VeeamON 2024 - Use Code "COMMUNITY10" for 10% Off!
Another week, another high severity vulnerability. The Zero Days have been used to compromise government networks and there is no workaround except for patching. Cisco ASA’s this time:CVE-2024-20353 (High) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2CVE-2024-20359 (High) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4hCVE-2024-20358 (Medium) - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8WysmMore info:- https://www.cisa.gov/news-events/alerts/2024/04/24/cisco-releases-security-updates-addressing-arcanedoor-vulnerabilities-cisco-firewall-platforms- https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/- https://www.helpnetsecurity.com/2024/04/24/cve-2024-20353-cve-2024-20359/- https://www.bleepingcomputer.com/news/security/ar
Hi Everyone, CISA recently published a Cybersecurity Advisory for Akira Ransomware:https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109aThe Threat Actors are gaining access to vulnerable environments via VPN which do not have multifactor authentication enabled, using known Cisco vulnerabilities, internet facing RDP access, spear phishing and valid credential abuse. However, what is most interesting is that they are also going after Veeam Backup Servers and have created their own scripts:Ensure:MFA is enabled Segment networks Patch often Review and audit user accounts Have offline and offsite backups
In case you missed the annoucement, Microsoft have released more information on their upcoming server version called, Windows Server 2025.More info here:https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858 https://techcommunity.microsoft.com/t5/windows-server-news-and-best/introducing-windows-server-2025/ba-p/4026374If you want to give it a try, the Canary version can be downloaded after joining the Insiders Preview:https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserverAnyway, I thought I would try it out and trying installing Veeam B&R on it. I mean, why not? New server OS, and the first thing to go on there is Veeam? Let’s do it.Long story short, it was plain sailing and Veeam B&R installed successfully.Confimation screen of Veeam Backup & Replication 12.1 being installed successfully Veeam B&R Console with no jobs configuredUsual caveats apply if you are going to be testing it
As it is Fridy and almost time for the weekend, here is something that is a really good read from CISA regarding the breach by malicious actor, STORM-0558.https://www.cisa.gov/resources-tools/resources/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer-2023This report stems from the Exchange Online breach that occurred during Summer 2023. What happened?A malicious actor, known as STORM-0558 managed to get a hold of a Microsoft Services Account (MSA) cryptographic key. This was then used by the malicious actor to compromise Microsoft Exchange Online mailboxes by using authentication tokens.This allowed the threat actor to access mailboxes of high-profile individuals without any indication they were breached. Microsoft was not aware they had lost control of this key until they were notified by one of the affected organisations, the US State Department, which had 60000 emails exfiltrated. From the CISA Currently, standard Microsoft 365 licenses do not come
Due to the fast moving nature of Cyber Security and trying to keep track of the news, I thought I would start a list of resources where you can sign up for notifications. Feel free to add more:CISA - https://www.cisa.gov/about/contact-us/subscribe-updates-cisa Zero Fox - https://www.zerofox.com/daily-intelligence-brief/ Help Net Security - https://www.helpnetsecurity.com/newsletter/ Cyber Scotland SC3 Reports - https://www.cyberscotland.com/news/sc3-threat-reports/ Axios Codebook - https://www.axios.com/newsletters/axios-codebook If there is one I highly recommend, it is the one from CISA.
