If you use Kaseya beware!
I've got clients pulling backup tapes out of machines and out of rotation to air gap them!
Independence Day!
Printable View
If you use Kaseya beware!
I've got clients pulling backup tapes out of machines and out of rotation to air gap them!
Independence Day!
I worked for a Cloud provider years ago that used Kaseya for internal server management and also for external client endpoint management for those that wanted it.
Can't say I'm surprised by this. IT Security is losing battle as long as there is an internet connection. Everything has exploitable flaws, and almost certainly a non-trivial percent of those flaws are created intentionally by government agents (both foreign and domestic) working undercover for major software companies.
There needs to be a massive move by all industries to isolate their computers to local LAN's/WAN's and cut off connection to the internet. It is a huge undertaking and is unbelievably time consuming and inconvenient to do so, but something drastic needs to be done.
My two cents.
"you pays your money and you takes your choice"
I don't know the product, but it doesn't sound like that's what it is for.
As far as security goes, the number one problem is incompetent box jockeys. I remember when they raised they pay scale to the same as software developers. And yet I was always getting called in to solve problems for them with some gimcrack "administration" tool they'd bought and dumped to fend for itself on a server.
Normally it was just a matter of reading the documentation and doing exactly as outlined For Dummies. Well, assuming they hadn't thrown it all out with the box it came in.
Low literacy is an even bigger problem with these computer janitors than it is with programmers. Most seem to get their jobs through nepotism and the better ones might have some sort of Associates Degree in Basket Weaving.
However in this case it sounds like a real security loophole in the software. I wouldn't know, nobody is paying me to go read that article. I don't make monkeys, or even try to train them anymore.
I worked for a software company for twenty years. Every year or two, I'd see some things that made my head spin... I'd have to get with the boss and get a reminder about exactly where the line is....Quote:
It's not my circus - it's not my monkey
If I felt that their IT company was overly stupid - I'd share my thoughts.
Kaseya allows for server and end-point management. My client has an outside tech company that uses Kaseya for managing the before-mentioned devices.
They dodged a bullet this week - those Kaseya servers that got compromised did bad stuff.
Kaseya has 40,000 customers - and 1000 have been hit hard.
Don't worry, Biden is on the case. 'Cause, doncha know, Russia.
Bears. Beats. Battle Star Galactica.
Ohhhhhhhhhh yeah.
I work for a pretty big international company. We have software called BlackIce that caught and isolated it here locally. A couple of servers are still off line but it stopped there.
1500 servers and one million end points! Wow is all I can say.
They used the ability to upload a JPG containing the malware and then SQL injection in an old .ASP page to get said malware to execute.
Yes - .ASP - not .ASPX.
IMO, if you are a major player in security management, patch management and remote end point manipulation you should be rebuilding your ENTIRE stack CONSTANTLY.
Just like you were some kind of jet - rebuild the entire plane every x-number of years!
Are we all using the latest version of our libraries? I know I am not - and I need to address that!
I literally found out last week that it is theoretically possible to inject JPGs with malware. I never knew this nor was I aware of its practical applications.
That made me curious...here is an example of it (conceptually)
https://umbrella.cisco.com/blog/pict...-hides-malware
To add salt to the wound, just last week MS owned up to another attack vector - the common printer spooler service.
https://www.techrepublic.com/article...emote-attacks/
And of course anyone using Kaseya for end-point management is unable to push out the patch!
Considering the level of (non-chit-chat related) activity in this thread, I've moved this to General PC.
If I tell a few jokes will you move it back :D
My two cents, no matter how secure the software or hardware, if the end user can somehow be manipulated... And, I love forums...
So much Internet crime. It seems to be everywhere:
And yes, that is a real post that was made with a straight face.Quote:
I just had somebody contact me about mail order spirit companions that do not turn up and the people behind it, will just tell them they are too blocked to know they are there.
Please do not get scammed. Sadly there are so many people in the world that will take advantage of others and rip them off.