The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday additional 5 security flaws to its Recognised Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation in the wild.
This consists of a few substantial-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could direct to the execution of privileged instructions on the fundamental technique. The flaws had been fixed in a patch unveiled by Veritas in March 2021.
- CVE-2021-27876 (CVSS score: 8.1) – Veritas Backup Exec Agent File Accessibility Vulnerability
- CVE-2021-27877 (CVSS rating: 8.2) – Veritas Backup Exec Agent Improper Authentication Vulnerability
- CVE-2021-27878 (CVSS score: 8.8) – Veritas Backup Exec Agent Command Execution Vulnerability
Google-owned Mandiant, in a report posted past 7 days, revealed that an affiliate affiliated with the BlackCat (aka ALPHV and Noberus) ransomware procedure is targeting publicly uncovered Veritas Backup Exec installations to acquire initial access by leveraging the aforementioned three bugs.
The threat intelligence company, which is monitoring the affiliate actor beneath its uncategorized moniker UNC4466, said it initially noticed exploitation of the flaws in the wild on October 22, 2022.
In one incident in depth by Mandiant, UNC4466 received entry to an internet-exposed Windows server, followed by carrying out a sequence of actions that authorized the attacker to deploy the Rust-centered ransomware payload, but not before conducting reconnaissance, escalating privileges, and disabling Microsoft Defender’s genuine-time checking ability.
Also added by CISA to the KEV catalog is CVE-2019-1388 (CVSS rating: 7.8), a privilege escalation flaw impacting Microsoft Windows Certification Dialog that could be exploited to operate processes with elevated permissions on an currently compromised host.
Upcoming WEBINARLearn to Secure the Identification Perimeter – Established Methods
Improve your enterprise security with our forthcoming pro-led cybersecurity webinar: Examine Id Perimeter approaches!
Do not Miss out on Out – Preserve Your Seat!
The fifth vulnerability involved in the list is an details disclosure flaw in Arm Mali GPU Kernel Driver (CVE-2023-26083) that was unveiled by Google’s Menace Assessment Team (TAG) very last thirty day period as abused by an unnamed spy ware seller as component of an exploit chain to crack into Samsung’s Android smartphones.
Federal Civilian Executive Branch Businesses (FCEB) have time till April 28 to implement the patches to secure their networks from prospective threats.
The advisory also arrives as Apple unveiled updates for iOS, iPadOS, macOS, and Safari web browser to handle a pair of zero-day flaws (CVE-2023-28205 and CVE-2023-28206) that it claimed has been exploited in genuine-earth attacks.
Identified this report fascinating? Follow us on Twitter and LinkedIn to read through additional exclusive written content we article.
Some parts of this article are sourced from:
thehackernews.com