One thing of note is that while CVE-2021-30116 appears to have been part of the attack, there were other vulnerabilities that neither Kaseya or anyone else besides the threat actors were aware of prior to July 2nd 2021 that were used in this attack. Huntress put on a webinar today July 6th 2021 (after I published this video) and offered up a demo using proof of concept code they wrote to prove how the attack worked and it did require more than what was outlined in the CVE-2021-30116. Once that video becomes available I will be posting links here.
Huntress Blog Post
Kaseya Incident Overview & Technical Details
Kaseya Vulnerability Disclosure Policy
(They make a point they are NOT currently participating in a bug bounty program)
Darknet Diaries EP 87: GUILD OF THE GRUMPY OLD HACKERS
Darknet Diaries EP 88: VICTOR
ConnectWise Control: Vulnerabilities & Responsible Disclosure By Bishop Fox and Huntress Labs
The Solarwinds Orion SUNBURST Attack Timeline
- Hire Us For A Project: Hire Us - Lawrence Technology Services
- Tom Twitter https://twitter.com/TomLawrenceTech
- Our Web Site https://www.lawrencesystems.com/
- Our Forums https://forums.lawrencesystems.com/
- Instagram https://www.instagram.com/lawrencesystems/
- Facebook Redirecting...
- GitHub lawrencesystems (Lawrence Systems) · GitHub
- Discord https://discord.gg/ZwTz3Mh
Amazon Affiliate Store
All Of Our Affiliates that help us out and can get you discounts!
Gear we use on Kit
Try ITProTV free of charge and get 30% off!
Learn technology and pass IT certifications with ITProTV
Use OfferCode LTSERVICES to get 10% off your order at
Digital Ocean Offer Code
HostiFi UniFi Cloud Hosting Service
Protect you privacy with a VPN from Private Internet Access
#Kaseya #Ransomware #CVE-2021-30116