The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday included 5 security flaws to its Acknowledged Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
This features 3 superior-severity flaws in the Veritas Backup Exec Agent application (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged instructions on the underlying program. The flaws were being fixed in a patch launched by Veritas in March 2021.
- CVE-2021-27876 (CVSS score: 8.1) – Veritas Backup Exec Agent File Entry Vulnerability
- CVE-2021-27877 (CVSS score: 8.2) – Veritas Backup Exec Agent Poor Authentication Vulnerability
- CVE-2021-27878 (CVSS score: 8.8) – Veritas Backup Exec Agent Command Execution Vulnerability
Google-owned Mandiant, in a report released previous week, discovered that an affiliate involved with the BlackCat (aka ALPHV and Noberus) ransomware operation is concentrating on publicly uncovered Veritas Backup Exec installations to achieve first obtain by leveraging the aforementioned 3 bugs.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The risk intelligence organization, which is tracking the affiliate actor less than its uncategorized moniker UNC4466, explained it to start with observed exploitation of the flaws in the wild on October 22, 2022.
In one particular incident detailed by Mandiant, UNC4466 obtained access to an internet-exposed Windows server, followed by carrying out a collection of steps that authorized the attacker to deploy the Rust-based ransomware payload, but not in advance of conducting reconnaissance, escalating privileges, and disabling Microsoft Defender’s serious-time monitoring ability.
Also additional by CISA to the KEV catalog is CVE-2019-1388 (CVSS rating: 7.8), a privilege escalation flaw impacting Microsoft Windows Certification Dialog that could be exploited to run processes with elevated permissions on an presently compromised host.
Upcoming WEBINARLearn to Protected the Identity Perimeter – Tested Strategies
Boost your business enterprise security with our future specialist-led cybersecurity webinar: Investigate Identity Perimeter approaches!
Really don’t Miss Out – Help save Your Seat!
The fifth vulnerability provided in the record is an details disclosure flaw in Arm Mali GPU Kernel Driver (CVE-2023-26083) that was unveiled by Google’s Menace Investigation Group (TAG) past month as abused by an unnamed spyware seller as element of an exploit chain to break into Samsung’s Android smartphones.
Federal Civilian Govt Branch Companies (FCEB) have time until April 28 to utilize the patches to protected their networks versus probable threats.
The advisory also comes as Apple released updates for iOS, iPadOS, macOS, and Safari web browser to tackle a pair of zero-working day flaws (CVE-2023-28205 and CVE-2023-28206) that it said has been exploited in authentic-planet attacks.
Identified this report interesting? Adhere to us on Twitter and LinkedIn to study extra special content material we post.
Some sections of this article are sourced from:
thehackernews.com
Taiwanese PC Company MSI Falls Victim to Ransomware Attack