The Cybersecurity and Infrastructure Security Agency (CISA) in the US has recently updated its Known Exploited Vulnerabilities Catalog to include five new issues that have been used in ransomware attacks.
One of these issues is in Veritas Backup Exec, which has been exploited by the ALPHV/BlackCat ransomware gang. Private organizations are also advised to review the Catalog and address any vulnerabilities in their infrastructure.
CISA has added the following five new issues to its Known Exploited Vulnerabilities Catalog:
CVE-2021-27876 – Veritas Backup Exec Agent File Access Vulnerability
CVE-2021-27877 – Veritas Backup Exec Agent Improper Authentication Vulnerability
CVE-2021-27878 – Veritas Backup Exec Agent Command Execution Vulnerability
CVE-2019-1388 – Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
CVE-2023-26083 – Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Exploitation of Veritas Backup Exec by UNC4466
Mandiant researchers have reported that UNC4466, an affiliate of the ALPHV/BlackCat ransomware gang, has been exploiting three of the vulnerabilities in Veritas Backup Exec to gain initial access to target networks.
This particular affiliate does not rely on stolen credentials to gain entry, making it more difficult to detect. The researchers first observed UNC4466 targeting Veritas issues in the wild on October 22, 2022.
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Google’s Threat Analysis Group (TAG) recently reported that the CVE-2023-26083 flaw in the Arm Mali GPU driver is being chained with other issues to install commercial spyware.
Addressing the Vulnerabilities
Federal agencies in the US have been ordered to fix the Veritas Backup Exec flaws by April 28, 2023, according to Binding Operational Directive (BOD) 22-01.
It is important for private organizations to review the Known Exploited Vulnerabilities Catalog and address any identified vulnerabilities in their infrastructure to protect against potential attacks.
The addition of Veritas Backup Exec vulnerabilities to the Known Exploited Vulnerabilities Catalog highlights the need for organizations to remain vigilant and take action to protect their networks. By addressing any vulnerabilities, both federal agencies and private organizations can minimize the risk of exploitation and ensure the security of their systems.