Security News > 2021 > July > Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted
The worldwide July 2 attacks on the Kaseya Virtual System/Server Administrator platform by the REvil ransomware gang turn out to be the result of exploits for at least one zero-day security vulnerability, and the company is swinging into full mitigation mode, with patches for the on-premise version coming soon, likely Wednesday or Thursday, it said.
The attacks on the VSA are now estimated to have led to the encryption of files for around 60 Kaseya customers using the on-premises version of the platform - many of which are managed service providers who use VSA to manage the networks of other businesses.
Kaseya also took the software-as-a-service platform offline, reducing significantly the number of customers exposed to the internet and therefore for to attacks.
The attack itself appears to be more akin to the Accellion attacks that cropped up all spring rather than the devastating SolarWinds supply-chain attack earlier this year.
Bad actors with connections to the FIN11 and the Clop ransomware gang hit multiple Accellion FTA customers in the financially motivated attacks, including the Jones Day Law Firm, Kroger and Singtel.
Kaseya knew about one bug before the attacks started - it had been reported to the company by the Dutch Institute for Vulnerability Disclosure.
News URL
https://threatpost.com/kaseya-patches-zero-day-exploits/167548/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)