The original post: /r/cybersecurity by /u/blackpoint_APG on 2024-10-11 17:30:25.

Veeam released a security bulletin on September 4, 2024 for several Critical- and High-rated CVEs for Veeam Backup & Replication (VBR), including:

  • CVE-2024-40711, a remote code execution vulnerability without needing authentication - affecting versions 12.1.2.172 and earlier.

Active exploitation has been observed in the wild by ransomware groups like Akira and Fog. Immediate action is recommended: Update VBR to the latest version to patch the vulnerability.

Relevant links: