CISA: Urgent patching for Veritas Backup Exec bugs needed

BleepingComputer reports that federal agencies have been urged by the Cybersecurity and Infrastructure Security Agency to address five actively exploited security vulnerabilities, three of which impact Veritas Backup Exec instances and have been leveraged by the ALPHV/BlackCat ransomware operation, by April 28. Aside from including the Veritas Backup Exec flaws, tracked as CVE-2021-27877, CVE-2021-27876, and CVE-2021-27878, CISA has also added a zero-day impacting Arm's Mali GPU to target Samsung's web browser, tracked as CVE-2023-26083, and another bug affecting Microsoft Windows Certificate Dialog, tracked as CVE-2019-1388, to its Known Exploited Vulnerabilities catalog. Threat actors leveraged CVE-2023-26083 in an exploit chain facilitating the delivery of commercial spyware, while CVE-2019-1388 has been used in attacks allowing process execution with elevated privileges on already compromised devices. While only federal agencies have been required to remediate the aforementioned vulnerabilities, all private firms around the world are urged to prioritize patching the flaws as well.