Hacker Exposes MSP Platform Vulnerability
A security researcher has found zero day vulnerabilities granting administrative access to managed service provider (MSP) platforms used by the likes of Ferrari, the US Air Force and government agencies.
The flaws existed in enterprise managed services providers Kaseya and ManageEngine and were revealed in a demonstration given at the Kiwicon 6 security conference in Wellington. SC contacted the companies for comment.
Kaseya president Mark Sutherland said the company was investigating the flaw. "Kaseya always welcomes hearing directly from anyone who thinks they have found a hole, or have shown an exploit (as in this case), or is just worried about security of our system," Sutherland told SC. "We take this extremely seriously and drop everything to re-mediate the problem as soon as we hear of it. Typically we get a patch out within a day or two."