ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

ABB Cylon Aspect 3.07.01 config.inc.php Hard-coded Credentials in phpMyAdmin Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

Serious vulnerabilities found in ITarian software, patches available for SaaS products

Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service SaaS is a software distribution model in which a cloud provider hosts...

Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach

It must not be easy to work at Kaseya right now. While they are working as hard as they can to help customers, and customers of their customers, recover from the REvil ransomware attack at the beginning of July, a new vulnerability in their software has been disclosed. As a sidenote, Kaseya...

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution RCE and authenticated privilege escalation on the client-side. The Dutch Institute for Vulnerability Disclosure DIVD on Monday issued a public advisory warning that the service and clien...

“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers, Lock and Code S02E13

Kaseya VSA included at least “seven or eight” privately known zero-day vulnerabilities before it suffered a widespread ransomware attack that impacted hundreds of businesses, said Victor Gevers, chair of the Dutch Institute for Vulnerability Disclosure, or DIVD, a volunteer-run organization that...

Kaseya Patches Zero-Days Used in REvil Attacks

Kaseya made good on its promise to issue patches by July 11. On Saturday, the company behind the Virtual System/Server Administrator VSA platform that got walloped by the REvil ransomware-as-a-service RaaS gang in a massive supply-chain attack released urgent updates to address critical zero-day...

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator VSA solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain...