Vulnerability

Kaseya Releases Patch and Restores VSA Servers Following Ransomware Attack

Kaseya released some emergency updates on July 11, and these updates also fix the vulnerabilities that are present in the Virtual System Administrator (VSA) software, which has affected 1500 companies around the world.

However, this ransomware attack has affected hundreds of companies all over the world, but luckily Kaseya has restored its servers. After completing the restoration process, the company claimed in the report that after several days of delay they have successfully recovered all its servers.

Kaseya Releases Patch

After encountering such ransomware attacks, Kaseya has requested all its VSA customers to shut down their servers until and unless a patch comes. 

Luckily Kaseya discovered the VSA 9.5.7a (9.5.7.2994) update and it comes with patches that fix the vulnerabilities which have been used in the REvil ransomware attack.

However, with this new update, Kaseya has fixed mentioned below vulnerabilities:-

  • Credentials leak and business logic flaw: CVE-2021-30116
  • Cross-Site Scripting vulnerability: CVE-2021-30119
  • 2FA bypass: CVE-2021-30120
  • It has also fixed an issue where the secure flag was not being utilized for User Portal session cookies.
  • The update also fixed the problem where the API responses would have a password hash, which is exposing any weak passwords to a brute force attack. T
  • Fixed a vulnerability that enables the unauthorized upload of files to the VSA server.

Kaseya Fixed three on-premise VSA Bugs

According to the report, the company has fixed three on-premise VSA bugs, and here we have mentioned them below:-

  • CVE-2021-30116 – A credentials leak and business logic flaw, included in version 9.5.7.
  • CVE-2021-30119 – A cross-site scripting (CSS) vulnerability, included in version 9.5.7.
  • CVE-2021-30120 – A bypass of two-factor authentication (2FA), included in version 9.5.7.

Kaseya Restored its Servers

As we said above that after few weeks of the attack, Kaseya has luckily restored its servers. However, after restoring its servers, the company stated that they will keep publishing updates on different progress and they will also provide a proper implementation of the (security) patch.

Moreover, the analysts have asserted that this attack can be one of the largest ransomware attacks. Apart from this the analysts also stated in the report that this kind of ransomware attack is a lucrative way to take hostages on a digital level and demand a huge amount of money from the victims.

According to the experts, this ransomware has attacked a major Swedish supermarket chain, that consists of 800 stores all around the world, and not only this but this attack has also affected several businesses in at least 17 countries.

Worried about Cyberattacks!! here is the all in One Security Platform that can help you secure your Cloud Web Applications and Data.

Sponsored

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards : Patch Now

Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…

2 hours ago

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

15 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

17 hours ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

19 hours ago

Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT

Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…

19 hours ago

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

23 hours ago