Kaseya Releases Patches for Vulnerabilities Exploited in Ransomware Attack

Kaseya Patches
Share It On:

13th July 2021, Kathmandu

Patches have been released for vulnerabilities exploited in ransomware attacks by Kaseya. A software patch has been released by software vendor Kaseya located in Florida. Critical vulnerabilities were used to target more than 1500 businesses worldwide as part of a supply-chain ransomware attack. The organization had requested customers to shut down their server until the patch is deployed. The fix has been implemented after 10 days for the three flaws.

CVE-2021-30116 – Credentials leak + business logic flaw

CVE-2021-30119 – Cross-site scripting vulnerability

CVE-2021-30120 – Two-factor authentication bypass

The newer version available is VSA version 9.5.7a (9.5.7.2994)

Dutch Institute for Vulnerability Disclosure had been discovered and ethically reported to Kaseya.

The vulnerabilities included SQL injection, remote code execution, local file inclusion, and XML external entity vulnerability, which has now been fixed.

A mandatory password change has been imposed upon the customers by Kaseya, and services are now being restored (more than 60% have been restored already).

Multiple flaws had been chained for the sophisticated attack.


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a