{"vulnerability": "CVE-2023-2753", "sightings": [{"uuid": "332cfd44-8aec-459e-b6f8-3692669da87c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2753", "type": "seen", "source": "https://t.me/cibsecurity/64300", "content": "\u203c CVE-2023-2753 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T12:31:06.000000Z"}, {"uuid": "edc92dbf-1bf4-46a9-9375-eb7cefe7bf1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27535", "type": "seen", "source": "https://t.me/cibsecurity/61216", "content": "\u203c CVE-2023-27535 \u203c\n\nAn authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:37:51.000000Z"}, {"uuid": "89c517f9-782a-463f-b87b-b293eba939af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27533", "type": "seen", "source": "https://t.me/cibsecurity/61209", "content": "\u203c CVE-2023-27533 \u203c\n\nA vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:34:49.000000Z"}, {"uuid": "a8d189bb-b9b8-40d6-a171-9dcc78c5e110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27536", "type": "seen", "source": "https://t.me/cibsecurity/61208", "content": "\u203c CVE-2023-27536 \u203c\n\nAn authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:31:48.000000Z"}, {"uuid": "4ac87375-8b1e-436e-a025-a4263537fbdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27537", "type": "seen", "source": "https://t.me/cibsecurity/61206", "content": "\u203c CVE-2023-27537 \u203c\n\nA double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate \"handles\". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:31:46.000000Z"}, {"uuid": "25a37b9a-a49e-4163-b991-c44389e552e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27538", "type": "seen", "source": "https://t.me/cibsecurity/61201", "content": "\u203c CVE-2023-27538 \u203c\n\nAn authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:21:37.000000Z"}, {"uuid": "58d76e29-5bef-4f76-8d69-e8836dd94333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27534", "type": "seen", "source": "https://t.me/cibsecurity/61200", "content": "\u203c CVE-2023-27534 \u203c\n\nA path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:21:36.000000Z"}, {"uuid": "71c78ac4-c35a-420f-b1b2-738c6a75ce7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27530", "type": "seen", "source": "https://t.me/cibsecurity/59846", "content": "\u203c CVE-2023-27530 \u203c\n\nA DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-11T00:27:23.000000Z"}, {"uuid": "73deead8-1ad6-4246-8721-14b228bae3ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7154", "content": "Veeam Backup and Replication CVE-2023-27532 Deep Dive\n\nhttps://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/", "creation_timestamp": "2023-03-23T16:11:39.000000Z"}, {"uuid": "e7ef10d7-04b7-4a49-9a2f-168006e867c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://www.acn.gov.it/portale/w/qilin-campagne-di-sfruttamento-sistematico-e-diffusione-del-ransomware-sul-territorio-nazionale", "content": "", "creation_timestamp": "2026-05-28T01:01:00.000000Z"}, {"uuid": "67a227c1-ea87-47e4-816a-0d9dbc339048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971870", "content": "", "creation_timestamp": "2024-12-24T20:35:03.127653Z"}, {"uuid": "1cb1c358-35bc-419c-bea1-6cd65659b156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2023-27531", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795675424067393", "content": "", "creation_timestamp": "2025-01-09T00:56:48.153751Z"}, {"uuid": "89f2407b-0076-4d7c-b9d5-920d496c8dc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27531", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbivmmjpg25", "content": "", "creation_timestamp": "2025-01-09T01:15:37.248972Z"}, {"uuid": "66d62fe5-934f-4ce6-8080-29e77c74fba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27539", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbivpize52f", "content": "", "creation_timestamp": "2025-01-09T01:15:40.478080Z"}, {"uuid": "580a12de-0333-4c77-9d95-54abc6454c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://gist.github.com/nikhilpatidar01/cf6671e0be186167bd8cd7c4c7ac34ca", "content": "", "creation_timestamp": "2025-11-08T12:44:26.000000Z"}, {"uuid": "381a9385-e3bc-4552-a515-95cb1738dbf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "MISP/c9834322-1956-45b0-9709-84cb2d0eddd5", "content": "", "creation_timestamp": "2025-09-22T12:23:08.000000Z"}, {"uuid": "431f7af4-bcbd-491a-b7e4-e40832040166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://bsky.app/profile/0xdf.bsky.social/post/3mdfthund7u23", "content": "", "creation_timestamp": "2026-01-27T13:11:15.041983Z"}, {"uuid": "715dc7dd-b5fc-42b9-8976-0f9919361118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bd8c2bd2-f671-4943-90e4-4d5b0d6f4f8f", "content": "", "creation_timestamp": "2026-02-02T12:26:53.518751Z"}, {"uuid": "a74679f1-4000-4152-b4f7-6ce30b0864c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/road_to_oscp/196", "content": "#veeam #cve\n\nVeeam Backup and Replication (CVE-2023-27532)\nAllows an unauthenticated user with access to the Veeam backup service (TCP 9401 by default) to request cleartext credentials.\n\nThanks to: \u0420\u0443\u0441\u043b\u0430\u043d\n\nhttps://github.com/horizon3ai/CVE-2023-27532", "creation_timestamp": "2023-03-23T13:49:43.000000Z"}, {"uuid": "0dbf4eef-1800-4b2b-be13-caf789a60cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4020", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExploit for CVE-2023-27532 against Veeam Backup & Replication\nURL\uff1ahttps://github.com/sfewer-r7/CVE-2023-27532\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-03-23T18:13:20.000000Z"}, {"uuid": "c48c2a50-9b6c-4f7e-a2fc-40eb3f00502d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://t.me/itsec_news/2607", "content": "\u200b\u26a1\ufe0f \u0425\u0430\u043a\u0435\u0440\u044b \u0432\u0435\u0440\u043d\u0443\u043b\u0438\u0441\u044c \u0441 \u043d\u043e\u0432\u044b\u043c \u0440\u0430\u043d\u0441\u043e\u043c\u0432\u0430\u0440\u043e\u043c Clop.\n\n\ud83d\udcac \u0417\u043d\u0430\u043c\u0435\u043d\u0438\u0442\u0430\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 FIN7, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Carbanak, ELBRUS \u0438 Sangria Tempest, \u0432\u043e\u0437\u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0441\u0432\u043e\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u0441\u043b\u0435 \u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u0440\u044b\u0432\u0430. \u0412 \u0430\u043f\u0440\u0435\u043b\u0435 2023 \u0433\u043e\u0434\u0430 Microsoft \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 Clop \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u0442\u043e \u043f\u0435\u0440\u0432\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e \u0441 \u043a\u043e\u043d\u0446\u0430 2021 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Microsoft, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 PowerShell \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POWERTRASH \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u043e\u0441\u0442-\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Lizar (aka DICELOADER \u0438\u043b\u0438 Tirion) \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0446\u0435\u043b\u0435\u0432\u044b\u043c \u0441\u0435\u0442\u044f\u043c. \u0417\u0430\u0442\u0435\u043c \u043e\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 OpenSSH \u0438 Impacket \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043f\u043e \u0441\u0435\u0442\u0438 \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f Clop-\u0440\u0430\u043d\u0441\u043e\u043c\u0432\u0430\u0440\u0430.