Free Republic

Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform Kaseya, impacting both other MSPs using its VSA software and their customers. For the initial attack vector, REvil operators exploited an authentication bypass zero-day (CVE-2021-30116) in the web interface of the Kaseya VSA server to gain an authenticated session. Then, the attackers uploaded the payload and executed a command via SQL injection to deploy the malicious updates. Ransomware operators initially asked the owners of systems infected in this campaign $44,999 worth of Bitcoin. Later, they changed tactics and demanded...

Supply chain cyberattack could have wide blast radius through compromised MSPs Software maker Kaseya Limited is urging users of its VSA endpoint management and network monitoring tool to immediately shut down VSA servers to prevent them from being compromised in a widespread ransomware attack. According to Kaseya, the attack began around 2PM ET on Friday. The company said that while the incident only appears to impact on-premises customers, SaaS servers have also been shut down as a precautionary measure. While the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) had not yet issued an official alert as of...

Hundreds of American businesses have been hit by a ransomware attack ahead of the Fourth of July holiday weekend, according to the cybersecurity company Huntress Labs. Huntress Labs said on Friday that 200 American businesses were hit after an incident at the Miami-based IT firm Kaseya, potentially marking the latest in a line of hacks destabilizing US companies. “This is a colossal and devastating supply chain attack,” John Hammond, a senior security researcher with Huntress, said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users...