Security News > 2021 > July > Kaseya was fixing zero-day just as REvil ransomware sprung their attack
The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack.
The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure, and Kaseya was validating the patch before they rolled it out to customers.
In what can only be seen as a case of bad timing, the REvil ransomware gang beat Kaseya and used the same zero-day to conduct their Friday night attack against managed service providers worldwide and their customers.
"After this crisis, there will be the question of who is to blame. From our side, we would like to mention Kaseya has been very cooperative. Once Kaseya was aware of our reported vulnerabilities, we have been in constant contact and cooperation with them. When items in our report were unclear, they asked the right questions," said DIVD Victor Gevers in a blog post today.
The zero-day Kaseya vulnerability was discovered by DIVD researcher Wietse Boonstra and was assigned the CVE-2021-30116 identifier.
Since the onset of the attacks, DIVD researchers have been providing a list of publicly accessible VSA IP addresses and customer IDs to Kaseya to get the servers offline.
News URL
Related news
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-30116 | Insufficiently Protected Credentials vulnerability in Kaseya VSA Agent and VSA Server Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. | 9.8 |