Kaseya VSA contained multiple vulnerabilities

By
Juha Saarinen
on Jul 9, 2021 10:16AM
Source: Trustwave
Malware in attack excludes former Soviet bloc nations and Syria.
The Kaseya Virtual Systems Administration (VSA) remote management and monitoring system software that was hijacked in a devastating ransomware attack had multiple critical vulnerabilities, security researchers found.
Researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) found seven vulnerabilites in Kaseya VSA on-premise, and reported them to the vendor ahead of last week's REvil attacks worldwide.
Kaseya was quick to respond and to develop patches for four of the vulnerabilites but two critical bugs remain to be addressed.
"As we stated before, Kaseya’s response to our disclosure has been on point and timely; unlike other vendors, we have previously disclosed vulnerabilities to," DIVD researcher Frank Breedijk wrote.

Related Keywords

Syria ,United States ,Netherlands ,Russia ,Romania ,Ukraine ,Belarus ,Russian ,Romanian ,Belarusian ,Ukrainian ,Soviet ,Dutch ,Frank Breedijk ,Dutch Institute For Vulnerability Disclosure ,Microsoft ,Kaseya Virtual Systems Administration ,Dutch Institute ,Vulnerability Disclosure ,Structured Query Language ,Extended Markup Language ,Common Vulnerability Scoring System ,Spider Labs ,Central Asia ,சிரியா ,ஒன்றுபட்டது மாநிலங்களில் ,நெதர்லாந்து ,ரஷ்யா ,ரோமானியா ,உக்ரைன் ,பெலாரஸ் ,ரஷ்ய ,ரோமானியன் ,உக்ரேனிய ,சோவியத் ,டச்சு ,மைக்ரோசாஃப்ட் ,டச்சு நிறுவனம் ,கட்டமைக்கப்பட்ட வினவல் மொழி ,சிலந்தி ஆய்வகங்கள் ,மைய ஆசியா ,