Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Kaseya patches VSA vulnerabilities used in REvil ransomware attack
#1
Quote:Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers.

Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers. MSPs can deploy VSA on-premise using their servers or utilize Kaseya's cloud-based SaaS solution.


In April, the Dutch Institute for Vulnerability Disclosure (DIVD) disclosed seven vulnerabilities to Kaseya:

CVE-2021-30116 - A credentials leak and business logic flaw, to be included in 9.5.7
CVE-2021-30117 - An SQL injection vulnerability, resolved in May 8th patch.
CVE-2021-30118 - A Remote Code Execution vulnerability, resolved in April 10th patch. (v9.5.6)
CVE-2021-30119 - A Cross Site Scripting vulnerability, to be included in 9.5.7
CVE-2021-30120 - 2FA bypass, to be resolved in v9.5.7
CVE-2021-30121 - A Local File Inclusion vulnerability, resolved in May 8th patch.
CVE-2021-30201 - A XML External Entity vulnerability, resolved in May 8th patch.
Kaseya had implemented patches for most of the vulnerabilities on their VSA SaaS service but had not completed the patches for the on-premise version of VSA.

Unfortunately, the REvil ransomware gang beat Kaseya to the finish line and utilized these vulnerabilities to launch a massive attack on July 2nd against approximately 60 MSPs using on-premise VSA servers and 1,500 business customers.

It is unclear which vulnerabilities were used in the attack, but it is believed to be one or a combination of CVE-2021-30116, CVE-2021-30119, and CVE-2021-30120.



Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  REvil ransomware has a new ‘Windows Safe Mode’ encryption mode tarekma7 0 1,237 03-19-2021 , 01:25 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)