Sunday, October 17, 2021

Kaseya releases patches for flaws exploited in the REvil ransomware attack

Must Read

Cyber Criminals Exploit zero-day vulnerability in FTA servers for Data Theft and Extortion

Cybersecurity company FireEye said today cybercriminal gang known as FIN11 performed a zero-day attack on Accellion FTA servers that...

Hacker leaks the user Information of event management app Peatix

Over 4.2 million consumer accounts are made available for downloading online earlier this month.A hacker has leaked that this...

FICO Creates cryptocurrency Commerce Threat solution for banks

FICO has awakened with Bitfury Group to make a cryptocurrency hazard appraisal solution for financial institutions.The program will bring...

Kaseya Florida-based software vendor On Sunday rolled out a security update for the VSA zero-day vulnerabilities exploited by the REvil ransomware gang in the massive ransomware supply chain attack.

Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers. MSPs can deploy VSA on-premise using their servers or utilize Kaseya’s cloud-based SaaS solution.

The company announced last week that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack.

In response to the incident, the company had urged customers to shut down their on-premise VSA servers until a patch was available. Now, almost 10 days later the firm has shipped VSA version 9.5.7a (9.5.7.2994) with fixes for three new security flaws —

  • CVE-2021-30116 – Credentials leak and business logic flaw
  • CVE-2021-30119 – Cross-site scripting vulnerability
  • CVE-2021-30120 – Two-factor authentication bypass

In April, the Dutch Institute for Vulnerability Disclosure (DIVD) disclosed seven vulnerabilities to Kaseya. Four of Them were already patched in previous versions

  • CVE-2021-30117 – SQL injection vulnerability (Fixed in VSA 9.5.6)
  • CVE-2021-30118 – Remote code execution vulnerability (Fixed in VSA 9.5.5)
  • CVE-2021-30121 – Local file inclusion vulnerability (Fixed in VSA 9.5.6)
  • CVE-2021-30201 – XML external entity vulnerability (Fixed in VSA 9.5.6)

Besides these fixes, the latest version also remedies three other flaws:

  • Fixed an issue where the secure flag was not being used for User Portal session cookies. 
  • Fixed an issue where certain API responses would contain a password hash, potentially exposing any weak passwords to brute force attack. The password value is now masked completely. 
  • Fixed a vulnerability that could allow the unauthorized upload of files to the VSA server. 

For additional security, Kaseya is recommending limiting access to the VSA Web GUI to local IP addresses by blocking port 443 inbound on your internet firewall.

Below are the basic steps that admins should perform before starting up VSA servers again and connecting them to the Internet:

  • Ensure your VSA server is isolated 
  • Check System for Indicators of Compromise (IOC)  
  • Patch the Operating Systems of the VSA Servers 
  • Using URL Rewrite to control access to VSA through IIS 
  • Install FireEye Agent 
  • Remove Pending Scripts/Jobs

Once installed the security updates, all users Reset their password and create a new one.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This