As today is World Backup Day 2024, I thought I’d share a tale from back in the day. This was from my first proper job after university, working as a First Line Analyst (i.e., Helpdesk). I was, to say the least, ‘green behind the ears,’ as the saying goes. It was also my first time navigating the world of an office environment and working with remote offices.Let me start by setting the scene. Windows Server 2003 and Windows Server 2003 R2 were the Server Operating Systems installed on bare metal boxes. Windows XP was THE Operating System of choice, and Windows 7 had just been released. The word ‘virtualisation’ was not even something we came across. We pretty much had dedicated hardware for each server role required. Domain controller? Physical box running that role. File Server? Another dedicated box for that role. SQL Server? Yet another dedicated box. You get the picture. This, in turn, required a large amount of space to house all the servers. Additionally, installing servers meant
Hi Folks,Following on from the news regarding a backdoor in the Linux library xz, a Yara Rule is now available that can be used in Veeam 12.1 if you do not utilise a vulnerability scanner in your environment. Great way to check by leveraging Veeam to do the scanning for you. There is more info about the vulnerability on the post by @JMeixner :Yara Rule can be found here: https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
Hey folks, Here is a quick check for a Friday afternoon when it comes to your Veeam B&R installations. If you have installed Veeam B&R years and years ago and keep updating to the latest version of Veeam, have a look at the default Veeam generated Self-Signed certificate.This can be found under the Main Menu > Options > CertificateInspect the ‘Signature hash algorithm’ attribute and if it shows as ‘sha1’ it might be worth re-generating the certificate. If you have vulnerability scanners, it should pick this up.Even better, instead of using the Self-Signed Certificate, replace it with one signed by your Internal CA - https://helpcenter.veeam.com/docs/backup/vsphere/tls_internal_ca.html?ver=120To re-generate the certificate, some instructions can be found here - https://helpcenter.veeam.com/docs/backup/vsphere/self_signed_tls.html?ver=120Just bear in mind the following:IMPORTANTIf you update the TLS certificate used on the backup server, you must also update info about the
Just thought I would post this. Veeam B&R 11a is no longer officially supported. However, if you have not seen it, Veeam has published a Patch, P20240304, for those who have not been able to upgrade to Version 12 yet. Most importantly, the following were patched:VMware Virtual Disk Development Kit (VDDK) was updated to 7.0.3.4 to address CVE-2023-38545. OpenSSL was updated to v1.0.2zi to address CVE-2023-2650. liblz4 was updated to v1.9.4 to address CVE-2021-3520. zlib was updated to v1.2.13 to address CVE-2022-37434. PuTTY was updated to 0.80 to address CVE-2023-48795.More here:https://www.veeam.com/kb4245If you are still running Version 11, please upgrade to version 12. It's a smooth upgrade :)
I just wanted to take this opportunity to wish you all a very, ‘Happy International Women’s Day”.Thank you for all that you do, for the constant inspiration and the pushing of boundaries. Have a lovely weekend!
Hi Folks, VMware has released a Security Advisory with the recommend to patch now. More here:https://www.vmware.com/security/advisories/VMSA-2024-0006.htmlCVE-2024-22252 CVE-2024-22253 CVE-2024-22254 CVE-2024-22255Impacted Products:VMware ESXi VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) VMware Cloud Foundation (Cloud Foundation)
Microsoft released KB5034441 as part of Patch Tuesday. However, on Windows 10 the update is causing issues:More here:https://support.microsoft.com/en-gb/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8 SummaryThis update addresses a security vulnerability that could allow attackers to bypass BitLocker encryption by using Windows Recovery Environment (WinRE). For more information, see CVE-2024-20666. IMPORTANT Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. In this case, you will receive the following error message: Windows Recovery Environment servicing failed.(CBS_E_INSUFFICIENT_DISK_SPACE) To help you recover from this failure, please follow Instructions to manually resize your partition to install the WinRE update. Known issue Because of an issue in the error code handling rout
With the daily news of ransomware and organisations getting hacked, a big one this week was from Cloudflare getting hacked. A long read I recommend reading is the blog entry they published:https://blog.cloudflare.com/thanksgiving-2023-security-incident https://thehackernews.com/2024/02/cloudflare-breach-nation-state-hackers.htmlSummary: In November 2023, Cloudflare experienced a security breach. A threat actor gained access to their internal systems using stolen credentials. The attacker explored various resources, including the wiki, bug database, and source code repositories. Cloudflare promptly detected and blocked the intruder, conducted an investigation, and implemented security measures. Fortunately, no customer data or systems were compromised during this incident.
Just a heads up, especially for those folks that use AnyDesk. They’ve just announced a breach:https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-resets-passwords/So far, they’ve changed their code signing certificate but a lot of info is still thin on the ground.Official statement: https://anydesk.com/en/public-statement
In case anyone has not seen this and your Veeam Installation is being flagged for being Vulnerable by Vulnerability Scanning Software, have a look at the following.https://www.veeam.com/kb4523Your Veeam Installations are not vulnerable as SOCKS5 is not used and the affected binaries can be manually removed.Affects:Veeam Backup & ReplicationVeeam Agent for Microsoft WindowsVeeam Agent for LinuxVeeam Cloud ConnectJust to add, it’s great that Veeam is so open about this and provide instructions on how to mitigate it. Wish other vendors would do the same.
