Tag: veeam

Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware

Mar 23, 2025 11:13 AM

by

Andy Stern

in SecurityNews

Tags: backup, malware, rce, remote-code-execution, update, veeam, vulnerability, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical Veeam Backup Replication RCE vulnerability fixed, patch ASAP! … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/23/week-in-review-veeam-backup-replication-rce-fixed-free-file-converter-sites-deliver-malware/
Veeam Patches Critical 9.9 RCE Flaw

Mar 21, 2025 9:13 PM

by

Andy Stern

in SecurityNews

Tags: flaw, rce, remote-code-execution, veeam

First seen on scworld.com Jump to article: www.scworld.com/brief/veeam-patches-critical-9-9-rce-flaw
Veeam RCE Vulnerability Allows Domain Users to Hack Backup Servers

Mar 21, 2025 12:13 PM

by

Andy Stern

in SecurityNews

Tags: access, backup, cve, cyber, exploit, rce, remote-code-execution, veeam, vulnerability

Researchers uncovered critical Remote Code Execution (RCE) vulnerabilities in the Veeam Backup & Replication solution. These vulnerabilities, which include CVE-2025-23120, exploit weaknesses in deserialization mechanisms, potentially allowing any domain user to gain SYSTEM access to Veeam backup servers. This is particularly concerning for organizations that have integrated their Veeam servers into their Active Directory domains.…
Critical remote code execution flaw patched in Veeam backup servers

Mar 21, 2025 5:13 AM

by

Andy Stern

in SecurityNews

Tags: backup, cve, exploit, flaw, framework, programming, rce, remote-code-execution, risk, update, veeam, vulnerability

Why black lists are bad: Application developers have gotten in the habit of mitigating deserialization risks by creating blacklists of classes that could be dangerous when deserialized, and as watchTowr explains, this was also Veeam’s approach when addressing CVE-2024-40711. However, history has shown that blacklists are rarely complete.”Blacklists (also known as block-lists or deny-lists) are…
Veeam RCE bug lets domain users hack backup servers, patch now

Mar 21, 2025 1:13 AM

by

Andy Stern

in SecurityNews

Tags: backup, cve, rce, remote-code-execution, software, update, veeam, vulnerability

Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/veeam-rce-bug-lets-domain-users-hack-backup-servers-patch-now/
Veeam patches critical 9.9 flaw in backup and replication product

Mar 20, 2025 10:13 PM

by

Andy Stern

in SecurityNews

Tags: backup, flaw, veeam

First seen on scworld.com Jump to article: www.scworld.com/news/veeam-patches-critical-99-flaw-in-backup-and-replication-product
Veeam fixed critical Backup Replication flaw CVE-2025-23120

Mar 20, 2025 10:13 PM

by

Andy Stern

in SecurityNews

Tags: backup, cve, flaw, software, veeam, vulnerability

Veeam released security patches for a critical Backup & Replication vulnerability that could let attackers remotely execute code. Veeam addressed a critical security vulnerability, tracked as CVE-2025-23120 (CVSS score of 9.9), impacting its Backup & Replication software that could lead to remote code execution. The vulnerability impacts 12.3.0.310 and all earlier version 12 builds, it was…
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

Mar 20, 2025 8:13 PM

by

Andy Stern

in SecurityNews

Tags: best-practice, rce, remote-code-execution, veeam, vulnerability

Palming off the blame using an ‘unknown’ best practice didn’t go down well either First seen on theregister.com Jump to article: www.theregister.com/2025/03/20/infoseccers_criticize_veeam_over_critical/
Veeam Update Patches Critical Backup Software Vulnerability

Mar 20, 2025 5:13 PM

by

Andy Stern

in SecurityNews

Tags: backup, exploit, group, malicious, ransomware, software, update, veeam, vulnerability

‘Real Danger’ Alert for Unpatched Veeam Servers Attached to a Production Domain. Widely used Veeam Backup & Replication software has been patched to fix a critical vulnerability that could be abused to remotely exploit malicious code. Security experts recommend rapid patching, given ransomware and other groups’ repeated targeting of the software. First seen on govinfosecurity.com…
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

Mar 20, 2025 3:13 PM

by

Andy Stern

in SecurityNews

Tags: backup, cve, cvss, flaw, ibm, remote-code-execution, risk, software, update, veeam, vulnerability

Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution.The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds.”A vulnerability allowing remote code execution (RCE) by authenticated domain…
Veeam Patches Critical Vulnerability in Backup Replication

