Security News > 2021 > March > Accellion Supply Chain Hack

Accellion Supply Chain Hack
2021-03-23 11:32

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide.

There's much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

The governor of New Zealand's central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application - using antiquated technology and set for retirement - had been breached.

Despite having a patch available on Dec. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said.

EDITED TO ADD: It appears spy plane details were leaked after the vendor didn't pay the ransom.


News URL

https://www.schneier.com/blog/archives/2021/03/accellion-supply-chain-hack.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Accellion 6 0 15 7 13 35