Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Acronis Cyber Infrastructure bug actively exploited in the wild

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. Acronis is warning of a critical vulnerability, tracked as CVE-2023-45249 (CVSS score of 9.8), in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild. ACI is a comprehensive IT […]

Acronis Cyber Infrastructure

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild.

Acronis is warning of a critical vulnerability, tracked as CVE-2023-45249 (CVSS score of 9.8), in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild.

ACI is a comprehensive IT solution designed to provide cyber protection and data management. It combines several key functionalities, including software-defined storage, software-defined networking, and advanced monitoring and management tools.

The company addressed the vulnerability at the end of 2023. Remote attackers can exploit the vulnerability to execute arbitrary code, the issue is due to the use of default passwords.

Affected products include:

  • Acronis Cyber Infrastructure (ACI) before build 5.4.4-132
  • Acronis Cyber Infrastructure (ACI) before build 5.0.1-61
  • Acronis Cyber Infrastructure (ACI) before build 5.1.1-71
  • Acronis Cyber Infrastructure (ACI) before build 5.2.1-69
  • Acronis Cyber Infrastructure (ACI) before build 5.3.1-53

The company addressed the vulnerability with the release of ACI versions 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4, and 5.1 update 1.2. The company urges customers to patch the issue as soon as possible.

“This update contains fixes for 1 ctitical severity security vulnerability and should be installed immediately by all users.” reads the advisory published by the company. “This vulnerability is known to be exploited in the wild.”

Experts have issued a warning that attacks targeting ACI can pose significant risks to enterprises that depend on this solution. The exploitation of vulnerabilities in ACI could lead to serious issues, including data breaches, disruption of services, and potential financial losses. The critical nature of these vulnerabilities underscores the importance of timely updates and robust security measures for enterprises using ACI to safeguard their data and infrastructure.

The experts warn that attacks against ACI can cause severe problems to enterprises that rely on this solution.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ACI)