According to the latest reports, the U.S. Cybersecurity and Infrastructure Security Agency recently added five security flaws to its Known Exploited Vulnerabilities catalog, mentioning evidence of active exploitation.
Urgent Action Needed Against These High Severity Security Flaws
The point worth mentioning here is that the three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) have the ability to lead to the execution of confidential commands on the underlying system. The flaws were rectified in a patch released by Veritas back in March 2021.
In a report published last week by Google-owned Mandiant, it was revealed that a companion associated with the BlackCat ransomware operation is targeting publicly exposed Veritas Backup Exec installations in order to get initial access by leveraging the above-mentioned three bugs.
The threat intelligence firm, which has been tracking the affiliate actor under its uncategorized moniker UNC4466, claims that it first observed exploitation of the flaws on October 22, 2022. Once UNC4466 acquired access to an internet-exposed Windows server and then carried out a series of actions that allowed the hacker to deploy the ransomware payload.
On the other hand, CVE-2019-1388 is a privilege escalation flaw that has been affecting Microsoft Windows Certificate Dialog to run procedures with elevated permissions on an already compromised host.
The fifth vulnerability CVE-2023-26083 was revealed by Google’s Threat Analysis Group (TAG) last month. It was part of an exploit chain to break into Samsung’s Android smartphones. FCEB has been given time till April 28 to apply the patches in order to secure their networks against potential threats.
The advisory came when Apple released updates for iOS, iPadOS, macOS, and Safari web browsers to handle a pair of zero-day flaws (CVE-2023-28205 and CVE-2023-28206) that it claims have been exploited in real-world attacks.
