Critical Veeam RCE bug now used in Frag ransomware attacks

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware.

Code White security researcher Florian Hauser found that the vulnerability (tracked as CVE-2024-40711) is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to gain remote code execution (RCE) on Veeam VBR servers.

watchTowr Labs, which published a technical analysis on CVE-2024-40711 on September 9, delayed releasing a proof-of-concept exploit until September 15 to give admins enough time to apply security updates issued by Veeam on September 4.

Veeam says over 550,000 customers worldwide use its products, including roughly 74% of all companies in the Global 2,000 list.

See more: https://www.bleepingcomputer.com/news/security/critical-veeam-rce-bug-now-used-in-frag-ransomware-attacks/

#cybersecurity #ransomware