Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Kaseya staff warned of security weaknesses years ago

Image Description

Former Kaseya staff have alleged that the company failed to address critical security flaws in its software several times between 2017 and 2020.

Earlier this month, threat actors exploited a zero-day vulnerability in Kaseya's VSA software to breach several managed service providers (MSP) and deliver ransomware to their downstream customers, numbering in the thousands.

Talking to Bloomberg, the five former anonymous employees from Kaseya’s software engineering and development department, say the company has a history of failing to address security issues.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

One of the former employees even believes they were fired for highlighting “multiple violations of basic cybersecurity practices.”

Skeletons in the cupboard?

The employees allege that not only is Kaseya software laced with outdated code, it also uses weak encryption and passwords, as they accuse the company of directing its focus on sales.

One of the former employees reportedly sent a 40-page memo detailing security concerns, and was dismissed about two weeks later. 

Another pointed out that Kaseya rarely patched its software and stored customer passwords in clear text on third-party platforms, while listing the company’s failure to adhere to common security practices.

Alarmingly, a couple of former employees allege that one of the software that was problematic and “riddled with [security] problems” was Kaseya VSA. 

Kaseya didn’t immediately respond to TechRadar Pro’s email on the allegations of the former employees. However, a Kaseya spokesperson declined to address the accusations when contacted by Bloomberg, citing its policy of not commenting on matters that involve personnel or an ongoing criminal investigation.

Date

12 Jul 2021

Sources


Share


Other Blog

  • Why Wordle #270 was so hard, according to the experts

    Another day, another irksome Wordle conundrum. Like puzzle #265 before it, puzzle #270 proved a particularly tricky beast for players around the world to reckon with – but not for the same reasons as its predecessor. 

    Once again, TechRadar spoke to Dr Matthew Voice, an Assistant Professor in Applied Linguistics at the UK’s University of Warwick, to find out the granular details behind the problematic answer. We also heard from Shaun Savage, Editor in Chief at Try Hard Games Guides, for more on the troublesome term.

    Naturally, we’ll be divulging the solution to previous Wordle puzzles below, so proceed with caution if, for some reason, you want to stay in the dark.  

    So, ladies and gents, the Wordle answer in question was CATER. Granted, that’s decidedly more obscure than WATCH (puzzle #265), but it’s not exactly a term that demands you dig out a dictionary. 

    Dr Voice previously explained to us that WATCH was a prime example of an n-gram, i.e. a group of letters of a length (n) that commonly cluster together. Again, CATER ends with an n-gram with a length of four letters – a quadrigram – which presents similar problems, on top of some extra word-specific difficulties. 

    It's all in the morphology

    “Looking back at Project Gutenberg's list of common n-grams,” Dr Voice tells us, “you can really see why getting some of today's letters in place isn't necessarily narrowing down the possibilities. ER is the fourth most common combination of any two letters in the whole of the English language, it seems, and TER the twelfth most common combination of three.”

    “That said,” he adds, “I also think it's interesting to think about why 'cater' might not seem like an immediately obvious option to everyone who's got the point of finding _ATER. The answer to this might be to do with our expectations about morphology – the way we combine together different parts of language to make new words.”

    Morphology. Right, we’re following. 

    “ER is a very common bigram partly because '-er' is a highly productive suffix in English. It can be added to the end of most verbs in order to make a new noun, usually to describe someone or something doing the original verb. So 'report' becomes 'reporter' and 'play' becomes 'player', for example.”

    “So we might associate an '-er' ending with nouns in particular. The data for the eleven options to fill the last slot in _ATER bears this out, too: nine of them are nouns, with one adjective ('later') and our solution, 'cater', being the only verb in the group. Players caught thinking of 'verb + -er' words might have overlooked this exception.”

    So there you have it, Wordle-ers. CATER was tricking you with its sneaky bigram, which was subsequently encouraging the mind to think of 'verb + -er’ words (which, of course, does not account for the existence of ‘cater’). 

    This is what we learned from Shaun Savage, Editor in Chief at Try Hard Guides, on the matter of puzzle #270’s internet infamy: “While we definitely see more traffic on days where people need help figuring out what possible words the answer could be – with _ATER, people have a few words that likely came to mind! – we have seen the answer post trend higher in these instances, same with 'watch' and 'dodge'.”

    “This past week's words haven't been too offbeat,” Savage adds. “We have seen steady traffic, but no mega surges like we have for a few words (‘vivid’ comes to mind) that are harder to figure out. The situation with _ATER, though, is that there are lots of possibilities, and all of them fit without specifically trying to eliminate more consonants.”

    Well then, that was two tricky terms in the space of five days. Come on, Wordle, give us and our broken streaks a break...

    Read More
  • AMD Ryzen 5 5600X leaked benchmarks destroy Intel Core i5-10600k

    The new Ryzen 5 5600X multi-core performance is nearly as fast as the Ryzen 7 3700X and blows away the Intel Core i5-10600K across the board.

    Read More
  • Apple M1 successor tipped to bring significant gains to the MacBook Pro 16-inch (2021)

    Thought that the Apple M1 was impressive? New leak suggests big improvements will come on the MacBook Pro 16-inch with the Apple M1X.

    Read More
  • Wix is giving fitness firms the chance to flex

    Top website builder Wix has redeveloped its fitness-focused platform aimed at helping support personal trainers, gyms and multi-location studios.

    The upgraded Wix Fit platform includes tools to help fitness professionals manage and grow their business, as well as engage with their customers online.

    There’s also  the ability to manage classes and calendars from one dashboard, accept online bookings, and receive payments via Wix Payments and other providers.

    Wix Fit

    Wix Fit was originally launched in 2019, with the upgrade following development in line with the industry’s shift to a hybrid fitness model following the pandemic. 

    Its newest integrations include extended virtual, marketing and payment capabilities, but also live-streaming virtual workout sessions, online workout challenges and allowing fitness professionals to sell or rent their fitness content on demand through bundle packages or membership services.

    Wix Fit users also have automatic access to Wix’s native mobile apps. With the app, the ability to book classes, access virtual content and track performance with trainers and other studio members is available to users of Wix Fit.

    The company says that since the beginning of 2020, 44% of Wix Fit businesses that have been created are either hybrid or completely virtual.

    “Running a fitness business today is dynamic and constantly evolving, and we’re proud to provide fitness professionals with a complete solution to manage their business and drive growth for their brand,” said Head of Wix Fit, Sarig Reichert.

    “In today’s landscape, fitness professionals need to be able to pivot at any time, and the industry is heavily leaning into more hybrid approaches to working out. Wix Fit was designed alongside professional trainers and studio owners in order to meet their needs and demands and provides them the opportunity to maximize their footprint on both web and mobile, engage with customers virtually and run their brick and mortar to ultimately future-proof their business.” 

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us