GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 08-Jul-2021 18:00:54 UTC
-
GeniusMusing (geniusmusing@nu.federati.net)'s status on Thursday, 08-Jul-2021 18:00:54 UTC GeniusMusing TLDR: Security company fails at securing it's own stuff for months and years.
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software – Krebs on Security
https://nu.federati.net/url/281844
>Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
>
>On July 3, the REvil ransomware affiliate program began using a zero-day security hole (CVE-2021-30116) to deploy ransomware to hundreds of IT management companies running Kaseya’s remote management software — known as the Kaseya Virtual System Administrator (VSA).
>
>According to this entry for CVE-2021-30116, the security flaw that powers that Kaseya VSA zero-day was assigned a vulnerability number on April 2, 2021, indicating Kaseya had roughly three months to address the bug before it was exploited in the wild.
>
>Also on July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site —portal.kaseya.net — was vulnerable to CVE-2015-2862, a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.
>
>As its name suggests, CVE-2015-2862 was issued in July 2015. Six years later, Kaseya’s customer portal was still exposed to the data-leaking weakness.
>...