Attackers exploited Veeam Backup and Replication Vulnerabilities
By MYBRANDBOOK
The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog. It has cited evidence of active exploitation in the wild. The critical flaws tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged to gain control of a target system. The flaws have been patched now.
In an advisory published in March 2022Veeam noted, "The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code."
Both the issues that impact product versions 9.5, 10, and 11 have been addressed in versions 10a and 11a. Users of Veeam Backup & Replication 9.5 are advised to upgrade to a supported version.
Nikita Petrov, a security researcher at Russian cybersecurity firm Positive Technologies, has been credited with discovering and reporting the weaknesses. Some of the possible consequences of successful exploitation are infection with ransomware, data theft, and denial-of-service, making it imperative that users apply the updates.
Petrov said on March 16, 2022, "We believe that these vulnerabilities will be exploited in real attacks and will put many organizations at significant risk. That is why it is important to install updates as soon as possible or at least take measures to detect abnormal activity associated with these products."
Details on the attacks exploiting these vulnerabilities are unknown as yet, but cybersecurity company CloudSEK disclosed in October that it observed multiple threat actors advertising a "fully weaponized tool for remote code execution" that abuse the two flaws.
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
DRUVA SOFTWARE PVT. LTD.
OPTIEMUS INFRACOM
CENTRE FOR DEVELOPMENT OF TELEMATICS
HP INDIA SALES PVT. LTD.
Technology Icons Of India 2023: Debjani Ghosh
Debjani Ghosh is the first woman president of NASSCOM (the umbrella bo...
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Sachin Bansal
Sachin Bansal’s fintech startup, Navi Technologies, simplifies loan ...
EESL encouraging e-mobility adoption across India
Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
FORTUNE MARKETING PVT. LTD.
Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...
NETPOLEON SOLUTIONS
Netpoleon Group is a Value-Added Distributor (VAD) of Network Security...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...