The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday included 5 security flaws to its Acknowledged Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
This features 3 superior-severity flaws in the Veritas Backup Exec Agent application (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged instructions on the underlying program. The flaws were being fixed in a patch launched by Veritas in March 2021.
- CVE-2021-27876 (CVSS score: 8.1) – Veritas Backup Exec Agent File Entry Vulnerability
- CVE-2021-27877 (CVSS score: 8.2) – Veritas Backup Exec Agent Poor Authentication Vulnerability
- CVE-2021-27878 (CVSS score: 8.8) – Veritas Backup Exec Agent Command Execution Vulnerability
Google-owned Mandiant, in a report released previous week, discovered that an affiliate involved with the BlackCat (aka ALPHV and Noberus) ransomware operation is concentrating on publicly uncovered Veritas Backup Exec installations to achieve first obtain by leveraging the aforementioned 3 bugs.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The risk intelligence organization, which is tracking the affiliate actor less than its uncategorized moniker UNC4466, explained it to start with observed exploitation of the flaws in the wild on October 22, 2022.
In one particular incident detailed by Mandiant, UNC4466 obtained access to an internet-exposed Windows server, followed by carrying out a collection of steps that authorized the attacker to deploy the Rust-based ransomware payload, but not in advance of conducting reconnaissance, escalating privileges, and disabling Microsoft Defender’s serious-time monitoring ability.
Also additional by CISA to the KEV catalog is CVE-2019-1388 (CVSS rating: 7.8), a privilege escalation flaw impacting Microsoft Windows Certification Dialog that could be exploited to run processes with elevated permissions on an presently compromised host.
Upcoming WEBINARLearn to Protected the Identity Perimeter – Tested Strategies
Boost your business enterprise security with our future specialist-led cybersecurity webinar: Investigate Identity Perimeter approaches!
Really don’t Miss Out – Help save Your Seat!
The fifth vulnerability provided in the record is an details disclosure flaw in Arm Mali GPU Kernel Driver (CVE-2023-26083) that was unveiled by Google’s Menace Investigation Group (TAG) past month as abused by an unnamed spyware seller as element of an exploit chain to break into Samsung’s Android smartphones.
Federal Civilian Govt Branch Companies (FCEB) have time until April 28 to utilize the patches to protected their networks versus probable threats.
The advisory also comes as Apple released updates for iOS, iPadOS, macOS, and Safari web browser to tackle a pair of zero-working day flaws (CVE-2023-28205 and CVE-2023-28206) that it said has been exploited in authentic-planet attacks.
Identified this report interesting? Adhere to us on Twitter and LinkedIn to study extra special content material we post.
Some sections of this article are sourced from:
thehackernews.com
Taiwanese PC Company MSI Falls Victim to Ransomware Attack