Security News > 2021 > July > Kaseya patches VSA vulnerabilities used in REvil ransomware attack

Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers.

Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers.

Kaseya had implemented patches for most of the vulnerabilities on their VSA SaaS service but had not completed the patches for the on-premise version of VSA. Unfortunately, the REvil ransomware gang beat Kaseya to the finish line and utilized these vulnerabilities to launch a massive attack on July 2nd against approximately 60 MSPs using on-premise VSA servers and 1,500 business customers.

Almost ten days after the attacks, Kaseya has released the VSA 9.5.7a update to fix the vulnerabilities used in the REvil ransomware attack.

For additional security, Kaseya is also suggesting on-premise VSA admin restrict access to the web GUI to local IP addresses and those known to be used by security products.

"For VSA On-Premises installations, we have recommended limiting access to the VSA Web GUI to local IP addresses by blocking port 443 inbound on your internet firewall. Some integrations may require inbound access to your VSA server on port 443. Below are a list of IP addresses you can whitelist in your firewall, if you are using these integrations with your VSA On-Premises product." explains Kaseya.

News URL

https://www.bleepingcomputer.com/news/security/kaseya-patches-vsa-vulnerabilities-used-in-revil-ransomware-attack/