The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed federal agencies to patch three Veritas Backup Exec flaws exploited in ransomware attacks.
Veritas Backup Exec, a data backup product, supports virtual environments (like VMware and Hyper-V) as well as desktop operating systems in mixed environments (including Amazon S3, Microsoft Azure, and Google Cloud Storage). The three issues that CISA has added to its “Must Patch” list were tracked as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878 and were made public in March 2021 when Veritas released patches.
In a report released last week, Mandiant cautioned that the three flaws had been used to gain initial access in Alphv (BlackCat) ransomware attacks.
Read More: Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.