Patch now! Security patch closes REvil vulnerability in Kaseya VSA

Share your love

or more than a week after attacks on Kaseya customers who use the VSA platform to manage software became known, a security patch has now been released. Admins should act immediately and install the secured version.

If this does not happen, attackers can target three vulnerabilities (CVE-2021-30116, CVE-2021-30119, CVE-2021-30120) and install the REvil extortion trojan on systems. The malware encrypts files and demands a ransom.

Put attackers successfully at the as “critical“If you encounter a classified vulnerability with the identifier CVE-2021-30116, you could gain unauthorized access in a way that is not described in detail. The threat level of the other two vulnerabilities has not yet been classified. Successful attacks can, however, lead to attackers using a two-factor Bypass authentication Security researchers assume that the attackers combine the loopholes.

Now the output has been shifted several times VSA 9.5.7a (9.5.7.2994) available as a download. According to Kaseya, this closes the gateways for REvil. Before admins install the update, they should urgently follow a few security tips that Kaseya has put together in a post.

Among other things, they point out that vulnerable VSA servers must be isolated from other systems before they can go online again. Otherwise an infection could take place and spread through the network. also should check admins with toolswhether servers are already compromised. It is also very important that VSA servers cannot be reached directly from the Internet.

Assured in an updated warning message Kaseya that 95 percent of the cloud VSA servers (SaaS) are now secured and online again. Customers with their own installations (on premise) have to install the patch themselves.

This is a supply chain attack. The IT management software VSA from Kaseya is affected. This allows admins in companies to update applications remotely, among other things. Thousands of customers around the world use VSA.

Due to security gaps in this software, the REvil backers attack the Kaseya customers. Kaseya states that around 60 customers are directly affected. Due to the domino effect of such a supply chain attack, they assume around 1,500 companies are affected.


(of)

Article Source

Read Also   Oracle increases sales and profits significantly
Share your love