BOOK THIS SPACE FOR AD
ARTICLE ADUS CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog:
CVE-2021-27876 – Veritas Backup Exec Agent File Access Vulnerability CVE-2021-27877 – Veritas Backup Exec Agent Improper Authentication Vulnerability CVE-2021-27878 – Veritas Backup Exec Agent Command Execution Vulnerability CVE-2019-1388 – Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability CVE-2023-26083 – Arm Mali GPU Kernel Driver Information Disclosure VulnerabilityThis week Mandiant researchers reported that an affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting the three above vulnerabilities in the Veritas Backup solution to gain initial access to the target network.
Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022.
The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this flaw by April 28, 2023.
Recently CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices.
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)