Supply-chain cyberattack against Kaseya VSA software
Software company Kaseya, dedicated to offer IT solutions and products to managed service providers (MSP), confirmed that it has been the victim of sophisticated supply-chain cyberattack that compromised its VSA software product, a MSP cloud platform.
After the security incident, several providers and their customers have been affected by a ransomware cyberattack by the REvil/Sodinokibi cybercriminal group.
The patch has already developed and service restoration for local and Saas customers will be gradual, according to security instructions from Kaseya, which is dealing with the problem in collaboration with FBI and CISA.
[Update 11/07/2021] 10 days after the incident, Kaseya has released the security patch, VSA 9.5.7a (9.5.7.2994), which addresses the multiple vulnerabilities that enabled the cyberattack.
-
04/07/2021us-cert.cisa.gov
-
04/07/2021bleepingcomputer.com
-
11/07/2021thehackernews.com
