasta. Months later, the Cuba ransomware gang exploited the bug to target critical infrastructure organizations in the United States and IT firms in Latin America. Veeam says its software is used by more than 450,000 customers globally, encompassing 82% of Fortune 500 companies and 72% of those listed in the Global 2,000 annual ranking. TellYouThePass ransomware joins Apache ActiveMQ RCE attacks. New Microsoft Exchange zero-days allow RCE, data theft attacks. 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online. HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks. F5 fixes BIG-IP auth bypass allowing remote code execution attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Veeam warns of critical bugs in Veeam ONE monitoring platform

Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
11 months ago Bleepingcomputer.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
11 months ago Helpnetsecurity.com
Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
11 months ago Feeds.dzone.com
Veeam Data Platform 23H2 update enhances resilience against ransomware - 1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of new features and enhancements designed to not only protect enterprises' most critical ...
11 months ago Helpnetsecurity.com
Monitoring Your Files for Security and Compliance | Tripwire - This may seem like a heck of a statement, but when you are monitoring against a cryptographic value or other attributes (including content), even the slightest deviation is a valid change & that change is detected and processed according to local ...
1 month ago Tripwire.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
10 months ago Darkreading.com
CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
7 months ago
Addressing Bias in Insider Risk Monitoring - Enterprises often take similar steps to protect data from internal and outside threats, where teams analyze activities to identify potential risks. Security operations centers defending against these threats must look at employees, partners, and ...
9 months ago Cyberdefensemagazine.com
Addressing Bias in Insider Risk Monitoring - Enterprises often take similar steps to protect data from internal and outside threats, where teams analyze activities to identify potential risks. Security operations centers defending against these threats must look at employees, partners, and ...
8 months ago Cyberdefensemagazine.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
5 months ago Securityaffairs.com
Trulioo Launches Global Identity Platform for Person and Business Verification - Identity verification firm Trulioo on Tuesday launched a new global identity platform for Person and Business verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from ...
1 year ago Csoonline.com
WALLIX One helps mitigate risks associated with theft and identity compromise - WALLIX extends its suite of identity and digital access management software via its SaaS platform, WALLIX One. This platform includes essential services designated to safeguard the digital operations of companies. With WALLIX One, employees, external ...
11 months ago Helpnetsecurity.com
Omdia: Standalone Security Products Outsell Cybersecurity Platforms - In its many briefings with cybersecurity vendors, one of the most consistent themes Omdia hears is why enterprises need cybersecurity platforms. Instead, vendors claim, enterprises could get better outcomes if they give up their multitude of ...
11 months ago Darkreading.com
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
11 months ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
10 months ago Bleepingcomputer.com
How Cygnvs is Revolutionizing Cyberattack Recovery - Cygnvs, a cutting-edge cybersecurity provider, has recently emerged from stealth mode after introducing their robust cyberattack recovery platform. The platform streamlines things, ensuring teams can respond to incidents and data losses with speed ...
1 year ago Csoonline.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
Ransomware Surge is Driving UK Inflation, Says Veeam - The ransomware epidemic hitting UK businesses is leading many to increase their prices, adding to already high inflation, new data from Veeam has warned. The data protection firm surveyed 100 directors of UK businesses with over 500 employees that ...
11 months ago Infosecurity-magazine.com
CISA: Critical Ivanti auth bypass bug now actively exploited - CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. Tracked as CVE-2023-35082, the flaw is a remote unauthenticated API ...
10 months ago Bleepingcomputer.com
Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
11 months ago Bleepingcomputer.com
PRODUCT REVIEW: MIXMODE PLATFORM FOR REAL-TIME THREAT DETECTION - Cybersecurity vendor MixMode has redefined the art and science of threat detection and response with its groundbreaking MixMode Platform. At its core, the MixMode Platform relies on a patented foundational model specifically engineered to detect and ...
10 months ago Cybersecurity-insiders.com
CVE-2022-46156 - The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their ...
1 year ago
Zyxel warns of multiple critical vulnerabilities in NAS devices - Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data ...
11 months ago Bleepingcomputer.com
Citrix warns of new Netscaler zero-days exploited in attacks - Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days impact the Netscaler management interface and expose unpatched ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)