\n\nFIN7 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u044e\u0442 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a Black Basta, DarkSide, REvil \u0438 LockBit.\n\nFIN7 \u0430\u043a\u0442\u0438\u0432\u043d\u0430 \u0441 2012 \u0433\u043e\u0434\u0430 \u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043a\u0440\u0430\u0436\u0435 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441 \u043f\u043b\u0430\u0442\u0435\u0436\u043d\u044b\u0445 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u043e\u0432. \u0413\u0440\u0443\u043f\u043f\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u0441\u043f\u0435\u043a\u0442\u0440 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0438\u0437 \u0440\u0430\u0437\u043d\u044b\u0445 \u043e\u0442\u0440\u0430\u0441\u043b\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u043a\u043e\u043d\u0441\u0430\u043b\u0442\u0438\u043d\u0433, \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0443\u0441\u043b\u0443\u0433\u0438, \u043c\u0435\u0434\u0438\u0446\u0438\u043d\u0441\u043a\u043e\u0435 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435, \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u0421\u041c\u0418, \u043f\u0438\u0449\u0435\u0432\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c, \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442 \u0438 \u043a\u043e\u043c\u043c\u0443\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0441\u043b\u0443\u0433\u0438.\n\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442 \u043d\u0435\u043e\u0431\u044b\u0447\u043d\u044b\u0435 \u0442\u0430\u043a\u0442\u0438\u043a\u0438, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u2013 Combi Security \u0438 BastionSecure \u2013 \u0434\u043b\u044f \u043d\u0430\u0439\u043c\u0430 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439.\n\n\u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435 IBM Security X-Force \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 , \u0447\u0442\u043e \u0447\u043b\u0435\u043d\u044b \u0442\u0435\u043f\u0435\u0440\u044c \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0433\u0440\u0443\u043f\u043f\u044b Conti \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u043e\u0432\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Domino, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043e \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u043a\u0430\u0440\u0442\u0435\u043b\u0435\u043c.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 FIN7 POWERTRASH \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 Lizar \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u043e \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u043e WithSecure \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u0435\u043b\u044c \u043d\u0430\u0437\u0430\u0434 \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u043c\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Veeam Backup & Replication (CVE-2023-27532) \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e FIN7 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c\u0441\u044f \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u0436\u0435\u0440\u0442\u0432 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0435\u0439 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0438 \u043c\u043e\u043d\u0435\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0430 \u043e\u0442 \u043a\u0440\u0430\u0436\u0438 \u043f\u043b\u0430\u0442\u0435\u0436\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443.\n\n\u0412 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430 FIN7 \u043d\u0430\u0447\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c RaaS-\u043c\u043e\u0434\u0435\u043b\u044c (ransomware-as-a-service), \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u043e \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043f\u0440\u0438\u0431\u044b\u043b\u044c\u043d\u044b\u043c \u0434\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u0445\u0430\u043a\u0435\u0440\u043e\u0432. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 Mandiant \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 , \u0447\u0442\u043e FIN7 \u0434\u043e \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u0444\u0438\u043d\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 REvil , DarkSide , BlackMatter \u0438 BlackCat . \u041d\u043e \u0442\u0435\u043f\u0435\u0440\u044c \u0433\u0440\u0443\u043f\u043f\u0430 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e FIN7 \u0441\u0442\u043e\u044f\u043b\u0430 \u0437\u0430 \u0430\u0442\u0430\u043a\u043e\u0439 \u043d\u0430 Colonial Pipeline \u0432 2021 \u0433\u043e\u0434\u0443, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u043d\u0435\u0445\u0432\u0430\u0442\u043a\u0435 \u0442\u043e\u043f\u043b\u0438\u0432\u0430 \u043d\u0430 \u0432\u043e\u0441\u0442\u043e\u043a\u0435 \u0421\u0428\u0410. \u0422\u0430\u043a\u0436\u0435 \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0424\u0411\u0420 , \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u0438 FIN7 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u044b\u0441\u043e\u043a\u043e\u043a\u0432\u0430\u043b\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u043c\u0438\u0441\u044f \u0432 \u0420\u043e\u0441\u0441\u0438\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-05-20T11:16:35.000000Z"}, {"uuid": "56070a7b-a94f-42f6-a20c-fc5effdc8247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/43", "content": "https://github.com/sfewer-r7/CVE-2023-27532", "creation_timestamp": "2023-04-24T20:02:56.000000Z"}, {"uuid": "dbb894be-e592-4407-a558-b17cc27034e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2774", "content": "Veeam Backup and Replication (CVE-2023-27532)\n\nVulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.