Per @HuntressLabs, it looks like there's an authentication bypass on the @KaseyaCorp VSA server that allowed the threat actor to issue commands from the server.
old.reddit.com/r/msp/comments/oc…
3
33
1
68
Reminds me of the SaltStack vulnerability from last year. But unfortunately concentrated through some good sized MSPs.
Jul 5, 2021 · 1:04 AM UTC
1