CDK Global cyberattack impacts thousands of US car dealerships

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

WHITEPAPERS

CASE STUDIES

TOOLS

VIEW ALL CYBERSECURITY RESOURCES →

PENETRATION TESTING

APPLICATION SECURITY

VIEW ALL CYBERSECURITY NEWS →

FREQUENTLY ASKED QUESTIONS

Why should we perform penetration testing?

Conducting a penetration test is a critical tool used by companies as part of their cybersecurity risk management strategy. It helps organizations identify and fix the vulnerabilities most likely to be exploited to breach their cybersecurity and offers counter-measures to mitigate the most important risks of facing cybersecurity incidents.

Regular testing can help ensure that your security measures are up-to-date and effective against the latest hacking techniques and cyber threats.

Will your pentest help us meet compliance requirements?

Our penetration tests helps several organizations of all types meet compliance requirements every year by identifying vulnerabilities that need remediation. Once remediation testing is completed, we provide an official attestation confirming that vulnerabilities have been remediated, helping organizations meet compliance requirements efficiently.

How is it conducted? What is the process?

The process is divided in various stages including reconnaissance, scanning, exploitation, and post-exploitation stages to identify vulnerabilities and safely exploit them to determine their full impact. Detailed reports are then provided after testing to help you understand and address discovered issues.

During testing, our experts leverage a combination of manual and automated techniques to simulate exploits and attacks that would be used by hackers in a real-world scenario in accordance with the latest industry standards.

How much does it cost?

The cost of a penetration test can vary significantly depending on the scope of the assessment. For external penetration testing, one of the most significant factors in the price is the number of IP addresses that need to be evaluated. For an application penetration test, the complexity of the app and the number of user roles will directly impact pricing.

Learn more about the main factors that determine the cost of a penetration test →

Quickly receive a free quote with no engagement using our self-quoting tool →

Looking For Additional Information?

Visit our detailed FAQ to learn more or get in touch with a Vumetric expert directly to receive free guidance and advice.

DETAILED FAQ

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

1-877-805-7475

[email protected]

GET A QUOTE

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

May 22, 2024

Veeam has patched four vulnerabilities in Backup Enterprise Manager, one of which may allow attackers to bypass authentication and log in to its web interface as any user.

Veeam Backup Enterprise Manager is an application that is used to manage the Veeam Backup & Replication solution – a backup/restore app for virtual and physical machines and cloud-based workloads – via a web console.

The vulnerabilities affect all versions of Veeam Backup & Replication, but they have only been fixed in Veeam Backup Enterprise Manager 12.1.2.172, which is packaged with Veeam Backup & Replication 12.1.2 – the only currently supported version of that solution.

Veeam advises customers who can’t upgrade Veeam Backup Enterprise Manager to 12.1.2.172 to either halt the software or even uninstall it if not in use.

Also: “Veeam Backup Enterprise Manager is compatible with managing Veeam Backup & Replication servers running an older version than Veeam Backup Enterprise Manager. Therefore, if the Veeam Backup Enterprise Manager software is installed on a dedicated server, Veeam Backup Enterprise Manager can be upgraded to version 12.1.2.172 without the need to upgrade Veeam Backup & Replication immediately.”

While there’s no mention of any of the fixed vulnerabilities being exploited in the wild, a vulnerability in Veeam Backup & Replication has been leveraged by financially-motivated attackers last year.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

CDK Global cyberattack impacts thousands of US car dealerships

2024-06-27

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

2024-06-18

ASUS warns of critical remote authentication bypass on 7 routers

2024-06-17

Insurance giant Globe Life investigating web portal breach

2024-06-14

Cylance confirms data breach linked to ‘third-party’ platform

2024-06-11

Frontier warns 750,000 of a data breach after extortion threats

2024-06-10

Kali Linux 2024.2 released with 18 new tools, Y2038 changes

2024-06-06

Major London hospitals disrupted by Synnovis ransomware attack

2024-06-04

View more cybersecurity news →

Featured Services

Web Application Penetration Testing

External Network Penetration Testing

Internal Network Penetration Testing

Medical Device Penetration Testing

Cloud Infrastructure Penetration Testing

Enterprise
Cybersecurity Audit

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Cylance confirms data breach linked to ‘third-party’ platform

Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a “Third-party platform.”

The data allegedly includes a

Read The Article →

Frontier warns 750,000 of a data breach after extortion threats

Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation.

Read The Article →