\n\nResearch: \nhttps://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/\n\nExploit 1:\nhttps://github.com/sfewer-r7/CVE-2023-27532\n\nExploit 2:\nhttps://github.com/horizon3ai/CVE-2023-27532\n\n#veeam #credentials #rce #cve", "creation_timestamp": "2024-10-20T07:07:24.000000Z"}, {"uuid": "3517f6fb-3624-410a-bca8-9c46ab270978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://t.me/alexredsec/357", "content": "\u0423\u0436\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \"\u043f\u043e\u0447\u0442\u0438 \u043f\u043e\u043b\u0443\u0433\u043e\u0434\u043e\u0432\u044b\u0435\" \u0438\u0442\u043e\u0433\u0438 \u0437\u0430 2023 \u0433\u043e\u0434 - \u0432\u0440\u0435\u043c\u044f \u043b\u0435\u0442\u0438\u0442\ud83d\ude05\n\u0412\u043e\u0442 \u0440\u0435\u0431\u044f\u0442\u0430 \u0438\u0437 PRIOn \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0443 \u043f\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0432 \u044d\u0442\u043e \u0433\u043e\u0434\u0443 - \u0438\u0445 \u043d\u0430\u0441\u0447\u0438\u0442\u0430\u043b\u0438 44 \u0448\u0442\u0443\u043a\u0438.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \"\u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435\" \u043f\u043e \u0432\u0435\u0440\u0441\u0438\u0438 PRIOn:\n\u27a1\ufe0fCVE-2023-23397 [Microsoft Outlook] - \u0441\u0430\u043c\u0430\u044f \ud83d\udd25 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442. \u0410\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 APT28.\n\u27a1\ufe0fCVE-2023-27350  [PaperCut NG] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430\u043c\u0438.\n\u27a1\ufe0fCVE-2023-28771 [Zyxel] \u0438 CVE-2023-1389 [TP-Link] - \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u043c\u043e\u0433\u0430\u043b\u0438 \u043f\u043e\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0440\u044f\u0434\u044b \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Mirai\ud83d\ude08\n\u27a1\ufe0fCVE-2023-0669 [Fortra GoAnywhere MFT] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Clop.\n\u27a1\ufe0fCVE-2023-2868 [Barracuda ESG] - \u043f\u043e\u043a\u0430 \u043d\u0438\u043a\u043e\u043c\u0443 \u043d\u0435 \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u043d\u043d\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445.\n\u27a1\ufe0fCVE-2023-24880 [Microsoft Windows SmartScreen] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Magniber.\n\u27a1\ufe0fCVE-2023-28252 [Microsoft Windows 10] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Nokoyama.\n\u27a1\ufe0fCVE-2023-27532 [Veeam Backup] - \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e\u0442\u0435\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 APT-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 FIN7.\n\u27a1\ufe0fCVE-2023-34362 [MOVEit Transfer] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 APT-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430\u043c\u0438.\n\n\u041d\u0443 \u0438 \u0422\u041e\u041f-3 \u0442\u0438\u043f\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\u27a1\ufe0fPrivilege Escalation\n\u27a1\ufe0fSecurity Feature Bypass\n\u27a1\ufe0fCommand Injection", "creation_timestamp": "2023-06-07T15:59:32.000000Z"}, {"uuid": "8fa3c633-481d-4c66-a366-a6f6202e6120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://t.me/kasperskyb2b/511", "content": "\ud83d\udde3\u0414\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438:\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c OneNote \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 Microsoft \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0443\u0441\u0438\u043b\u0435\u043d\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 OneNote-\u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0430\u043f\u0440\u0435\u043b\u044f. \u0415\u0441\u043b\u0438 \u043d\u0435 \u0436\u0435\u043b\u0430\u0435\u0442\u0435 \u0436\u0434\u0430\u0442\u044c \u043c\u0438\u043b\u043e\u0441\u0442\u0435\u0439 \u043e\u0442 \u043f\u0440\u0438\u0440\u043e\u0434\u044b \u0420\u0435\u0434\u043c\u043e\u043d\u0434\u0430, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f OneNote \u0446\u0435\u043b\u0438\u043a\u043e\u043c \u0438\u043b\u0438 \u043f\u043e \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f\u043c \u043c\u043e\u0436\u043d\u043e \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u0438\u0442\u0438\u043a Microsoft 365.\n\n\u2705 Github \u0432\u0432\u043e\u0434\u0438\u0442 c \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0435\u0433\u043e \u0434\u043d\u044f \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u0443\u044e 2FA \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432. \u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c \u0442\u0430\u043a\u0436\u0435, \u0447\u0442\u043e \u0441 1 \u043c\u0430\u0440\u0442\u0430 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u043e\u0445\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Jenkins (CVE-2023-27898, 27899, 27905) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.  \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Jenkins / Jenkins LTS, \u0430 \u0442\u0430\u043a\u0436\u0435 update-center2.\n\n\u0421\u0440\u043e\u0447\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f FortiOS \u0438 FortiProxy \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 buffer underflow, \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 FortiGate \u0438 FortiWiFi (CVE-2023-25610, CVSS 9.3).\n\n\u0421\u0442\u0430\u0440\u044b\u0435, \u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMWare Cloud Foundation (CVE-2021-39144, CVSS 9.8) \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u0421\u0442\u043e\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0430\u0442\u0447\u0438 \u0431\u044b\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u044b. \n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u0439  Veeam Backup & Replication \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438, \u043a\u0430\u043a \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u2014 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (CVE-2023-27532, CVSS 7.5). \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043d\u043e\u0439 \u043c\u0435\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a TCP \u043f\u043e\u0440\u0442\u0443 9401 \u043d\u0430 backup-\u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u27a1\ufe0f \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Kaspersky ICS \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u0437\u043e\u0440 \u043b\u0430\u043d\u0434\u0448\u0430\u0444\u0442\u0430 \u0443\u0433\u0440\u043e\u0437 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u2014 \u0432 \u0420\u0424 \u0447\u0430\u0449\u0435 \u0441\u0442\u0430\u043b\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0442\u044c\u0441\u044f \u0430\u0442\u0430\u043a\u0430\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0437 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438, \u0438\u043d\u0436\u0438\u043d\u0438\u0440\u0438\u043d\u0433\u0430 \u0438 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u044f.