Data backup and cloud data management company Veeam said it released multiple patches which fix more than a dozen flaws impacting different products. In a security advisory published earlier this week, Veeam said that it fixed a total of 18 bugs, five of which were deemed critical in severity.
The first one is an unauthenticated remote code execution vulnerability found in Veeam Backup & Replication. It is tracked as CVE-2024-40711 and carries a severity score of 9.8. The second and third flaw are found in Veeam ONE. CVE-2024-42024, with a severity score of 9.1, allows threat actors owning Agent service account credentials to run remote code execution.
CVE-2024-42019, on the other hand, has a slightly lower severity score (9.0), and allows threat actors to access the NTLM hash of the Veeam Reporter Service account.
Secure versionsThen there is a 9.9 severity bug in Veeam Service Provider Console, which grants low privileged attackers access to the NTLM hash of the service account on the server. This one is tracked as CVE-2024-38650. Finally, CVE-2024-39714, also a 9.9 flaw, is found in the same software, and grants low-privileged users the ability to upload arbitrary files.
Other 13 flaws are mostly high-severity, granting multi-factor authentication (MFA) bypass, privilege escalation, remote code execution (RCE), and more.
To ensure the security of their infrastructure, users are advised to update their software to the following versions:
Via The Hacker News
More from TechRadar ProNetflix is adding two new documentaries to its content library at the end of the month that tackle very different subjects. So if you can't get enough factual content, or you're looking for something to watch after devouring our list of the best Netflix documentaries, you won't want to miss these.
One is a heartwarming feature where comedian and actor Will Ferrell goes on a road trip with his friend, who has recently transitioned to live as a trans woman. The other focuses on the former CEO of WWE, Vince McMahon, chronicling the rise and fall of the controversial figure across six episodes.
There's plenty to learn about thanks to these two new documentaries. Here's what you need to know about both the new documentaries arriving on the best streaming service.
Will & HarperRelease date: September 27
Directed by Josh Greenbaum, this emotional documentary explores the friendship between Will Ferrell and former Saturday Night Live head writer Harper Steele. When Will gets an email from his long-time friend, where she comes out as a trans woman, the two head off on a road trip to reconnect, and learn more about Harper's identity and experience transitioning later in life and in the United States, something she has complex feelings about. She says in the trailer: "I love this country so much, I just don't know if it loves me back right now." You'll definitely need tissues for this one, I've already cried!
Mr. McMahonRelease date: September 25
Elsewhere, Tiger King filmmaker Chris Smith told Tudum that he's "pulled back the curtain to reveal the true Vince McMahon obscured beneath the persona he presented to the world" in this docuseries. Across the six-part series, there are more than 200 hours of interviews with McMahon himself (prior to his resignation), as well as his family members, business associates, and some of the most iconic names in wrestling history, alongside the journalists who uncovered McMahon's allegations. While this will no doubt be a tough watch, it feels like an important one.
You might also likeIn early August, cybersecurity researchers from Cybernews discovered an unprotected database containing sensitive information on hundreds of thousands of Chinese individuals. To this day, they haven’t figured out who the database belongs to, or why it was generated and left open in the first place.
Using Elasticsearch, a search engine for databases, the Cybernews team found a database containing details on 762,000 car owners, and their vehicles. The archive contained people’s names, ID numbers, phone numbers, email addresses, postal addresses, birth dates, vehicle identification numbers (VIN), car brand, car model, engine number, and vehicle color. In other words, there was more than enough information to engage in identity theft or even worse - grand theft auto.
“The exposure of this database is particularly alarming due to the detailed nature of the personal and vehicle information involved. The breach could have severe consequences for the affected individuals, including identity theft, financial fraud, and potential physical security risks,” Cybernews researchers said.
Mystery ownersThe owners of the database remain a mystery. The archive was hosted on a US-based IP address, and after it was discovered on August 4, it was locked down after 48 hours.
The researchers speculate foul play here. They don’t believe that a legitimate company was gathering and storing the information, but rather that this was the work of a threat actor. The argument is that no company would need such a specific combination of information, while cybercriminals would. Still, no one has come forward to claim ownership over the database.
Unprotected databases remain one of the most common reasons for data leaks and spills. Nowadays, the majority of sensitive data is stored in the cloud, and in many cases, the administrators simply forget (or can’t be bothered) to protect it with a password, or multi-factor authentication (MFA).
