MY BRAND BOOK Attackers exploited Veeam Backup and Replication Vulnerabilities

Attackers exploited Veeam Backup and Replication Vulnerabilities

By MYBRANDBOOK

The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog. It has cited evidence of active exploitation in the wild. The critical flaws tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged to gain control of a target system. The flaws have been patched now.

In an advisory published in March 2022Veeam noted, "The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code."

Both the issues that impact product versions 9.5, 10, and 11 have been addressed in versions 10a and 11a. Users of Veeam Backup & Replication 9.5 are advised to upgrade to a supported version.

Nikita Petrov, a security researcher at Russian cybersecurity firm Positive Technologies, has been credited with discovering and reporting the weaknesses. Some of the possible consequences of successful exploitation are infection with ransomware, data theft, and denial-of-service, making it imperative that users apply the updates.

Petrov said on March 16, 2022, "We believe that these vulnerabilities will be exploited in real attacks and will put many organizations at significant risk. That is why it is important to install updates as soon as possible or at least take measures to detect abnormal activity associated with these products."

Details on the attacks exploiting these vulnerabilities are unknown as yet, but cybersecurity company CloudSEK disclosed in October that it observed multiple threat actors advertising a "fully weaponized tool for remote code execution" that abuse the two flaws.

BREAKING NEWS

Elon Musk Merges X with xAI in $33 Billion Stock Deal...

Elon Musk has made waves once again by merging X (formerly Twitter) with...

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu...

The scheme aims to attract an investment of INR 59,350 Cr, resulting in pro...

Govt Drops Import Duty making EV Batteries cheaper...

The Centre is taking measures to counter the impact of US President Donald ...

CERT-In’s New Advisory Unveils Hidden Cyber Threats...

The advisory highlights critical vulnerabilities in AI models, outlines mul...

TECHNO TRENDS

Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

The outcome of the legal dispute between X Corp and the Indian government c...

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

The agreement, executed through Wipro and its 100% subsidiary,...

Centre announces that DPDP Rules nearing Finalisation by April

The government seeks to refine the rules for robust data protection, ensuri...

Home Ministry cracks down on PoS agents in digital arrest scam

Digital arrest scams are a growing cybercrime where victims are coerced or ...

E-Magazine

TECHNOTAINMENT

For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

Hrithik Roshan to endorse RuPay as Brand Ambassador

RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha

India Today Group launches – AI Pop Stars

Staying true to our industry leadership position in using cutting-edge tech

MOVERS & SHAKERS

Cloudflare Promotes Goran Risticevic as VP & MD for APAC

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE

Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s

OPEN YOUR EYES

Now WFH To Be Adopted As The Best Practices By Many Organisations

Rising Uncertainty On The Start-ups At The Verge Of Collapse

Digital Strategies Focuses On Technology To Improve Business Performance

The rise in internet usage has opened the doors to conduct cyber-attacks

600% increase in malicious emails during Covid-19 crisis

INTERVIEWS

In India, 88% of Indian business leaders are planning to inves

Alpha Max offers high end solutions in the network space to en

The vision at Alpha Max is to attain quality as the trademark and create a

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

HOT PICK

ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

MSI Announces the availability of RTX 50 series of laptops in

MSI, the innovative computing manufacturer in gaming, creator

Nothing Phone (3a) goes on sale today, starting at Rs 19,999

The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t

MAKE IN INDIA BRANDS

EXATRON SERVERS MANUFACTURING PVT. LTD.

PDRL - Passenger Drone Research Pvt. Ltd.

PRAMA HIKVISION INDIA PRIVATE LIMITED

TVS ELECTRONICS LTD.

EMINENT CIO'S OF INDIA

STRATEGIC FRAMEWORK FOR SUSTAINABLE BUSINESS EXPANSION IS PATHWAY TO PROSPERITY

Accelerate the adoption of AI and machine learning...

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

AI AND DATA ANALYTICS REVOLUTIONIZING HEALTHCARE SERVICES

...

ICONS OF INDIA

Icons Of India : MADHABI PURI BUCH

Madhabi Puri Buch is the first-female chairperson of India’s markets...

Icons Of India : Dilip Asbe

At present, Dilip Asbe is heading National Payments Corporation of Ind...

Icons Of India : Anil Agarwal

Anil Agarwal, the Founder and Chairman of Vedanta Resources Ltd., is r...

PARTNER SPEAKERS

Empowering clients with innovative solutions to thrive in evolving digital landscape

Hitachi Systems India employs a multifaceted approach to assess brand awarenes...

Gauging Brand Awareness with Data-Driven insights

Arrow PC Network utilizes data-driven insights extensively to gauge brand awar...

Iris Global Services - “The Most Responsive Distributor”

As a company, Iris Global Services is equipped with everything it takes to set...

PSU

CERT-IN - Indian Computer Emergency Response Team

CERT-In is a national nodal agency for responding to computer security...

LIC - Life Insurance Corporation of India

LIC is the largest state-owned life insurance company in India...

NSE - National Stock Exchange

NSE is the leading stock exchange in India....

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : Samsung Electronics Co. Ltd.

Samsung invests heavily in marketing campaigns to promote...

Most Trusted Brands 2024 : Adobe Inc.

Adobe Creative Cloud is a comprehensive suite of desktop and mobile apps for d...

Most Trusted Brands 2024: BHARTI AIRTEL LTD.

Airtel is a global communications solutions provider serving over 500 million ...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Thomas Kurian, CEO- Google Cloud

Thomas Kurian, the CEO of Google Cloud, has been instrumental in expan...

Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler

Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...

Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson

Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...

ITFORUM 2025

STARNITE AWARDS 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY