Kaseya left a customer portal vulnerable to its own software flaws in 2015 – Security Krebs

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Last week, cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. An attacker has exploited a software vulnerability. KasayaA Miami-based company offering products that help system administrators manage large networks remotely. Today, Kaseya’s customer service portal appears to have remained vulnerable until last week to a data breach security flaw that was first identified in the same software six years ago.

July 3, REvil Ransomware Affiliate Program Started using zero-day security holes (CVE-2021-30116) Deploy ransomware to hundreds of IT management companies running Kaseya’s remote management software Kaseya virtual system administrator (VSA).

according to This entry for CVE-2021-30116, A security flaw affecting a zero-day attack on the Kaseya VSA was assigned to the vulnerability number on April 2, 2021 and indicates Kaseya. It took about 3 months to address the bug before it was actually exploited..

Also, on July 3rd, a security incident response company Mandiant Notified Kaseya of their billing and customer support site —portal.kaseya.net — Was vulnerable CVE-2015-2862, Kaseya VSA’s “directory traversal” vulnerability. Remote users can read any file on the server using only a web browser.

As the name implies, CVE-2015-2862 was published in July 2015. Six years later, Kaseya’s customer portal was still vulnerable to data breaches.

Kaseya Customer Support and Billing Portal. Image: Archive.org.

Mandiant notified Caseya after hearing from Alex Holden, Founder and Chief Technology Officer of Milwaukee-based cyber intelligence company Keep security..According to Holden, the 2015 vulnerability was present on Kaseya’s customer portal until Saturday afternoon, on the site. “Web.config” fileA server component that often contains sensitive information such as usernames and passwords, and the location of major databases.

“I haven’t forgotten to patch what Microsoft fixed many years ago,” Holden said. “It’s a patch for their own software. And it’s not a zero-day. It’s from 2015!”

According to the official description of CVE-2015-2862, a potential attacker user…

Source…