Hello, welcome to the Tuesday, July 13, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

And we do have a patch now for Kasea VSA.

The patch was delayed a little bit, but it is available now for the software as a service product,

as well as for the on-premise product. Now, the patch does fix all of the issues that were

disclosed to Kasea, and some of these issues again were used in these ransomware attacks.

But the patch also comes with a caveat.

First of all, if you apply the patch or once you applied the patch, you definitely should

apply the patch, you need to reset your passwords and that's because part of a vulnerability being fixed here is a credential.

And I believe passwords are now also stored more securely, so better hashed than they were in the old version.

There are also a number of functionality differences in this new version.

Now I believe that's just for me scanning the advisory, that these changes are due to the

patches, so they're actually addressing these vulnerabilities.

Overall, of course, it's never a good idea to sort of mix up security fixes and functional

changes in particular for a very important patch like this one

that people should roll out as quickly as possible. Cassia also made available for its on-premise

customer, a hardening and best practices guide recommends that you deploy this before you actually deploy the patch.

Part of the two most important parts here of the hardening guide is first of all, make sure

that the server is isolated from the network, and secondly, make sure the server isn't

already compromised.

And they offer a number of tools to check for that. And given what we have heard is you should pretty much assume that every exposed Kasea VSA server was compromised within a couple of hours or so of the initial news.

So yes, your system is probably compromised.

...