Two critical vulnerabilities in Veeam's Backup & Replication enterprise backup offering have been noted by the Cybersecurity and Infrastructure Security Agency to be actively abused in attacks, prompting their inclusion in the agency's Known Exploited Vulnerabilities Catalog, reports SecurityWeek.
Remote attackers could exploit the already patched flaws, tracked as CVE-2022-26500 and CVE-2022-26501, to enable arbitrary code execution and system takeovers, according to CISA. While CISA has not provided details on the attacks exploiting the vulnerabilities, both flaws were reported by CloudSEK in October to have been exploited by a weaponized remote code execution tool being promoted by various threat actors.
"This is another reminder for companies and organizations to review their own internal cybersecurity efforts to ensure that software and operating systems are patched and updated, that identities are being securely managed, and that progress is being made towards the adoption of zero-trust technologies, including encryption," said Veeam Vice President of Enterprise Strategy Dave Russell.
Three other vulnerabilities impacting Citrix, Fortinet, and Microsoft products have also been added to CISA's catalog.
OpenSea has confirmed being impacted by a third-party security breach, marking the third attack against the major non-fungible token marketplace following a third-party hack and phishing incident in June 2022 and February 2022, respectively, SiliconAngle reports.
Nansen impacted by third-party breach BleepingComputer reports that Ethereum blockchain analytics firm Nansen has disclosed that its third-party authentication provider was impacted by a data breach, which resulted in the compromise of data from 6.8% of its user base over a 48-hour period.