Business Continuity Management / Disaster Recovery , Governance & Risk Management , Patch Management

Kaseya's Unitrends Technology Has Zero-Day Flaws

Researchers Warn: Do Not Expose Technology to the Internet
Kaseya's Unitrends Technology Has Zero-Day Flaws

Researchers are warning of three zero-day vulnerabilities in Kaseya's Unitrends cloud-based enterprise backup and disaster recovery technology.

See Also: Mandiant Cyber Crisis Communication Planning and Response Services

The news comes after a July 2 ransomware attack exploiting flaws in Kaseya's Virtual System Administrator software had a major impact, affecting about 60 managed service provider customers and up to 1,500 of their clients.

In a public advisory, the Dutch Institute for Vulnerability Disclosure says the three zero-day flaws in Unitrends are in versions earlier than 10.5.2. DIVD Chairman Victor Gevers told Information Security Media Group that the organization advises users: "Do not expose the Unitrends servers or the clients (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched these vulnerabilities."

DIVD did not reveal the exact nature of the flaws in Kaseya Unitrends, though Gevers told ISMG: "At this moment, we cannot share more details because we are busy monitoring the progress. There will be an update coming soon. The researchers shared their findings with 68 government CERTs under a coordinated disclosure,Bleeping Computer reports.

Kaseya did not immediately respond to Information Security Media Group's requests for further information on the nature of the flaws and whether they have been exploited.

Detecting Vulnerable Servers

DIVD says it discovered the Unitrends vulnerabilities on July 2 and reported them to Kaseya the next day. It began scanning the internet July 14 for exposed Kaseya Unitrends installations.

"The Dutch Institute for Vulnerability Disclosure performs a daily scan to detect vulnerable Kaseya Unitrends servers and notify the owners directly or via the known abuse channels, Gov-CERTs and CSIRTs, and other trusted channels," the advisory from DIVD states.

Earlier Ransomware Attack

On July 11, Kaseya issued patches for its VSA software that was targeted by the July 2 ransomware attack (see: Kaseya Says Software Fully Patched After Ransomware Attack).

Kaseya first learned of those VSA flaws after being notified by DVID in April (see: Kaseya Raced to Patch Before Ransomware Disaster).

Earlier this week, Kaseya said it obtained the ability to decrypt all systems for victims without paying the REvil gang attackers a ransom. It's working with customers to restore systems (see: Kaseya Says It Paid No Ransom to Obtain Universal Decryptor).

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.