CISA Alerts on Five Actively Exploited Security Vulnerabilities: Immediate Action Needed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.

  • CVE-2021-27876 (CVSS score: 8.1) – File Access Vulnerability
  • CVE-2021-27877 (CVSS score: 8.2) – Improper Authentication Vulnerability
  • CVE-2021-27878 (CVSS score: 8.8) – Command Execution Vulnerability

A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.

CISA Alerts Businesses to Five Critical Security Vulnerabilities: Immediate Response Needed

On April 10, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory concerning five newly identified security vulnerabilities now included in its Known Exploited Vulnerabilities (KEV) catalog. This addition is backed by evidence indicating active exploitation in operational environments, underscoring the necessity for prompt action to mitigate potential risks.

Among the highlighted vulnerabilities are three high-severity flaws found in the Veritas Backup Exec Agent software: CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878. These flaws pose significant threats as they could allow unauthorized execution of privileged commands on the affected systems. Veritas has acknowledged these issues and released security patches in March 2021 aimed at addressing them. The vulnerabilities are rated with Critical Vulnerability Scoring System (CVSS) scores of 8.1, 8.2, and 8.8 respectively, affirming their severity and the potential impact on enterprise security.

Veritas Backup Exec Agent CVE-2021-27876 details a file access vulnerability that could be exploited by malicious actors to gain unauthorized access to sensitive files. Meanwhile, CVE-2021-27877 pertains to improper authentication mechanisms within the software, which could be leveraged to bypass security protocols. The third vulnerability, CVE-2021-27878, aspires to command execution abilities, allowing attackers to execute arbitrary commands that could compromise system integrity.

Further complicating the security landscape, a recent report from Mandiant, a Google-owned security firm, has linked vulnerabilities to an affiliate group connected to the BlackCat ransomware operation, also known as ALPHV or Noberus. The report highlights a growing trend in exploit adoption among ransomware actors, amplifying the urgency for organizations to address these vulnerabilities.

Organizations utilizing the Veritas Backup Exec Agent should prioritize the application of available patches to safeguard their systems against exploitation. Failure to do so not only heightens risk but may also open pathways for advanced persistent threats.

Employing the MITRE ATT&CK framework provides helpful insights into potential tactics and techniques used in these attacks. Adversaries may leverage initial access through exploitation of known vulnerabilities, and once access is gained, they could employ privilege escalation techniques to gain greater control over the system. Persistence methods may also be utilized to maintain access, keeping the network vulnerable to future incidents.

As the cybersecurity threat landscape continues to evolve, businesses must remain vigilant and proactive in addressing identified vulnerabilities. The responsibility falls on organizations to stay informed about emerging risks and implement robust security measures to protect against the evolving capabilities of cyber adversaries. With the clear framework provided by CISA and resources like the MITRE ATT&CK matrix, business owners should be better equipped to anticipate and mitigate these threats effectively.

Source link

Related Posts

MSI Confirms Ransomware Attack, Initiates Recovery Measures

In an official statement, Taiwanese PC manufacturer MSI (Micro-Star International) acknowledged being targeted by a cyber attack. The company quickly began implementing incident response and recovery protocols after observing “network anomalies.” MSI has informed law enforcement but did not provide details regarding the timing of the attack or whether any proprietary information, like source code, was compromised. The company reported that affected systems are gradually returning to normal operations with no major impact on its financial activities. In a regulatory filing with the Taiwan Stock Exchange, MSI announced plans to enhance its network and infrastructure security and advised users to obtain firmware and BIOS updates exclusively from its official website to ensure their data’s safety.

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…