This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| less than a minute read

Kaseya Worked for Months to Patch Security Flaws

According to reporting in Data Breach Today, Kaseya was aware of vulnerabilities in its VSA solutions and worked for months to patch those security flaws.

Those vulnerabilities came to light over the July 4 holiday weekend when Kaseya disclosed that it had to disable its VSA solution in response to a coordinated ransomware attack on its customers. 

The reporting describes how researchers with the Dutch Institute of Vulnerability Disclosure, or DIVD, found seven vulnerabilities, six of which affected the software-as-a-service and on-premises versions of VSA and one of which only affected the on-premises version.

DIVD claims that it notified Kaseya of the vulnerabilities on April 6 and that Kaseya began developing and implementing security patches in May and June.

Frank Breedijk, one of the DIVD researchers, was complimentary of Kaseya's actions, saying, "Kaseya’s response to our disclosure has been on point and timely."  Nevertheless, DIVD's publication of its research notes is important because it shows Kaseya's awareness of the vulnerabilities of its products for nearly two months before the ransomware attack became public.

Global software vendor Kaseya worked in earnest for three months to resolve flaws in its VSA monitoring and management software but ultimately lost the race with ransomware attackers, Dutch researchers say.


cybersecurity, data security, data privacy, kaseya, ransomware, data security and privacy, insights, wilson_jonathan

Tweets on this subject