Kaseya Releases Fixes for the 3 Remaining Flaws

On Sunday, Kaseya issued software updates to address major vulnerabilities in its Virtual System Administrator (VSA), according to The Hacker News. The flaws were used as a launchpad for attacks on over 1,500 companies globally in what may be the most aggressive supply chain ransomware attack to date.  At the time of the attack, Kaseya had no choice but to ask its customers to shut down their servers until the problem was fixed. The updated version of the VSA (9.5.7.2994) fixes three new vulnerabilities: CVE-2021-30120 - two-factor authentication bypass, CVE-2021-30119 - cross-site scripting vulnerability, CVE-2021-30116 - credential leak, and ...