Former Kaseya workers have alleged that the corporate failed to handle vital safety flaws in its software program a number of occasions between 2017 and 2020.
Earlier this month, risk actors exploited a zero-day vulnerability in Kaseya’s VSA software program to breach a number of managed service suppliers (MSP) and ship ransomware to their downstream clients, numbering in the thousands.
Talking to Bloomberg, the 5 former nameless workers from Kaseya’s software program engineering and improvement division, say the corporate has a historical past of failing to handle safety points.
We’re how our readers use VPNs with streaming websites like Netflix so we are able to enhance our content material and provide higher recommendation. This survey will not take greater than 60 seconds of your time, and you may also select to enter the prize draw to win a $100 Amazon voucher or one in all 5 1-year ExpressVPN subscriptions.
One of the previous workers even believes they have been fired for highlighting “multiple violations of basic cybersecurity practices.”
Skeletons within the cabinet?
The workers allege that not solely is Kaseya software program laced with outdated code, it additionally makes use of weak encryption and passwords, as they accuse the corporate of directing its concentrate on gross sales.
One of the previous workers reportedly despatched a 40-page memo detailing safety considerations, and was dismissed about two weeks later.
Another identified that Kaseya hardly ever patched its software program and saved buyer passwords in clear textual content on third-party platforms, whereas itemizing the corporate’s failure to stick to widespread safety practices.
Alarmingly, a few former workers allege that one of many software program that was problematic and “riddled with [security] problems” was Kaseya VSA.
Kaseya didn’t instantly reply to TechRadar Pro’s electronic mail on the allegations of the previous workers. However, a Kaseya spokesperson declined to handle the accusations when contacted by Bloomberg, citing its coverage of not commenting on issues that contain personnel or an ongoing felony investigation.