Mar 20, 2025 2:13 PM

by

Andy Stern

in SecurityNews

Tags: backup, remote-code-execution, veeam, vulnerability

Veeam has released patches for a critical-severity remote code execution vulnerability in Backup Replication. The post Veeam Patches Critical Vulnerability in Backup Replication appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/veeam-patches-critical-vulnerability-in-backup-replication/
Critical Veeam Backup Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Mar 20, 2025 2:13 PM

by

Andy Stern

in SecurityNews

Tags: backup, rce, remote-code-execution, update, veeam, vulnerability

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup Replication solution, and is urging … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/critical-veeam-backup-replication-rce-vulnerability-cve-2025-23120/
Critical Veeam Backup Replication Vulnerability Allows Remote Execution of Malicious Code

Mar 20, 2025 9:13 AM

by

Andy Stern

in SecurityNews

Tags: backup, cve, cvss, cyber, malicious, remote-code-execution, risk, software, veeam, vulnerability

A critical vulnerability in Veeam Backup & Replication software has been disclosed, posing a significant risk to users. This vulnerability, identified as CVE-2025-23120, allows remote code execution (RCE) by authenticated domain users. The severity of this issue is underscored by a CVSS v3.1 score of 9.9, indicating a high level of risk. The vulnerability has…
Veeam Backup Replication RCE-Schwachstelle CVE-2025-23120

Mar 20, 2025 12:13 AM

by

Andy Stern

in SecurityNews

Tags: backup, cve, rce, remote-code-execution, veeam, vulnerability

Nutzer von Veeam Backup & Replication müssen reagieren. Der Anbieter Veeam hat zum 19. März 2025 über eine Remote Code Execution (RCE) Schwachstelle CVE-2025-23120 in verschiedenen Versionen des genannten Produkts informiert. Es gibt Sicherheitsupdates, um diese Schwachstelle zu schließen. Die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/19/veeam-backup-replication-rce-schwachstelle-cve-2025-23120/
Veeam releases new orchestration, disaster recovery tool for Microsoft Hyper-V

Feb 25, 2025 9:24 PM

by

Andy Stern

in SecurityNews

Tags: microsoft, tool, veeam

First seen on scworld.com Jump to article: www.scworld.com/brief/veeam-releases-new-orchestration-disaster-recovery-tool-for-microsoft-hyper-v
Veeam und Microsoft vertiefen Partnerschaft für KI-gestützte Datensicherheit

Feb 25, 2025 5:22 PM

by

Andy Stern

in SecurityNews

Tags: ai, cloud, microsoft, veeam

In einer Zeit zunehmender Cyberbedrohungen und der sich stetig wandelnden Cloud-Landschaft ist Datenresilienz nicht länger optional, sie ist geschäftskritisch First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-und-microsoft-vertiefen-partnerschaft-fuer-ki-gestuetzte-datensicherheit/a39951/
Maximale Datenresilienz: Veeam Recovery Orchestrator jetzt mit HyperUnterstützung

Feb 19, 2025 6:46 PM

by

Andy Stern

in SecurityNews

Tags: veeam

Mit dem Veeam Recovery Orchestrator können Hyper-V-Umgebungen nicht nur automatisiert wiederhergestellt, sondern auch reibungslos mit anderen Virtualisierungsplattformen verbunden werden. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/maximale-datenresilienz-veeam-recovery-orchestrator-jetzt-mit-hyper-v-unterstuetzung/a39885/
Veeam präsentiert orchestrierte Disaster-Recovery für Microsoft-Hyper-V

Feb 19, 2025 2:46 PM

by

Andy Stern

in SecurityNews

Tags: data, microsoft, veeam, vmware

Die neue Erweiterung der Veeam-Data-Platform-Premium um die Orchestrierung für Hyper-V verstärkt die Datenportabilität um ermöglicht echte End-to-End Datenmigration sowie eine Konfiguration ohne Datenverlust. Veeam-Recovery-Orchestrator verwaltet auch die Wiederherstellung anderer Maschinen auf Hyper-V, wodurch die Datenportabilität verbessert wird, wenn Unternehmen neue Hypervisoren testen oder auf sie umsteigen. Diese Unterstützung ermöglicht eine nahtlose Migration von Vmware-vSphere zu…
Backup software vendor Veeam deleted forum data after restoration SNAFU

Feb 17, 2025 8:46 PM

by

Andy Stern

in SecurityNews

Tags: backup, data, software, veeam

DevOps team did the dirty on a database First seen on theregister.com Jump to article: www.theregister.com/2025/02/17/veeam_forums_data_loss/
Unusual attack linked to Chinese APT group combines espionage and ransomware

Feb 13, 2025 6:48 PM

by

Andy Stern

in SecurityNews

Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerability

The attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
Critical Veeam Updater Vulnerability Addressed

