Kaseya has disclosed a dozen vulnerabilities with its Unitrends backup and disaster recovery (BDR) software platform. To mitigate the potential security issues, MSP partners and end-customers should “take immediate action to update to the latest release of the Unitrends software and all agents to the latest version,” Kaseya said in the disclosure.

In the Kaseya alert to partners and customers, Unitrends thanked CyberOne and DIVD for disclosing the vulnerabilities.

The Kaseya-Unitrends security disclosure and guidance comes roughly five months after a REvil ransomware attack hit Kaseya VSA, an RMM (remote monitoring and management) software platform for MSPs. That July 2021 attack hit roughly 50 MSPs and 1,500 down-stream customers, but did not spread to Kaseya’s other software products. The alleged VSA hacker was charged with the attack in November 2021.

After the VSA attack, Kaseya hired FBI veteran Jason Manar as CISO (chief information security officer) to further bolster and manage the company’s cyber defenses and response coordianation.

ChannelE2E learned of the Unitrends vulnerabilities and fixes from Andrew Morgan, founder of The Cyber Nation, a social network for security-mind MSPs and MSSPs.