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442", "creation_timestamp": "2023-03-13T09:03:22.000000Z"}, {"uuid": "8cf7db62-43de-461a-a804-bb073c72cfb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27539", "type": "seen", "source": "https://t.me/ctinow/130895", "content": "https://ift.tt/4cWIGJk\nInternet Bug Bounty: [CVE-2023-27539] Possible Denial of Service Vulnerability in Rack\u2019s header parsing", "creation_timestamp": "2023-08-16T15:18:02.000000Z"}, {"uuid": "973a81f9-c500-4524-a95a-bd163dc8c3e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27531", "type": "seen", "source": "https://t.me/ctinow/130894", "content": "https://ift.tt/X5glIF2\nInternet Bug Bounty: [CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON", "creation_timestamp": "2023-08-16T15:18:00.000000Z"}, {"uuid": "9a9001eb-af4b-4951-bfed-2e66c1548d5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://t.me/ctinow/98243", "content": "Veeam Backup & Replication admins, get patching! (CVE-2023-27532)\n\nhttps://ift.tt/wAlGyED", "creation_timestamp": "2023-03-10T07:02:05.000000Z"}, {"uuid": "1a84b939-e1c5-4d8e-8fbc-fb46672cdc31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27536", "type": "seen", "source": "https://t.me/ctinow/100330", "content": "Internet Bug Bounty: CVE-2023-27536: GSS delegation too eager connection re-use\n\nhttps://ift.tt/H0N1JG8", "creation_timestamp": "2023-03-20T23:31:54.000000Z"}, {"uuid": "cc52e474-b0be-4df6-8e6e-0a6b10fc6aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27535", "type": "seen", "source": "https://t.me/ctinow/100329", "content": "Internet Bug Bounty: CVE-2023-27535: FTP too eager connection reuse\n\nhttps://ift.tt/S186y07", "creation_timestamp": "2023-03-20T23:31:53.000000Z"}, {"uuid": "51dc0ee2-0537-4493-8f48-ec21a9715e76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27534", "type": "seen", "source": "https://t.me/ctinow/100328", "content": "Internet Bug Bounty: CVE-2023-27534: SFTP path ~ resolving discrepancy\n\nhttps://ift.tt/CQNnxX4", "creation_timestamp": "2023-03-20T23:31:52.000000Z"}, {"uuid": "2bbee9cd-31c0-48a3-b3ec-f9ed1708a305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27533", "type": "seen", "source": "https://t.me/ctinow/100327", "content": "Internet Bug Bounty: CVE-2023-27533: TELNET option IAC injection\n\nhttps://ift.tt/0OHPoYA", "creation_timestamp": "2023-03-20T23:31:51.000000Z"}, {"uuid": "b32a166b-b5dc-4a17-a2d4-8abd48677a25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27537", "type": "seen", "source": "https://t.me/ctinow/100169", "content": "curl: CVE-2023-27537: HSTS double-free\n\nhttps://ift.tt/2hm3xgw", "creation_timestamp": "2023-03-20T13:41:41.000000Z"}, {"uuid": "02c1ac78-a616-420c-8a98-bbad9825b4f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "Telegram/K1RTlZGyKM2ZoykzPyR2oZFvfublPgrhPQ5rW2-FstMB3Nw", "content": "", "creation_timestamp": "2023-03-24T07:08:13.000000Z"}, {"uuid": "cce794ed-cfa8-4d57-842e-14937dd89d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2819", "content": "CVE-2023-27532\n Yes, again Veeam Backup & Replication\nLeakage of accounts in plain text, or remote execution of a command.\n*\n\n\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0430\n*\nPOC exploit\n*\nusage:\nVeeamHax.exe --target 192.168.0.100\n       \u0438\u043b\u0438\nVeeamHax.exe --target 192.168.0.100 --cmd calc.exe\n\n#veeam #rce #leakPass", "creation_timestamp": "2023-03-24T10:36:18.000000Z"}, {"uuid": "681a0c9b-609d-456f-8eb6-0af3f72f6437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7991", "content": "#exploit\n1. CVE-2023-27532:\nVeeam Backup/Replication component allows encrypted credentials stored in the configuration database to be obtained\nhttps://attackerkb.com/topics/ALUsuJioE5/cve-2023-27532/rapid7-analysis\n\n2. CVE-2023-28343:\nOS command injection in Altenergy Power Control Software C1.2.5 via shell metacharacters\nhttps://github.com/superzerosec/CVE-2023-28343", "creation_timestamp": "2023-03-25T13:38:53.000000Z"}, {"uuid": "a53591ad-2c60-46ba-b855-fc7e4c5b05fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-08-22T18:10:02.000000Z"}, {"uuid": "4dafe042-9fed-4c0e-9277-4c24b9970502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113584069497822413", "content": "", "creation_timestamp": "2024-12-02T16:02:38.166029Z"}, {"uuid": "982ba56d-13e6-493d-bbcb-553118ebd9e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2023-27539", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795675438289340", "content": "", "creation_timestamp": "2025-01-09T00:56:48.477271Z"}, {"uuid": "e5bd596e-6495-4b30-bd9b-2128609b07fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-4ebdede6-5217a3193b0d7a46", "content": "", "creation_timestamp": "2025-07-10T09:25:22.931306Z"}, {"uuid": "e9aaa896-b36d-4e24-a0fa-8f7aa1bc0434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bd8c2bd2-f671-4943-90e4-4d5b0d6f4f8f", "content": "", "creation_timestamp": "2026-02-02T12:26:53.518751Z"}, {"uuid": "a1973b9c-fb41-4920-9e3c-b9911cd710c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27539", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/866", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27539\n\ud83d\udd39 Description: There is a denial of service vulnerability in the header parsing component of Rack.\n\ud83d\udccf Published: 2025-01-09T00:33:47.737Z\n\ud83d\udccf Modified: 2025-01-09T00:33:47.737Z\n\ud83d\udd17 References:\n1. https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466\n2. https://github.com/advisories/GHSA-c6qg-cjj8-47qp\n3. https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c\n4. https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff\n5. https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html\n6. https://security.netapp.com/advisory/ntap-20231208-0016/\n7. https://www.debian.org/security/2023/dsa-5530", "creation_timestamp": "2025-01-09T01:14:28.000000Z"}, {"uuid": "7dc7674c-5e49-40d3-ac23-00cb2ebf41a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27531", "type": "seen", "source": "https://t.me/cvedetector/14757", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-27531 - Kredis Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-27531 \nPublished : Jan. 9, 2025, 1:15 a.m. | 21\u00a0minutes ago \nDescription : There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T02:41:58.000000Z"}, {"uuid": "30167737-3394-49a7-9cae-e0bbe8a99900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27539", "type": "seen", "source": "https://t.me/cvedetector/14758", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-27539 - Rack Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-27539 \nPublished : Jan. 9, 2025, 1:15 a.m. | 21\u00a0minutes ago \nDescription : There is a denial of service vulnerability in the header parsing component of