Feb 7, 2025 10:07 PM

by

Andy Stern

in SecurityNews

Tags: veeam, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/brief/critical-veeam-updater-vulnerability-addressed
Kritische Schwachstelle CVE-2025-23114 in Veeam-Updater

Feb 7, 2025 1:06 AM

by

Andy Stern

in SecurityNews

Tags: cve, cyberattack, veeam, vulnerability

Im Veeam-Updater wurde eine kritische Schwachstelle CVE-2025-23114 gemeldet. Über diese Schwachstelle ließen sich Man in the Middle-Angriffe ausführen. Dies wirkt sich auf verschiedene Produkte des Anbieters aus. Veeam hat entsprechende Sicherheitsupdates zum Schließen der Schwachstelle veröffentlicht. Kritische Schwachstelle CVE-2025-23114 Ich bin … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/07/kritische-schwachstelle-cve-2025-23114-in-veeam-updater/
Veeam Updater receives update for critical RCE flaw

Feb 6, 2025 10:06 PM

by

Andy Stern

in SecurityNews

Tags: flaw, rce, remote-code-execution, update, veeam

First seen on scworld.com Jump to article: www.scworld.com/news/veeam-updater-receives-update-for-critical-rce-flaw
New Veeam Flaw Allows Arbitrary Code Execution via Manthe-Middle Attack

Feb 5, 2025 2:12 PM

by

Andy Stern

in SecurityNews

Tags: attack, backup, cve, cvss, flaw, software, veeam, vulnerability

Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.”A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to…
Veeam Backup: Codeschmuggel durch MitM-Lücke im Updater möglich

Feb 5, 2025 12:12 PM

by

Andy Stern

in SecurityNews

Tags: backup, exploit, veeam

Veeam Backup enthält einen Updater, der für Man-in-the-Middle-Attacken anfällig ist. Angreifer können Schadcode einschleusen. First seen on heise.de Jump to article: www.heise.de/news/Veeam-Backup-Codeschmuggel-durch-MitM-Luecke-im-Updater-moeglich-10270446.html
Veeam Backup Vulnerability Allows Attackers to Execute Arbitrary Code

Feb 5, 2025 7:12 AM

by

Andy Stern

in SecurityNews

Tags: attack, backup, cve, cyber, flaw, risk, veeam, vulnerability

A critical vulnerability, CVE-2025-23114, has been discovered within the Veeam Updater component that poses a serious risk to organizations utilizing Veeam’s backup solutions. The flaw allows attackers to leverage a Man-in-the-Middle (MitM) attack to inject and execute arbitrary code with root-level permissions on the affected appliance server. The vulnerability, reported through HackerOne by security researcher…
Veeam-Umfrage in Deutschland kündet von vielen Baustellen der KRITIS-Betreiber

Jan 21, 2025 6:22 PM

by

Andy Stern

in SecurityNews

Tags: germany, kritis, nis-2, veeam

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/nis-2-veeam-umfrage-deutschland-kunde-vielfalt-baustellen-kritis-betreiber
Die vielen Baustellen der KRITIS-Betreiber

Jan 20, 2025 3:22 PM

by

Andy Stern

in SecurityNews

Tags: kritis, nis-2, veeam

Eine aktuelle Veeam-Studie zur NIS2-Richtlinie zeichnet ein ernüchterndes Bild der IT-Sicherheitslage in deutschen Unternehmen. Während sich 70 Prozent der befragten Firmen gut auf die neue EU-Richtlinie vorbereitet fühlen, sind nur 37 Prozent von ihnen nach eigener Angabe tatsächlich konform zur NIS2. Diese eklatante Diskrepanz zwischen Selbstwahrnehmung und Realität ist bezeichnend für den oftmals leider noch…
NIS2-Umfrage in Deutschland zeigt noch viele Baustellen bei den KRITIS-Betreibern

Jan 20, 2025 2:22 PM

by

Andy Stern

in SecurityNews

Tags: germany, kritis, nis-2, veeam

Censuswide führte diese Untersuchung im Auftrag von Veeam zwischen dem 29. August und dem 02. September 2024 durch. Die Umfrage umfasste über 500 IT-Experten und -Verantwortliche First seen on infopoint-security.de Jump to article: www.infopoint-security.de/nis2-umfrage-in-deutschland-zeigt-noch-viele-baustellen-bei-den-kritis-betreibern/a39503/
Update für Datensicherungslösung – Veeam Backup for Salesforce v3 ist verfügbar

Dec 27, 2024 9:43 AM

by

Andy Stern

in SecurityNews

Tags: backup, update, veeam

First seen on security-insider.de Jump to article: www.security-insider.de/veeam-backup-for-salesforce-v3-datensicherheit-und-archivierung-a-986c1a2805a86f3fd70eccc6737392fc/