More from TechRadar ProFlorida Democratic Senate candidate Debbie Mucarsel-Powell is launching an effort to directly reach Spanish-speaking voters through the popular encrypted messaging platform WhatsApp. It is part of her broader effort to reach Spanish-speaking Latino voters in an increasingly tight Senate race.
(Image credit: Joe Raedle)
For years Luis Montero Adams and his sister Stephanie Machado, who are U.S. citizens but lived in Mexico, traveled across the border to attend U.S. schools. Then Sept. 11 forced them to make a choice.
If you’ve been waiting to upgrade your gaming PC I’d suggest waiting a little bit longer, as a new rumor suggests that Nvidia could launch its next-gen RTX 5080 and RTX 5090 graphics cards in a matter of weeks.
The rumor comes from Chinese website Benchlife – and reported by PC Gamer – which says (translated) "If all goes well, the GeForce RTX 5090/D and GeForce RTX 5080/D with the Blackwell GPU architecture are scheduled to officially launch in September."
This is both exciting and surprising. Nvidia’s current flagship GPU, the RTX 4090, launched back in October 2022, and while it remains one of the best graphics cards ever made, and very few games even come close to making use of all its power, there are plenty of enthusiasts (including me) who are excited to see how Nvidia improves upon it.
While Nvidia’s RTX 5000 series of graphics cards, built on its new Blackwell architecture, has been expected for a while now, previous rumors had us preparing for a late 2024 or early 2025 launch. So, if this rumor is correct – and that’s a big if at the moment – then we’re getting the two high-end Blackwell GPUs earlier than expected.
Hold your PC building horsesWhile I’m not entirely convinced that this rumor is accurate, as we’ve had no other leaks suggesting a launch is imminent, it’s not out of the question, either. As I mentioned above, the RTX 4090 launched in October 2022, so a September 2024 announcement for its successor is possible.
Regardless, we’ll likely see new Blackwell graphics from Nvidia sooner rather than later, and that’s why I feel right now is the wrong time to build or upgrade your gaming PC. We’re so close to a likely launch that it’s worth holding on a little longer to see what these new GPUs have in store.
If they blow our socks off, then you can build your PC around the new GPUs and have a cutting-edge gaming rig that will play the best PC games with ease for years to come.
On the other hand, if they are a disappointing upgrade over the RTX 4000 series, you could end up saving money, as the prices of the RTX 4080 and RTX 4090 will likely drop once newer models are out.
We won’t know for sure until the new GPUs are officially announced, though recent rumors suggest the RTX 5090 in particular could be a real power guzzler. Hopefully, we won’t have much longer to wait, then we can crack open our gaming PCs and get upgrading.
You might also likeAmazfit has become a great pick for anyone looking for a cheap fitness tracker or a cheaper rival to one of the best Garmin watches, but its next release could be its most ambitious yet.
The company has revealed the T-Rex 3, which it dubs the "ultimate outdoor GPS smartwatch" at the IFA Berlin event, following leaks late last month.
The latest addition to the Amazfit Adventure lineup has a 25-day battery life with 100 hours of continuous support in GPS mode. It also has a 1.5-inch AMOLED display comprised of Corning Gorilla Glass, and a 2,000 nit brightness rating that certainly makes it competitive with other options.
The watch will include over 170 sport modes covering everything from fishing to skydiving, and will once again pair with the Zepp app on iOS or Android. It'll also play nicely with the Amazfit Helio Smart Ring.
The watch will retail for a suggested retail price of $299 (around £230 / AU$440), making it a more premium option in the Amazfit portfolio, but still a far cry from the almost four-figure price tag of other adventure watches like the Garmin Fenix 8.
The Amazfit T-Rex 3 will come in Black, Cangshan Green and Red Rock colorways.
Amazfit's move into premium territory? The AmazFit T-Rex 2 smartwatch, as tested in 2022 (Image credit: Future)"The T-Rex 3 exemplifies Amazfit's dedication to advancing wearable technology for active and adventurous individuals," Wayne Huang, CEO of Zepp Health said via a press release.
"Its rugged design, extensive features, and unmatched battery life make the T-Rex 3 perfect for those who live an active lifestyle and are always ready for their next adventure."
We've already taken a look at the Amazfit T-Rex 2 way back at the end of 2022, praising its durable design and battery life, but there were a few accuracy issues here and there. While we were less impressed by the Zepp app, the app has seen big improvements throughout 2023 and 2024.
You might also likeNPR confirmed the names of the two Trump staffers involved in the Arlington cemetery scuffle. And, the father of the Georgia school shooting suspect arrested.
(Image credit: Anna Moneymaker)