Researchers at WithSecure have issued an alert after uncovering evidence that a notorious cyber criminal gang is exploiting a recently disclosed vulnerability in Veeam Backup & Replication data backup and recovery software to access its victims’ networks.
Tracked as CVE-2023-27532, the Veeam vulnerability was first published on 7 March 2023. It enables an unauthenticated user who has accessed the backup infrastructure network perimeter to get their hands on encrypted credentials stored in the configuration database, which may ultimately lead to them gaining access to the backup infrastructure hosts.
It is classified as a high-severity bug and carries a CVSS v3 score of 7.5. It exists in the Veeam.Backup.Service.exe process of Veaam Backup & Replication, Veeam Cloud Connect, Veeam Cloud Connect for the Enterprise and Veeam Backup & Replication Community Edition.
“WithSecure Intelligence identified attacks which occurred in late March 2023 against internet-facing servers running Veeam Backup & Replication software,” wrote WithSecure analysts Neeraj Singh and Mohammad Kazem Hassan Nejad.
“Our research indicates with high confidence that the intrusion set used in these attacks is consistent with activities attributed to the FIN7 activity group. It is likely that initial access and execution was achieved through a recently patched Veeam Backup & Replication vulnerability, CVE-2023-27532,” they explained.
“Our research indicates with high confidence that the intrusion set used in these attacks is consistent with activities attributed to the FIN7 activity group. It is likely that initial access and execution was achieved through a recently patched Veeam Backup & Replication vulnerability, CVE-2023-27532” Neeraj Singh and Mohammad Kazem Hassan Nejad, WithSecure
FIN7 is a prolific and dangerous financially motivated operator that has deployed multiple strains of ransomware in its attacks – including BlackCat/ALPHV, BlackMatter, DarkSide and, at one time, REvil – after pivoting to extortion from payment card data theft about three years ago.
The group may have links to multiple recent high-profile cyber attacks, including the developing heist on…
China’s Office of Cybersecurity Review on Friday announced plans to examine products that the Boise-based computer memory chip maker sells in China.
BOISE, Idaho — China’s Cyber Security Review Office announced Friday that it will implement a review of products that Micron Technology sells in China.
Micron, based in Boise, is the world’s fourth-largest semiconductor company and the leading U.S. manufacturer of computer memory. The People’s Republic of China accounted for 11% of Micron’s annual sales in 2022, according to a report in The Wall Street Journal. The company also has facilities in China as well as more than a dozen other countries around the world.
The Cyberspace Administration of China’s announcement states the office is initiating the review “in order to ensure the security of the key information infrastructure supply chain, prevent network security risks caused by hidden product problems, and maintain national security,” in accordance with China’s national security and network security laws.
In response to KTVB’s request for comment, a Micron spokesperson said the company is aware of the Cyberspace Administration of China’s announced plans to conduct the cybersecurity review.
“We are in communication with the CAC and are cooperating fully,” the statement continued. “Micron is committed to conducting all business with uncompromising integrity, and we stand by the security of our products and our commitments to customers.”
At the end of regular trading on Friday, Micron’s stock price had dropped by 4.36% for the day as news of China’s cybersecurity review announcement spread.
The announcement comes at a time of growing tensions between the U.S. and China in the geopolitical and business arenas, and at a challenging time for Micron and for the semiconductor industry in general.
“In particular, we face the threat of increasing competition…
Indian Computer Emergency Response Team (CERT-In), released multiple vulnerability notes throughout the week for security bugs detected in commonly used software. Amongst the affected software were Google’s Android and Chrome OS, Microsoft’s Edge, and Mozilla’s Thunderbird email application.
Google Android and Chrome OS
Multiple high-severity vulnerabilities were reported in Google’s Android OS which could be exploited by threat actors to obtain sensitive information, gain elevated privileges and cause a denial of services on targeted systems.
The bugs found to exist due to flaws in Android OS’ Framework, media framework, system components Google play systems, MediaTek components, Qualcomm components, and Unisoc components, could allow attackers to remotely bypass security restrictions thereby compromising the security of affected devices.
In Chrome OS multiple security bugs were detected which could be exploited by an attacker to cause a denial of service condition on targeted systems. These bugs could be exploited due to a heal buffer overflow in network services and use after free in web transport.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
A heap buffer overflow bug can be used by threat actors to use memory beyond the allocated space within a system and compromise the memory function and ability of software to function properly.
Security bugs in Android and Chrome OS were fixed with the release of updates from Google and users are advised to download and install them to ensure their security.
Microsoft Edge
A data manipulation vulnerability with low severity rating was detected in Microsoft Edge. The bug could allow remote threat actors to trigger a denial of service conditions on affected systems.
The bug in Microsoft Edge existed due to data manipulation which could be exploited by attackers by convincing users to open a maliciously crafted file, the vulnerability report shared from CERT-In shared.
Microsoft has released an update fixing the security bug and users should update their software to ensure security.
Mozilla Thunderbird
A high-severity security bug was reported in Mozilla’s Thunderbird email…
https://spinsafe.com/wp-content/uploads/2023/02/IMG_bl28_laptop_6_1_S28AQSJ0.jpg8221200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-02-11 07:30:072023-02-11 07:30:07Bug fixes this week | Vulnerabilities in Google, Microsoft, and Mozilla products fixed
The MarketWatch News Department was not involved in the creation of this content.
Jan 26, 2023 (AB Digital via COMTEX) — Mukesh Sharma, Information Security Expert, has recently launched a range of exhaustive privacy and security services to complement its digital products, famous by the name ‘CryptoSuite.’ These products are also accompanied with corresponding service range including services such as Data Encryption, Data Backup and Recovery, Data Protection, Identity and Access Management (IAM), Communication Security, Vulnerability Assessment and Penetration Testing (VAPT), and many more corresponding services.
The establishment of “CryptoSuite” was solely to change how the world provides digital security. It has particularly emphasized “preventing any kind of digital invasion of privacy.” Today, in the light of maintaining the integrity of the values in the form of products and well as services, not only do they get enforced in lives, but they also provide comprehensiveness.
Over a decade, CryptoMize has evolved into the world’s most advanced managed security and privacy in the face of products that have been set across over 300 clients. The company has received major global recognition in more than 30 countries across the globe. It is keen to utilize the experience gained over the years in the domain of privacy and security to augment its offerings by providing enhanced privacy solutions.
CryptoMize is renowned for providing an integrated platform to facilitate secure communication among the clients such as Governments Offices, Politicians. The latest range of services will further enhance the features and add robustness to the existing suite of products. The official website has been updated to “reflect the newly launched services” under the new brand name of “Privacy Enforcement,” which is further bifurcated into Privacy and Security services.
“The rebrand was necessitated by an early decision to move from our initial focus on Privacy and Security products towards a more comprehensive suite of Privacy Services. While we are still developing some anonymity services and have managed to provide our clients with comprehensive services…
https://spinsafe.com/wp-content/uploads/2020/11/mw_logo_social.png6301200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-02-04 16:00:232023-02-04 16:00:23Mukesh Sharma, a Cyber Tycoon, set the benchmark for Information Privacy Products and Services with the release of “CryptoSuite”
