The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Kaseya

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

August 27, 2021Ravie Lakshmanan
U.S. technology firm Kaseya has  released  security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a  trio of vulnerabilities  discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The IT infrastructure management solution provider has addressed the issues in server software version 10.5.5-2 released on August 12, DIVD said. An as-yet-undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched, but the company has published  firewall rules  that can be applied to filter traffic to and from the client and mitigate any risk associated with the flaw. As an additional precaution, it's  recommended  not to leave the servers accessible over the internet. Although specifics related to the vulnerabilities are sparse, the shortcomin
Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

July 22, 2021Ravie Lakshmanan
Nearly three weeks after Florida-based software vendor Kaseya was hit by a  widespread supply-chain ransomware attack , the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the incident," the company  said  in a statement. "Kaseya obtained the tool from a third-party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor." It's not immediately unclear if Kaseya paid any ransom. It's worth noting that REvil affiliates had  demanded a ransom of $70 million  — an amount that was subsequently lowered to $50 million — but soon after, the ransomware gang mysteriously  went off the grid , shutting down their payment sites and data leak portal
Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

July 11, 2021Ravie Lakshmanan
Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack . Following the incident, the company had urged on-premises VSA customers to shut down their servers until a patch was available. Now, almost 10 days later the firm has shipped VSA version 9.5.7a (9.5.7.2994) with fixes for three new security flaws —  CVE-2021-30116 - Credentials leak and business logic flaw CVE-2021-30119 - Cross-site scripting vulnerability CVE-2021-30120 - Two-factor authentication bypass The security issues are part of a total of seven vulnerabilities that were discovered and reported to Kaseya by the Dutch Institute for Vulnerability Disclosure ( DIVD ) earlier in April, of which four other weaknesses were remediated in previous releases —
Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

July 06, 2021Ravie Lakshmanan
U.S. technology firm Kaseya, which is firefighting the largest ever  supply-chain ransomware strike  on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that REvil, the ransomware gang behind the attack, might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability ( CVE-2021-30116 ) in the software was leveraged to push ransomware to Kaseya's customers. "The attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution," the Miami-headquartered company  noted  in the incident analysis. "This allowed the attackers to leverage the standard VSA pro
REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom

REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom

July 04, 2021Ravie Lakshmanan
Amidst the massive  supply-chain ransomware attack  that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday  revealed  it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software (CVE-2021-30116) that it said were being exploited as a conduit to deploy ransomware. The non-profit entity said the company was in the process of resolving the issues as part of a coordinated vulnerability disclosure when the July 2 attacks took place. More specifics about the flaws were not shared, but DIVD chair Victor Gevers  hinted  that the zero-days are trivial to exploit. At least 1,000 businesses are said to have been affected by the attacks, with victims identified in no less than 17 countries, including the U.K., South Africa, Canada, Argentina, Mexico, Indo
Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware

Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware

July 03, 2021Ravie Lakshmanan
Threat actors behind the notorious REvil cybercrime operation appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. "Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA software," the company's CEO Fred Voccola  said  in a statement shared late Friday. Following the incident, the IT and security management services company said it took immediate steps to shut down its SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised. Voccola also said the company has identified the source of the vulnerability and that it's readying a patch to mitigate the ongoing issues. In the interim, the company also noted it intends to
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.