Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution.
The list of shortcomings is below -

CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.


CVE-2024-42024 (CVSS score: 9.1

Threat Prevention / Software Security

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution.

The list of shortcomings is below -

*   **CVE-2024-40711 (CVSS score: 9.8)** - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.

*   **CVE-2024-42024 (CVSS score: 9.1)** - A vulnerability in Veeam ONE that enables an attacker in possession of the Agent service account credentials to perform remote code execution on the underlying machine

*   **CVE-2024-42019 (CVSS score: 9.0)** - A vulnerability in Veeam ONE that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account

*   **CVE-2024-38650 (CVSS score: 9.9)** - A vulnerability in Veeam Service Provider Console (VPSC) that allows a low privileged attacker to access the NTLM hash of the service account on the server

*   **CVE-2024-39714 (CVSS score: 9.9)** - A vulnerability in VPSC that permits a low-privileged user to upload arbitrary files to the server, resulting in remote code execution on the server

In addition, the September 2024 updates address 13 other high-severity flaws that could permit privilege escalation, multi-factor authentication (MFA) bypass, and execute code with elevated permissions.

All the issues have been addressed in the below versions -

*   Veeam Backup & Replication 12.2 (build 12.2.0.334)
*   Veeam Agent for Linux 6.2 (build 6.2.0.101)
*   Veeam ONE v12.2 (build 12.2.0.4093)
*   Veeam Service Provider Console v8.1 (build 8.1.0.21377)
*   Veeam Backup for Nutanix AHV Plug-In v12.6.0.632
*   Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299

With flaws in Veeam software Users becoming a lucrative target for threat actors to serve ransomware, users are advised to update to the latest version as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

With 20,000 internet providers across the country, the technical challenges of blocking X in Brazil mean some connections are slipping through the cracks.

The social network X has been largely inaccessible in Brazil since Saturday, after the country's Supreme Court ordered all mobile and internet service providers to block the platform. The court order followed a months-long dispute between Judge Alexandre de Moraes and X CEO Elon Musk over the company's misinformation, hate speech, and moderation policies.

With Brazil's population of 215 million people, its mature democracy, its sprawling land mass, and more than 20,000 internet service providers, blocking a web platform in the South American nation isn't straightforward. And while the biggest ISPs have implemented the ban, many are still scrambling to comply with the order, leaving a patchwork of access to the site.

“Brazil has made headway blocking X on the main internet providers, but our telemetry indicates there’s a long tail of local and regional ISPs where the service is still available,” says Isik Mater, director of research at the internet censorship analysis group NetBlocks.

The Open Observatory of Network Interference reported that a similar progression played out when Brazil’s Federal Police obtained a court order in April 2023 for ISPs to block the communication platform Telegram because it would not fully share information about users involved in neo-Nazi group chats. Some large ISPs began blocking Telegram immediately. “However, the block was not implemented by all ISPs in Brazil, nor was it implemented in the same way,” the group wrote. “This suggests lack of coordination between providers, and that each ISP implemented the block autonomously.”

A similar progression has been playing out with the X ban. Brazil's 20,000 ISPs produce a notably competitive market, but only a few have infrastructure nationwide. About 40 percent are tiny regional providers with 5,000 customers or fewer. The human and digital rights watchdog Freedom House rates Brazil's internet freedom as “partly free” and trending to be more restrictive, because of the country's far-reaching efforts to crack down on political misinformation in recent years and its three-day ban on Telegram. Brazil also blocked the secure communication platform WhatsApp in December 2015 and again in May 2016 because it did not respond to similar data requests.

Brazil's National Telecommunications Agency did not respond to WIRED's multiple requests for comment.

Unlike in countries including Russia, Iran, and China, there is currently no legal apparatus or technical infrastructure by which the Brazilian government can systematically and comprehensively restrict access to particular websites or online platforms, or impose connectivity blackouts on its citizens.

Reports indicate many Brazilian ISPs that have implemented the ban are using the technique known as “DNS filtering” to block access to X. The domain name system is the internet's phonebook for looking up the IP addresses associated with URLs such as www.wired.com. DNS queries are sent to a DNS “resolver” that does the IP address lookups, and ISPs can configure their resolvers to filter or block requests for particular websites.

Mobile apps like X's Android and iOS apps don't rely on DNS, though, so DNS filtering alone is not enough to block all connections to a web platform. Some Brazilian ISPs seem to also be using IP address “sinkholing”—redirecting online traffic to a different server than the users intended to visit—as a way to send traffic meant for X into the abyss.

“We’re seeing variation by provider in Brazil, and right now it looks they’re each trying their own thing to see what works,” NetBlocks’ Mater says. “Brazil has a diverse network infrastructure with lots of ways for data to enter and leave the country, so there isn’t that centralized choke point and ‘kill switch’ we see in \[some\] authoritarian-leaning countries.”

VPN usage has surged in Brazil this week under the ban as a way around ISP attempts to block X, but the court order ban includes a provision stating people could be charged a fine of 50,000 reais—around $8,900—per day for using circumvention tools like VPNs.

Why It's So Hard to Fully Block X in Brazil

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component.

**Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill**

Moderate severity GitHub Reviewed Published Sep 5, 2024 to the GitHub Advisory Database • Updated Sep 6, 2024

GHSA-g6q4-w3j3-jfc4: Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

Intermountain Planned Parenthood of Montana suffered a cyberattack which has been claimed by a ransomware group

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group.

Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provides sexual health care services. It is not yet known whether any personal information about patients might have been stolen, but that could potentially be devastating.

The patients who rely on Planned Parenthood for care are frequently low-income and face health care disparities due to race, gender, sexuality, or because they live in underserved areas. Sometimes they are minors that have been in contact with the criminal justice system, and they are not eligible for insurance or depend on Medicaid Expansion for coverage.

The group behind the attack, Ransomhub, has claimed responsibility on their leak site where they threaten to publish stolen data to increase the leverage over their victims.

Planned Parenthood listed on RansomHub’s leak site

> “Intermountain Planned Parenthood, a leading nonprofit organization, is dedicated to empowering individuals in Montana to make informed decisions regarding their sexual and reproductive health.”

The listing on the leak site shows financial information, court papers, and insurance certificates. Ransomhub set a timer for Planned Parenthood. The timer counts to September 11 before the release of all the data.

Timer before release of the data

Ransomhub listed the size of the data set at 93 GB, but ransomware groups have been known to exaggerate, lie, and mislead. They are criminals after all.

As laid out in a recent joint advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS),  RansomHub is a relatively new but very active Ransomware-as-a-Service group known to target healthcare organizations and other critical infrastructure sectors.

According to a recent ThreatDown ransomware report, healthcare and education are the hardest hit sector after “Services” in the US, accounting for 60% and 71% of global attacks in these sectors, respectively.

And in the ThreatDown Ransomware Review of August 2024 we can see that Ransomhub was the gang responsible for the largest number of known attacks in July.

This story will be updated once we find out more about the nature of the stolen data.

****Protecting yourself after a data breach****

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Planned Parenthood partly offline after ransomware attack 

Aplikasi Sistem Sekolah using CodeIgniter 3 versions 3.0.0 through 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ============================================================================================================================================| # Title     : ASIS | Aplikasi Sistem Sekolah using CodeIgniter 3 - SQL Injection Authentication Bypass                                   || # Author    : checkgue                                                                                                                   || # Tested on : windows 10 (Home) / Browser : Google Chrome 128.0.6613.114 (Official Build) (64-bit)                                       || # Vendor    : https://www.facebook.com/groups/181558652941070/                                                                           |============================================================================================================================================poc :[+] Dorking İn Google or Other Search Enggine. "ASIS | Aplikasi Sistem Sekolah"[+] Use payload : user & pass = ' or 0=0 ##[+] Panel : http://localhost/asispanel/CVE: CVE-2024-45622References:https://aegislens.com/home/cve-2024-45622/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45622https://www.cve.org/CVERecord?id=CVE-2024-45622https://nvd.nist.gov/vuln/detail/CVE-2024-45622https://github.com/atoz-chevara/cve/blob/main/2024/ASIS_AplikasiSistemSekolah_Using_CodeIgniter3-SQL_Injection_Authentication_Bypass.mdhttps://github.com/advisories/GHSA-8hxv-6g4p-2w59Greetings to : =====Meta4sec * Bungker |====================

ASIS 3.2.0 SQL Injection

Ubuntu Security Notice 6989-1 - Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data.

    ==========================================================================Ubuntu Security Notice USN-6989-1September 04, 2024ironic vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:OpenStack could be made to expose sensitive information.Software Description:- ironic: Openstack bare metal provisioning service - APIDetails:Dan Smith, Julia Kreger and Jay Faulkner discovered that inimage processing for Ironic, a specially crafted imagecould be used by an authenticated user to exploit undesired behaviorsin qemu-img, including possible unauthorized access to potentiallysensitive data.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  python3-ironic                  1:24.1.1-0ubuntu1.2Ubuntu 22.04 LTS  python3-ironic                  1:20.1.0-0ubuntu1.2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6989-1  CVE-2024-44082Package Information:  https://launchpad.net/ubuntu/+source/ironic/1:24.1.1-0ubuntu1.2  https://launchpad.net/ubuntu/+source/ironic/1:20.1.0-0ubuntu1.2

Ubuntu Security Notice USN-6989-1

Red Hat Security Advisory 2024-6358-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6358.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-urllib3 security updateAdvisory ID:        RHSA-2024:6358-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6358Issue date:         2024-09-04Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Red Hat Security Advisory 2024-6358-03

Red Hat Security Advisory 2024-6311-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6311.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: resource-agents security update  
Advisory ID:        RHSA-2024:6311-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6311  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2024-6345  
====================================================================

Summary: 

An update for resource-agents is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.

Security Fix(es):

* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)

* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-6345

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2292788  
https://bugzilla.redhat.com/show_bug.cgi?id=2297771  
https://issues.redhat.com/browse/RHEL-50041

Red Hat Security Advisory 2024-6311-03

Red Hat Security Advisory 2024-6310-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6310.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: resource-agents security updateAdvisory ID:        RHSA-2024:6310-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6310Issue date:         2024-09-04Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Red Hat Security Advisory 2024-6310-03

Red Hat Security Advisory 2024-6309-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6309.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: fence-agents security updateAdvisory ID:        RHSA-2024:6309-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6309Issue date:         2024-09-04Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for fence-agents is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788https://bugzilla.redhat.com/show_bug.cgi?id=2297771

Tag

#auth