The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing real-world evidence of exploitation. .
It contains three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that lead to privileged access on the underlying system. It can lead to command execution. This flaw has been fixed in a patch released by Veritas in March 2021.
- CVE-2021-27876 (CVSS Score: 8.1) – Veritas Backup Exec Agent File Access Vulnerability
- CVE-2021-27877 (CVSS Score: 8.2) – Veritas Backup Exec Agent Improper Authentication Vulnerability
- CVE-2021-27878 (CVSS Score: 8.8) – Veritas Backup Exec Agent Command Execution Vulnerability
Google-owned Mandiant reported last week that affiliates associated with the BlackCat (a.k.a. ALPHV and Noberus) ransomware operations targeted public Veritas Backup Exec installations and exploited the three aforementioned bugs. to get initial access.
A threat intelligence firm tracking affiliate attackers with the unclassified moniker UNC4466 said it first observed exploitation of the vulnerability in action on October 22, 2022.
In one incident detailed by Mandiant, UNC4466 accessed an internet-facing Windows server and then performed a series of actions that allowed the attackers to deploy Rust-based ransomware payloads. It wasn’t before I did the privilege escalation, and revocation. Real-time monitoring capabilities of Microsoft Defender.
Also added to the KEV catalog by CISA is CVE-2019-1388 (CVSS score: 7.8). This is a privilege escalation flaw affecting Microsoft Windows certificate dialogs that can be exploited to run processes with elevated privileges on an already compromised host.
Learn How to Secure Your Identity Perimeter – A Proven Strategy
Improve your business security in our upcoming expert-led cybersecurity webinar: Exploring Identity Perimeter Strategies!
Don’t miss it – secure your seat!
The fifth vulnerability on the list is the Arm Mali GPU Kernel Driver Information Disclosure Flaw (CVE-2023-26083), which was identified by Google’s Threat Analysis Group (TAG) last month as part of an unnamed spyware exploit. It turned out to be exploited by a vendor. Chain to infiltrate his Android smartphone of Samsung.
The Federal Civil Administration (FCEB) has until April 28th to apply patches to protect your network from potential threats.
The advisory confirms that Apple has released updates to its iOS, iPadOS, macOS, and Safari web browsers to address two zero-day vulnerabilities it said were being exploited in the wild: CVE-2023-28205 and CVE-2023-28206. ) is also provided to deal with world attack.
