The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
Three of the added vulnerabilities were found in the Veritas Backup Exec Agent software and were used by threat actors to deploy ransomware, another one was exploited as zero-day as part of an exploit chain that targeted Samsung’s web browser, and the fifth one was used to escalate privileges on Windows machines.
Three Vulnerabilities Exploited by BlackCat Ransomware
Only one of the five vulnerabilities that CISA added to the list of Known Exploited Vulnerabilities (KEV) today was classified as significant, a flaw in Veritas’ data protection software that permits remote access and command execution with elevated privileges and is tracked as CVE-2021-27877.
Security researchers found that the aforementioned vulnerability was used by an ALPHV/BlackCat ransomware operations affiliate to gain initial access to a target network.
The attack also made use of the other two vulnerabilities affecting Veritas Backup Exec (CVE-2021-27876, CVE-2021-27878), allowing the attacker to access arbitrary files and run arbitrary commands on the system.
Veritas patched all three vulnerabilities all the way back in March 2021. Currently, thousands of Backup Exec instances are reachable over the public web.
Zero-Day Vulnerability Found Affecting Samsung’s Web Browser
A zero-day vulnerability leveraged against Samsung’s web browser was also added to the KEV catalog. The flaw is being tracked as CVE-2023-26083 and affects the Mali GPU driver from Arm.
The security flaw is an information leak that permits the exposure of critical kernel metadata and was a component of an exploit chain that delivered commercial spyware in a campaign that Google’s Threat Analysis Group (TAG) first identified in December 2022.
The other vulnerabilities used in the exploit chain, some of which were zero-days at the time of the assault, were cataloged by CISA in a prior KEV update at the end of March.
The fifth and final vulnerability recently highlighted by CISA is CVE-2019-1388, a flaw impacting the Microsoft Windows Certificate Dialog, known to be used in attacks impacting run processes with elevated privileges on a previously compromised machine.
CISA gave federal agencies in the U.S. time until April 28th to check if their systems are impacted by the newly added vulnerabilities, and to apply the required updates.
Federal Civilian Executive Branch Agencies (FCEB) agencies must verify and update their networks for all flaws listed in the KEV catalog, which presently contains 911 items, as part of the binding operational directive (BOD 22-01), which takes effect in November 2021.
Even though KEV is primarily intended for federal organizations, it is strongly advised that commercial businesses worldwide tackle the vulnerabilities in the catalog with priority.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.