Exchange auto-config protocol leaks Windows logins en masse itnews.com.au - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from itnews.com.au Daily Mail and Mail on Sunday newspapers.
By Juha Saarinen on Jul 9, 2021 10:16AM Source: Trustwave
Malware in attack excludes former Soviet bloc nations and Syria.
The Kaseya Virtual Systems Administration (VSA) remote management and monitoring system software that was hijacked in a devastating ransomware attack had multiple critical vulnerabilities, security researchers found.
Researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) found seven vulnerabilites in Kaseya VSA on-premise, and reported them to the vendor ahead of last week s REvil attacks worldwide.
Kaseya was quick to respond and to develop patches for four of the vulnerabilites but two critical bugs remain to be addressed. As we stated before, Kaseya’s response to our disclosure has been on point and timely; unlike other vendors, we have previously disclosed vulnerabilities to, DIVD researcher Frank Breedijk wrote.