Rack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T02:42:02.000000Z"}, {"uuid": "977b01d1-eeb4-4193-b1c2-40c2f8531b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27537", "type": "seen", "source": "https://t.me/ctinow/100958", "content": "Internet Bug Bounty: CVE-2023-27537: HSTS double-free\n\nhttps://ift.tt/0PxSRrG", "creation_timestamp": "2023-03-23T07:51:18.000000Z"}, {"uuid": "8ea92fec-15a7-49fd-ad8d-b3d0c22964c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27538", "type": "seen", "source": "https://t.me/ctinow/100872", "content": "curl: CVE-2023-27538: SSH connection too eager reuse still\n\nhttps://ift.tt/kPfOsC4", "creation_timestamp": "2023-03-22T22:31:33.000000Z"}, {"uuid": "4ad5775b-10fe-4ebd-8ea9-3189248b6131", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/101013", "content": "Veeam Backup and Replication CVE-2023-27532 Deep Dive\n\nhttps://ift.tt/u6ghGAi", "creation_timestamp": "2023-03-23T14:01:49.000000Z"}, {"uuid": "79e1567e-b783-4690-81ff-8865ee1bcb33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27536", "type": "seen", "source": "https://t.me/ctinow/100871", "content": "curl: CVE-2023-27536: GSS delegation too eager connection re-use\n\nhttps://ift.tt/zCSUJk7", "creation_timestamp": "2023-03-22T22:31:32.000000Z"}, {"uuid": "d8e1b9b5-5945-45e6-a4d8-a12dbe265cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27534", "type": "seen", "source": "https://t.me/ctinow/100869", "content": "curl: CVE-2023-27534: SFTP path ~ resolving discrepancy\n\nhttps://ift.tt/tz0LmMR", "creation_timestamp": "2023-03-22T22:31:30.000000Z"}, {"uuid": "dfad83d0-1f71-4444-9b2a-87189fdce2ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27538", "type": "seen", "source": "https://t.me/ctinow/107149", "content": "Internet Bug Bounty: CVE-2023-27538: SSH connection too eager reuse still\n\nhttps://ift.tt/WGXr4bf", "creation_timestamp": "2023-04-20T20:17:46.000000Z"}, {"uuid": "17bd401d-13ba-4f62-9d65-fe9250d8c155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27533", "type": "seen", "source": "https://t.me/ctinow/100868", "content": "curl: CVE-2023-27533: Telnet option IAC injection\n\nhttps://ift.tt/TN0Zuw9", "creation_timestamp": "2023-03-22T22:31:29.000000Z"}, {"uuid": "4aef4acb-406d-466d-8e2c-14dd381aa5e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://t.me/HackingInsights/14005", "content": "\u200aRansomware Groups Exploit Veeam Flaw CVE-2023-27532 in Nigerian Cyber Infrastructure\n\nhttps://securityonline.info/ransomware-groups-exploit-veeam-flaw-cve-2023-27532-in-nigerian-cyber-infrastructure/", "creation_timestamp": "2024-09-22T17:57:05.000000Z"}, {"uuid": "1260ce4d-33ea-4c28-8ec2-974b6ab500db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/14761", "content": "The Hacker News\nNew Ransomware Group Exploiting Veeam Backup Software Vulnerability\n\nA now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware.\nSingapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.\nInitial access to the target", "creation_timestamp": "2024-07-10T20:13:18.000000Z"}, {"uuid": "9411c863-e56a-49c3-a3d5-fa9138a5fc39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://t.me/arvinclub1/691", "content": "\u0627\u0632 \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0646 poc \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2023-27532 \u0686\u0646\u062f\u06cc\u0646 \u0645\u0627\u0647 \u0645\u06cc\u06af\u0630\u0631\u0647. \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u06a9\u0647 \u0628\u0627\u0639\u062b \u0634\u062fonlineserver \u0628\u0627 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0686\u0627\u0631 \u062d\u0645\u0644\u0647 \u0628\u0627\u062c \u0627\u0641\u0632\u0627\u0631\u06cc \u0628\u0634\u0647 \u0627\u0645\u0627 \u0647\u0646\u0648\u0632 \u062a\u0627\u0631\u06af\u062a \u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u062f\u0627\u062e\u0644 \u06a9\u0634\u0648\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631  \u0647\u0633\u062a\u0646 \u06a9\u0647 \u0641\u06a9\u0631\u0634\u0645 \u0646\u0645\u06cc \u06a9\u0646\u06cc\u062f.", "creation_timestamp": "2023-08-27T23:16:28.000000Z"}, {"uuid": "0b047517-266f-4bde-9aa0-16d3cc904ecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "Telegram/0x2uSrtVU2PLzxYsWmqY7yCoKrNkGib8NHfUnbmUEd8GhA", "content": "", "creation_timestamp": "2024-07-10T19:16:03.000000Z"}, {"uuid": "1bac6a75-52a8-4f85-ac62-8646355ec75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/2878", "content": "The Hacker News\nNew Ransomware Group Exploiting Veeam Backup Software Vulnerability\n\nA now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware.\nSingapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.\nInitial access to the target", "creation_timestamp": "2024-07-10T20:13:18.000000Z"}, {"uuid": "4971b4b9-7448-47da-9da6-da6badc85670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "https://t.me/KomunitiSiber/2234", "content": "New Ransomware Group Exploiting Veeam Backup Software Vulnerability\nhttps://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html\n\nA now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware.\nSingapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.\nInitial access to the target", "creation_timestamp": "2024-07-10T18:31:55.000000Z"}, {"uuid": "06e4d42a-c374-41ae-8b5b-5ca63d841779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2671", "content": "\u0421VE-2023-27532\n\nVulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.\n\nhttps://github.com/horizon3ai/CVE-2023-27532\n\n#cyber", "creation_timestamp": "2023-03-24T12:59:51.000000Z"}, {"uuid": "a1e24253-bfd7-4c49-b999-b7ddc8f8dab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6206", "content": "\u0415\u0441\u043b\u0438 \u043e\u0434\u043d\u0438 \u0432\u0435\u043d\u0434\u043e\u0440\u044b \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430\u0434 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0438 \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u044b\u0435 \u043f\u0430\u0442\u0447\u0438, \u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0442\u043a\u0440\u043e\u0432\u0435\u043d\u043d\u043e \u043a\u043b\u0430\u0434\u0443\u0442 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u043d\u0430 \u0441\u0432\u043e\u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u041f\u0430\u0440\u0443 \u0434\u043d\u0435\u0439 \u043d\u0430\u0437\u0430\u0434 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Orange Cyberdefense \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0434\u043b\u044f CVE-2023-27532, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0440\u0435\u0448\u0435\u043d\u0438\u044f Veeam \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043e\u0442\u0447\u0435\u0442 \u0431\u044b\u043b \u043d\u0430\u043f\u0438\u0441\u0430\u043d \u0435\u0449\u0435 \u043f\u043e\u043b\u0442\u043e\u0440\u0430 \u0433\u043e\u0434\u0430 \u043d\u0430\u0437\u0430\u0434, \u0430 \u0435\u0433\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0432 \u0431\u043b\u043e\u0433\u0435 \u0431\u044b\u043b\u0430 \u043e\u0442\u043b\u043e\u0436\u0435\u043d\u0430 \u043f\u043e \u043f\u0440\u043e\u0441\u044c\u0431\u0435 Veeam. \u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043b\u0435  \u0432\u044b\u0445\u043e\u0434\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430 \u0443 Watchtowr, \u0433\u0434\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0447\u0442\u0438 \u0442\u043e\u0447\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043c\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u0431\u044b\u043b \u0441\u043d\u044f\u0442.