US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog:
CVE-2021-27876 – Veritas Backup Exec Agent File Access Vulnerability
CVE-2021-27877 – Veritas Backup Exec Agent Improper Authentication Vulnerability
CVE-2021-27878 – Veritas Backup Exec Agent Command Execution Vulnerability
CVE-2019-1388 – Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
CVE-2023-26083 – Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
This week Mandiant researchers reported that an affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting the three above vulnerabilities in the Veritas Backup solution to gain initial access to the target network.
Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022.
The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this flaw by April 28, 2023.
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERSVote for me in the sections:
The Teacher – Most Educational Blog
The Entertainer – Most Entertaining Blog
The Tech Whizz – Best Technical Blog
Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
The post CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.