430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Kaseya warns customers of ongoing malspam campaign posing as security updates

Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their […]

Kaseya Unitrends

Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates

Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their networks, the messages used malicious attachments and embedded links posing as legitimate VSA security updates.

“As previously communicated, spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.” reads an important notice published by the company.
“Spammers may also be making phone calls claiming to be a Kaseya Partner reaching out to help. Kaseya IS NOT having any partners reach out – DO NOT respond to any phone calls claiming to be a Kaseya Partner.”

The company also reported that threat actors are contacting its customers via phone calls posing as Kaseya partners in charge of helping them after the ransomware attack. Kaseya recommends customers do not click on any links or download any attachments in emails claiming to be a Kaseya advisory.

Recently, researchers from Malwarebytes uncovered a malspam campaign aimed at spreading a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike beacons and establish a backdoor to carry out malicious activities.

The message urges recipients to install the update from microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in VSA solution.

The attackers’ end goal is to deploy Cobal Strike beacons on the recipients’ devices to backdoor them and steal sensitive info or deliver more malware payloads.

Customers have to remain vigilant, threat actors could use the recent incident as a lure and leverage social engineering techniques to trick the victims into installing malware or providing sensitive information.

“DO NOT click on any links or download any attachments in emails claiming to be a Kaseya advisory. However, some customers have subscribed to our support site and, at this point, those automated emails may contain links. As a precaution, be careful with any links or attachments in any emails.” concludes the notice.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, malspam)

[adrotate banner=”5″]

[adrotate banner=”13″]