Tag

Veritas Backup Exec

All articles tagged with #veritas backup exec

software-security-cyber-threat2 years ago•2 min saved

CISA Issues Urgent Warnings on Multiple Security Flaws and Ransomware Attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security flaws to its Known Exploited Vulnerabilities catalog, including three high-severity flaws in Veritas Backup Exec Agent software that could lead to the execution of privileged commands on the underlying system. Mandiant has revealed that an affiliate associated with the BlackCat ransomware operation is targeting publicly exposed Veritas Backup Exec installations to gain initial access by leveraging the aforementioned three bugs. Federal Civilian Executive Branch Agencies have until April 28, 2023, to apply the patches to secure their networks against potential threats.

via The Hacker News|

#cisa #microsoft-windows-certificate-dialog #ransomware

cybersecurity2 years ago•2 min saved

ALPHV ransomware leverages Veritas Backup Exec vulnerabilities for entry

The ALPHV ransomware affiliate, UNC4466, has been observed exploiting three vulnerabilities in Veritas Backup Exec to gain initial access to target networks. The flaws, which were disclosed in March 2021, allow for arbitrary file access, remote unauthorized access, and arbitrary command execution. Despite a fix being released over two years ago, many endpoints remain vulnerable. UNC4466 uses publicly-available tools like Metasploit and SOCKS5 tunneling to communicate with the command and control server and evade detection. Mandiant provides guidance for defenders to detect and mitigate these attacks.

via BleepingComputer|

#alphv-ransomware #cybersecurity #mandiant