Intel have advised there is a new vulnerability affecting their processors. It looks like there are quite a few processors affected:CVEID: CVE-2023-23583Description: Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.CVSS Base Score: 8.8 HighCVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:Hhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html I expect they will try and mitigate via a firmware or BIOS update. Additional info:https://blogs.vmware.com/security/2023/11/cve-2023-23583.html https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html
Hi Folks, Happy Friday!Just wanted to share some awesome content I came across that is published by Veeam and well worth a read:What Is Azure Security? Fundamentals & Key Concepts - https://www.veeam.com/blog/what-is-azure-security-fundamentals-key-concepts.html The Top 5 Benefits of Automating Your Cybersecurity Plan - https://www.veeam.com/blog/top-5-benefits-automating-cyber-security-plan.html Getting Started with Kubernetes Security: A Beginner’s Guide - https://www.veeam.com/blog/getting-started-kubernetes-security.html What Is Separation of Duties in Cybersecurity? - https://www.veeam.com/blog/separation-of-duties-cybersecurity.html Mastering YARA Rules: Malware Detection and Analysis - https://www.veeam.com/blog/yara-rules-malware-detection-analysis.html Top Threats in Microsoft 365 Security - Top Threats in Microsoft 365 Security (veeam.com)
VMware have released version 12.1.5 of VMware Tools patching the following:This is a maintenance release of VMware Tools to provide fixes for critical product issues and security issues. Updated OpenSSL to 3.0.7 Updated zlib to 1.2.12 with additional fixes Updated GLib to 2.56.3 with additional fixes Updated libxml2 to 2.10.2 This release resolves CVE-2022-31693. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2022-0029.html. More: https://docs.vmware.com/en/VMware-Tools/12.1/rn/vmware-tools-1215-release-notes/index.htmlCrucially OpenSSL has been updated.
Some late breaking news. Okta suffered a breach to their Support Case Management System which potentially resulted in HTTP Archive Files being accessed.More here: https://sec.okta.com/harfiles & https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/
Hi folks,Has anyone performed the migration of a AWS storage gateway from an older version to a new version connected to Veeam as a VTL? Is there anything to be aware of?
If you haven’t already done so, you can enable ‘External’ tagging in Outlook for your Microsoft Office 365 tenant. This allows any external emails to be tagged which can be helpful if someone tries to impersonate emails or for attempted Phishing emails. Resource: Set-ExternalInOutlook (ExchangePowerShell) | Microsoft LearnQuite simple to enable:Connect to Exchange Online using Powershell Connect-ExchangeOnline -UserPrincipleName user@domain.com Check status Get-ExternalInOutlook If set to false, to enable Set-ExternalInOutlook -Enabled $true To exclude a domain from being tagged: Set-ExternalInOutlook -AllowList “example.com” To exclude an email from being tagged Set-ExternalInOutlook -AllowList “admin@example.com”
Hello everyone! Apologies for the delay in this installment of Security Fridays. There have been quite a few things going on. I was in New York for a conference, and then it was my best friend's wedding followed by more wedding invitations to attend. The weather has been glorious, and I hope you have been making the most of summer so far.Today, we're talking about the external attack surface of an organization.When it comes to securing an organization, a huge emphasis is placed on patching workstations, securing the internal network, segregating devices, and network traffic scanning, among other things. All of this takes place internally.However, what about your external-facing assets, systems, and interfaces? For example, think of it as a locked door that only allows certain traffic through. What if the door has a weakness? A pane of glass that has developed a hairline crack that can only be seen at the right angle. If you're not looking for it, you may not see it.To understand the ex
Another day, another breach. This time threat actors have breached Barracuda ESG Appliances. If any folk as using these appliances, it might be worth giving them a check under direction of the vendor.More here: Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)
For those folks who use MOVEit Transfer and MOVEit Cloud, that was recently exploited by the CL0P Ransomware gang, patches are now available so patch ASAP. Looks like a lot of organisations may have been affected with data loss. CISA Guidance: #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability | CISASophos: Update 1: Information on MOVEit Transfer and MOVEit Cloud Vulnerability CVE-2023-34362 – Sophos NewsProgress Guidance: MOVEit Transfer Critical Vulnerability (May 2023) - Progress Community
In short, a zero-day vulnerability is a security flaw in software, hardware, or firmware that the original developer or vendor is unaware of before it is exploited. The term "zero-day" indicates that the software developer or vendor has had no time (zero days) to patch or provide a workaround to mitigate the vulnerability. This type of vulnerability is considered one of the most dangerous, as there is no available patch or workaround to address the flaw. Consequently, the vendor requires time to investigate the flaw once it becomes known, giving malicious actors the opportunity to exploit it.Moreover, zero-days are highly sought after by malicious actors and intelligence agencies, as they provide an advantage over their adversaries. They allow for the exploitation of remote systems without detection and can be leveraged to carry out targeted attacks, gain unauthorized access, execute malicious code, exfiltrate data, and insert backdoors.Furthermore, zero-days are challenging to detect
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
