203 matches found
CVE-2019-14510
An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx e.g., FSAdmin123456789 on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed...
CVE-2019-15506
An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...
kernel: vt_ioctl: fix array_index_nospec in vt_setactivate
A vulnerability was found in the Linux kernel's vtioctl subsystem, where the vtsetactivate function can lead to a transient integer underflow due to improper handling of the vsa.console value. The vulnerability arises when an out-of-bounds value is decreased before being sanitized using...
kernel: vt_ioctl: fix array_index_nospec in vt_setactivate
A vulnerability was found in the Linux kernel's vtioctl subsystem, where the vtsetactivate function can lead to a transient integer underflow due to improper handling of the vsa.console value. The vulnerability arises when an out-of-bounds value is decreased before being sanitized using...
Kaseya VSA Master Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...
SUSE CVE-2022-48804
In the Linux kernel, the following vulnerability has been resolved: vtioctl: fix arrayindexnospec in vtsetactivate arrayindexnospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console...
The vulnerability of the /InstallTab/exportFldr.asp component of the Kaseya VSA software, a virtual system administrator tool for IT systems, allows a hacker to execute arbitrary SQL code.
The vulnerability of the /InstallTab/exportFldr.asp component of the Kaseya VSA software for remote monitoring and management of IT systems is related to the lack of protection for the SQL query structure during the processing of the fldrId parameter. Exploiting this vulnerability allows an...
Ransomware review: April 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...
Threat Source newsletter (April 6, 2023) — Another friendly reminder about supply chain attacks
Welcome to this weeks edition of the Threat Source newsletter. It seems like we cant go a full calendar year without a major supply chain attack. In late 2020 we had the SolarWinds incident which, doesnt that somehow seem like five years ago but also yesterday?, then the REvil ransomware group...
NetStandard attack should make Managed Service Providers sit up and take notice
Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...
NetStandard attack should make Managed Service Providers sit up and take notice
Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...
The vulnerability of the ManagedIT.asmx component of the ConnectWise ManagedITSync plugin in the Kaseya VSA IT-infrastructure management platform allows a attacker to execute arbitrary SQL commands.
The vulnerability of the ManagedIT.asmx component of the ConnectWise ManagedITSync business management platform is related to the lack of validation for the validity of XML objects’ sequences. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL commands through th...
CVE-2022-29084
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account...
Kaseya VSA SQL Injection Vulnerability
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database...
Kaseya VSA < 9.3.0.35 / 9.4 < 9.4.0.36 / 9.5 < 9.5.0.5 RCE
The version of Kaseya VSA installed on the remote host is affected by a remote code execution vulnerability. Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January...
Kaseya VSA Remote Code Execution (CVE-2018-20753)
A remote code execution vulnerability exists in Kaseya VSA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Ransomware: April 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service RaaS groups—Onyx, Mindwar...
CVE-2022-29085
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges...
Kaseya VSA Remote Code Execution Vulnerability
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices...
The three most significant cyberattacks of 2021
People that predict tomorrow’s weather by looking at today’s are often right. Cloudy today? Itll probably be cloudy tomorrow. The same is often true for cybersecurity threats. Looking back at 2021 it looks a lot like 2020: A lot of ransomware attacks. So, when I was asked to write about the three...