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0435 Veeam \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043f\u043e \u043f\u043e\u0437\u0436\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u0438 \u043a \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0442\u043e\u0436\u0435.\n\n\u0422\u043e\u0433\u0434\u0430 Veeam \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447, \u043d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043c\u043e\u0433\u043b\u0438 \u0435\u0433\u043e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e\u00a0\u0433\u0430\u0434\u0436\u0435\u0442\u0430 ObjRef, \u0437\u0430\u043f\u0440\u043e\u0441\u0438\u0432 \u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043e\u0442\u043c\u0435\u0442\u0438\u043b \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0438 \u0443\u0448\u0435\u043b \u0434\u0443\u043c\u0430\u0442\u044c, \u0442\u0430\u043a \u0438 \u043d\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u043f\u0430\u0442\u0447 \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0414\u0440\u0443\u0433\u043e\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 - \u044d\u0442\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0437\u043d\u0430\u043a\u043e\u043c\u0441\u0442\u0432 Feeld (\u0430\u043d\u0430\u043b\u043e\u0433  Tinder \u0438 Bumble, \u043d\u043e \u00ab\u043d\u0430 \u0441\u0442\u0435\u0440\u043e\u0438\u0434\u0430\u0445\u00bb), \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c Fortbridge \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0432\u043e\u0441\u0435\u043c\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445 - \u0447\u0442\u0435\u043d\u0438\u0435 \u043b\u0438\u0447\u043d\u044b\u0445 \u0447\u0430\u0442\u043e\u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0445 \u0444\u043e\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0439, \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435  \u043f\u0440\u043e\u0444\u0438\u043b\u0435\u0439 \u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0438\u0445 \u0432\u0441\u0442\u0440\u0435\u0447.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c Fortbridge \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 Feeld, \u043d\u043e \u043d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043d\u0435 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043b\u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0436\u0434\u0443\u0442 \u043d\u043e\u0432\u044b\u0435 \u0437\u043d\u0430\u043a\u043e\u043c\u0441\u0442\u0432\u0430, \u043d\u043e \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u0443\u0436\u0435 \u0441 \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435\u043c, \u0430 \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043e \u0447\u0435\u043c.", "creation_timestamp": "2024-09-13T19:01:06.000000Z"}, {"uuid": "79105b40-7d3b-4af1-956c-8793aec5a0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4212", "content": "\u041a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c 7500 \u0438\u0437 2 \u043c\u043b\u043d. \u0445\u043e\u0441\u0442\u043e\u0432, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043e \u041f\u041e \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 (VBR) \u043e\u0442 Veeam, \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f CVE-2023-27532, \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u0440\u0442\u0430.\n\n7 \u043c\u0430\u0440\u0442\u0430 Veeam \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f VBR V11 \u0438 V12, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0441 \u043d\u0435\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0436\u0435, \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 Veeam VBR \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 450 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0437\u043d\u0430\u0442\u044c, \u0447\u0442\u043e \u043d\u0430 \u0434\u043d\u044f\u0445 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 Horizon3 Attack Team \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 PoC.\n\n\u041a\u0440\u043e\u0441\u0441-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u044b\u0439\u00a0\u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043d\u0430 \u044f\u0434\u0440\u0435 .NET \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0432 Linux \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u0432\u0438\u0434\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430 \u0438\u0437 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 VBR, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 API.\n\n\u041d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e \u043e\u0442\u043d\u0435\u0441\u0442\u0438\u0441\u044c \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041e\u0441\u043e\u0431\u0435\u043d\u043d\u043e, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043f\u043e\u043c\u0438\u043c\u043e Horizon3 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Huntress \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442.\n\n\u041e\u043d \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c RCE \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 API, \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440 Veeam \u0432 \u0432\u0435\u043a\u0442\u043e\u0440 \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u043b\u0438 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u0430\u0433\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u043b\u043e, \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c\u0441\u044f.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0434\u043e\u043b\u0435\u0439 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u0438 \u0441\u043c\u043e\u0433\u0443\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b Veeam.", "creation_timestamp": "2023-03-24T14:40:07.000000Z"}, {"uuid": "5a840310-c7ad-4c97-84bf-10e0bf282e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://t.me/true_secator/4153", "content": "Veeam \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u041f\u041e \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442 Veeam,\u00a0\u0435\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442 \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 450 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 82 % \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Fortune 500 \u0438 72 % \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Global 2000.\n\nCVE-2023-27532 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c \u043a\u0430\u043a Shanigen, \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Veeam Backup & Replication (VBR).\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0437\u043b\u0430\u043c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0445\u0441\u044f \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 VeeamVBR.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e\u00a0Veeam, \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f Veeam.Backup.Service.exe (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 TCP 9401), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f VBR\u00a0V11 \u0438 V12, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0434\u0438\u043d \u0438\u0437 \u044d\u0442\u0438\u0445 \u0434\u0432\u0443\u0445 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432.\n\nVeeam \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f CVE-2023-27532 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043e\u0431\u0432\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u043f\u043e\u0440\u0442\u0443 TCP 9401 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432\u0430\u0436\u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e\u0442 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043d\u0435\u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 Veeam, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 VBR.", "creation_timestamp": "2023-03-10T14:00:08.000000Z"}, {"uuid": "c4f8102c-0491-48d6-9675-a4c7247cc353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5959", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Group-IB \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 \u043d\u043e\u0432\u043e\u0439 ransomware, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a EstateRansomware.\n\n\u0421\u0438\u043d\u0433\u0430\u043f\u0443\u0440\u0441\u043a\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0435\u0449\u0435 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0430\u043f\u0440\u0435\u043b\u044f 2024 \u0433\u043e\u0434\u0430.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-27532 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,5) \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Veeam Backup & Replication.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0440\u0435\u0434\u0435 \u0431\u044b\u043b \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SSL VPN \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 Fortinet FortiGate \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u0430\u043a \u00abAcc1\u00bb.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0435\u0440\u0435\u0448\u0435\u043b \u043e\u0442 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 FortiGate \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0443 SSL VPN, \u043f\u043e\u043b\u0443\u0447\u0438\u0432 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0442\u043a\u0430\u0437\u043e\u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443. \u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043d\u0435\u0439 \u0441\u043f\u0443\u0441\u0442\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0439 \u0432\u0445\u043e\u0434 \u0432 VPN \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u00abAcc1\u00bb \u0431\u044b\u043b \u043e\u0442\u0441\u043b\u0435\u0436\u0435\u043d \u0434\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430 149.28.106[.]252.\n\n\u0417\u0430\u0442\u0435\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 RDP-\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043e\u0442 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u043a \u043e\u0442\u043a\u0430\u0437\u043e\u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u043b\u0438 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 \u00absvchost.exe\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u043b\u0441\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0437\u0430\u0434\u0430\u0447\u0438.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u0431\u044b\u043b \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0434\u043b\u044f \u0438\u0437\u0431\u0435\u0436\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f. \u0415\u0433\u043e \u043e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0447\u0430 - \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a C2 \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443 HTTP \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0432\u044b\u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Group-IB \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Veeam CVE-2023-27532 \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f xp_cmdshell \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u0438\u043c\u0435\u043d\u0435\u043c \u00abVeeamBkp\u00bb.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0430\u043a\u0442\u043e\u0440 \u0442\u0430\u043a\u0436\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438, \u0441\u0431\u043e\u0440 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0442\u0430\u043a\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043a\u0430\u043a NetScan, AdFind \u0438 NitSoft, \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0432\u043d\u043e\u0432\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0430\u0442\u0430\u043a\u0443, \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0443\u044e \u0438\u0437 \u043f\u0430\u043f\u043a\u0438 VeeamHax \u043d\u0430 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Veeam Backup & Replication, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0410\u0442\u0430\u043a\u0430 \u0437\u0430\u0432\u0435\u0440\u0448\u0438\u043b\u0430\u0441\u044c \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0438\u0440\u0443\u0441\u0430-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u0435\u0440\u0435\u0434 \u044d\u0442\u0438\u043c \u0431\u044b\u043b\u0438 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u044b \u043c\u0435\u0440\u044b \u043f\u043e \u043e\u0441\u043b\u0430\u0431\u043b\u0435\u043d\u0438\u044e \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044e \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 AD \u043d\u0430 \u0432\u0441\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u0441\u0442\u0430\u043d\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0417\u0430\u0449\u0438\u0442\u043d\u0438\u043a Windows \u0431\u044b\u043b \u043e\u043a\u043e\u043d\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e DC.exe (Defender Control), \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0431\u044b\u043b\u0430 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e\u00a0PsExec.exe.