CISA Warns of 5 Actively Exploited Security Flaws

Laiba MohsinLast Updated: Apr 10, 2023
Security Flaws

According to the latest reports, the U.S. Cybersecurity and Infrastructure Security Agency recently added five security flaws to its Known Exploited Vulnerabilities catalog, mentioning evidence of active exploitation.

Urgent Action Needed Against These High Severity Security Flaws

The point worth mentioning here is that the three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) have the ability to lead to the execution of confidential commands on the underlying system. The flaws were rectified in a patch released by Veritas back in March 2021.

  • CVE-2021-27876 (CVSS score: 8.1) – Veritas Backup Exec Agent File Access Vulnerability
  • CVE-2021-27877 (CVSS score: 8.2) – Veritas Backup Exec Agent Improper Authentication Vulnerability
  • CVE-2021-27878 (CVSS score: 8.8) – Veritas Backup Exec Agent Command Execution Vulnerability

In a report published last week by Google-owned Mandiant, it was revealed that a companion associated with the BlackCat ransomware operation is targeting publicly exposed Veritas Backup Exec installations in order to get initial access by leveraging the above-mentioned three bugs.

The threat intelligence firm, which has been tracking the affiliate actor under its uncategorized moniker UNC4466, claims that it first observed exploitation of the flaws on October 22, 2022. Once UNC4466 acquired access to an internet-exposed Windows server and then carried out a series of actions that allowed the hacker to deploy the ransomware payload.

On the other hand, CVE-2019-1388 is a privilege escalation flaw that has been affecting Microsoft Windows Certificate Dialog to run procedures with elevated permissions on an already compromised host.

The fifth vulnerability CVE-2023-26083 was revealed by Google’s Threat Analysis Group (TAG) last month. It was part of an exploit chain to break into Samsung’s Android smartphones. FCEB has been given time till April 28 to apply the patches in order to secure their networks against potential threats.

The advisory came when  Apple released updates for iOS, iPadOS, macOS, and Safari web browsers to handle a pair of zero-day flaws (CVE-2023-28205 and CVE-2023-28206) that it claims have been exploited in real-world attacks.

Also Read: Get Ready For These Two Highly-Requested Tekken 8 Features – (phoneworld.com.pk)

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Laiba MohsinLast Updated: Apr 10, 2023
Photo of Laiba Mohsin

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>