“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers, Lock and Code S02E13

19 July 2021

Kaseya VSA included at least “seven or eight” privately known zero-day vulnerabilities before it suffered a widespread ransomware attack that impacted hundreds of businesses, said Victor Gevers, chair of the Dutch Institute for Vulnerability Disclosure, or DIVD, a volunteer-run organization that found a remote code execution flaw in Kaseya VSA on April 1, 2021. In speaking with Malwarebytes for its Lock and Code podcast (embedded below), Gevers revealed that Kaseya VSA’s vulnerabilities represent just one data point in a far larger and more worrying trend—that Internet-facing remote administration tools are rife with flaws and that, as organizations increasingly rely on such tools for working-from-home environments, cybercriminals will increasingly discover, target, and exploit those flaws.

Read full article on Malwarebytes Unpacked

Date:

19 July 2021

Categorie(s):

NEWS

Tag(s):

Codes, IT, Kaseya, Podcasts, VSA

Microsoft, Google widen passkey support for its users3 May 2024
Cyble Vision X covers the entire breach lifecycle3 May 2024
Leveraging Big Data for Enhanced Cybersecurity Solutions3 May 2024
BlackBerry CylanceMDR improves cybersecurity defensive strategy3 May 2024
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data3 May 2024