\n\n\u041a\u0430\u043a \u0437\u0430\u043a\u043b\u044e\u0447\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b, \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0435\u043d\u0435\u0431\u0440\u0435\u0436\u0435\u043d\u0438\u0435 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430\u043c\u0438 \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439.\n\nIoC \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0432 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0435 Group-IB.", "creation_timestamp": "2024-07-11T17:00:07.000000Z"}, {"uuid": "3d82a130-aefc-4d66-959c-f00148fb1963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27531", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbk6p6auj2w", "content": "", "creation_timestamp": "2025-01-09T01:38:36.046057Z"}, {"uuid": "7fad9e60-b835-4a1f-a0a4-2fb60ee19d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27539", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbk6pbtmj2q", "content": "", "creation_timestamp": "2025-01-09T01:38:36.645730Z"}, {"uuid": "84c3770e-fecd-440d-b796-dd4852c9bf57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:45.000000Z"}, {"uuid": "76450e93-7eeb-4dd6-a5e5-79b62f508f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-79593b2a-140b443d34926bc8", "content": "", "creation_timestamp": "2025-05-31T06:54:23.190029Z"}, {"uuid": "7a00c948-fbdb-4ee4-bd29-6e55359022f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2753", "type": "seen", "source": "https://gist.github.com/Darkcrai86/bd0114856e384b55d98634f43d7a6daa", "content": "", "creation_timestamp": "2025-12-17T08:00:19.000000Z"}, {"uuid": "703cfdbd-6b80-4f4b-9f5c-3f04e3e5ca42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://www.acn.gov.it/portale/w/akira-campagne-di-sfruttamento-sistematico-di-vulnerabilita-perimetrali-e-accessi-vpn", "content": "", "creation_timestamp": "2026-04-13T03:29:00.000000Z"}, {"uuid": "cd88d628-b9eb-48fd-8ef4-7f33fea697ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/kasraone_com/529", "content": "1. CVE-2023-27532:\n\u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0627\u0639\u062a\u0628\u0627\u0631\u06cc \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0634\u062f\u0647 \u06a9\u0647 \u062f\u0631 \u067e\u0627\u06cc\u06af\u0627\u0647 \u062f\u0627\u062f\u0647 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0630\u062e\u06cc\u0631\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0628\u0647 \u062f\u0633\u062a \u0622\u06cc\u062f\nhttps://attackerkb.com/topics/ALUsuJioE5/cve-2023-27532/rapid7-analysis\n\n\n\n\n2. CVE-2023-28343:\n\u062a\u0632\u0631\u06cc\u0642 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u062f\u0631 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u06a9\u0646\u062a\u0631\u0644 \u0642\u062f\u0631\u062a Altenergy C1.2.5 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0634\u0644 \u0645\u062a\u0627\u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\nhttps://github.com/superzerosec/CVE-2023-28343.", "creation_timestamp": "2023-09-30T18:28:16.000000Z"}, {"uuid": "6ab3688b-29c0-440f-bb41-e51d2a0f09c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27531", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/865", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27531\n\ud83d\udd39 Description: There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code\n\ud83d\udccf Published: 2025-01-09T00:33:47.739Z\n\ud83d\udccf Modified: 2025-01-09T00:33:47.739Z\n\ud83d\udd17 References:\n1. https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467", "creation_timestamp": "2025-01-09T01:14:12.000000Z"}, {"uuid": "399ff473-261e-4427-93b8-f8e6d93159ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3313", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27532\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2023-03-10T22:15:10.557\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.veeam.com/kb4424\n2. https://www.veeam.com/kb4424", "creation_timestamp": "2025-01-28T23:18:12.000000Z"}, {"uuid": "01e08c15-d7f0-4a7f-b6a1-c4dab351612d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "exploited", "source": "Telegram/S_c_3ui8--qkGWbDBz0ACI3IvDERaxjltd2o0GHqT3BC1Q", "content": "", "creation_timestamp": "2024-07-10T20:13:17.000000Z"}, {"uuid": "61d69999-ddac-4cda-8910-ab71f5db047c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/5812", "content": "\u200aEstateRansomware Exploits Veeam Vulnerability (CVE-2023-27532) in Sophisticated Attack\n\nhttps://securityonline.info/estateransomware-exploits-veeam-vulnerability-cve-2023-27532-in-sophisticated-attack/", "creation_timestamp": "2024-07-12T13:28:09.000000Z"}, {"uuid": "e10b7759-b4e5-44ec-93e0-5e5569afe74d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "seen", "source": "Telegram/tz8cT9tYnuBXCOMLSVvYnFh_bYI5KzHvlJBnwBMPmJO_MXI", "content": "", "creation_timestamp": "2023-07-11T21:56:42.000000Z"}, {"uuid": "c83d81ca-df97-4695-85bb-2d6e4429fad6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1428", "content": "CVE-2023-27532\n\u0414\u0430, \u043e\u043f\u044f\u0442\u044c Veeam Backup & Replication \n\u0423\u0442\u0435\u0447\u043a\u0430 \u0443\u0447\u0451\u0442\u043e\u043a \u0432 \u0432\u0438\u0434\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430, \u043b\u0438\u0431\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n*\n\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0430\n*\nPOC exploit\n*\nusage:\nVeeamHax.exe --target 192.168.0.100\n       \u0438\u043b\u0438\nVeeamHax.exe --target 192.168.0.100 --cmd calc.exe\n\n#veeam #rce #leakPass", "creation_timestamp": "2023-03-24T06:51:07.000000Z"}, {"uuid": "83826620-e4cd-4ad0-bb14-0733d7f1b1b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "Telegram/EsHRrmhcUQEg_K0qktwkE4NkoEYYuquPsO6bz5g7BtkGZyE", "content": "", "creation_timestamp": "2023-04-01T18:49:05.000000Z"}, {"uuid": "6ffc50e5-41a9-4675-819f-08e76cf71c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27532", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1089", "content": "Successive / repetition\nCVE-2023-27532 : Veeam Backup and Replication\nPOC : https://github.com/horizon3ai/CVE-2023-27532\nPOC : https://github.com/sfewer-r7/CVE-2023-27532\nCVE-2023-32315 : Openfire\nPOC : https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass\nCVE-2021-21974 & CVE-2020-3992: VMware ESXi OpenSLP\n1 : https://straightblast.medium.com/my-poc-walkthrough-for-cve-2021-21974-a266bcad14b9\n2 : https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/\n3 : https://www.zerodayinitiative.com/blog/2021/3/1/cve-2020-3992-amp-cve-2021-21974-pre-auth-remote-code-execution-in-vmware-esxi\nPOC : https://github.com/Shadow0ps/CVE-2021-21974\nPOC : https://github.com/straightblast/My-PoC-Exploits/blob/master/CVE-2021-21974.py", "creation_timestamp": "2024-05-09T11:31:16.000000Z"}]}