Search This Blog

Showing posts with label Silicon Valley. Show all posts

A Massive Security Breach for the Silicon Valley Start-Up

 

Verkada, a Silicon Valley security start-up that gives cloud-based security camera services, has witnessed a massive security breach. Hackers accessed more than 150,000 of the organization's cameras, including cameras in Tesla processing plants and warehouses, Cloudflare offices, Equinox gyms, medical clinics, prisons, schools, police stations, and Verkada's own offices, Bloomberg reports. 

As indicated by Tillie Kottmann, one of the members of the international hacker collective that breached the system, the hack was intended to demonstrate how effectively the organization's surveillance cameras can be hacked. In addition to the live feeds, the group likewise professed to have had access to the full video archive of all of Verkada’s customers. In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what had all the earmarks of being eight hospital staff members tackling a man and pinning him to a bed. Halifax Health is highlighted on Verkada's public-facing site in a case study entitled: “How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System.” 

In a statement to Bloomberg, a Verkada representative told: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this potential issue.” Following Bloomberg's request to Verkada, the group lost access to both the organization's live feeds and archives. 

The hack was relatively simple: the group figured out how to acquire "Super Admin"- level access to Verkada's system employing a username and password they found publicly on the internet. From that point onwards, they were able to access the entire company’s network, including root access to the cameras which, thus, permitted the group to access the internal networks of some of Verkada’s customers. 

The organization has likewise experienced harsh criticism in the past for allegations of sexism and discrimination after an incident in 2019, wherein a sales director utilized Verkada's office surveillance cameras to harass female associates by secretly photographing and posting pictures of them in a company Slack channel. Accordingly, Verkada's CEO offered individuals from the Slack channel a decision between leaving the organization or having their stock options cut.

Sequoia Capital Told Investors it was Hacked

 

Sequoia Capital told its investors on Friday that some personal and financial data may have been accessed by a third party after one of its employees succumbed to a successful phishing assault, as per a report of Axios. Sequoia Capital is one of Silicon Valley's most seasoned and most successful venture capital firms with more than $38 billion in assets under management, as per Pitchbook data. The 49-year-old venture capital firm has invested in organizations like Airbnb, DoorDash, and 23andMe. It has likewise put resources into cybersecurity organizations like FireEye and Carbon Black, as indicated by its site. 

Sequoia was established by Don Valentine in 1972 in Menlo Park, California. During the 1990s, Valentine gave control of the organization to Doug Leone and Michael Moritz. In 1999, Sequoia extended its tasks to Israel. Sequoia Capital China was set up in 2005 as an offshoot to the U.S. firm. The organization is driven by Neil Shen. In 2006, Sequoia Capital procured Westbridge Capital Partners, an Indian venture capital firm. It later was renamed Sequoia Capital India. CB Insights perceived Sequoia Capital as the main funding firm in 2013. The U.S. firm had 11 accomplices as of 2016.

Sequoia told investors that it has not yet seen any sign that undermined data is being exchanged or in any case misused on the dark web, Axios reported. A Sequoia representative affirmed on Saturday that it had "recently experienced a cybersecurity incident" that its security team was investigating. It had additionally notified law enforcement and was working with outside cybersecurity experts, the firm said.

A Sequoia spokesperson said, "We recently experienced a cybersecurity incident. Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems." He also said, "We regret that this incident has occurred and have notified affected individuals. We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats."

It doesn't create the impression that the hack was associated with the Solarwinds assaults, which incorporated a bigger breach of FireEye and has affected government agencies and large technology companies like Microsoft.