Accellion Supply Chain Hack

2021-03-23 11:32

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide.

There's much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

The governor of New Zealand's central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application - using antiquated technology and set for retirement - had been breached.

Despite having a patch available on Dec. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said.

EDITED TO ADD: It appears spy plane details were leaked after the vendor didn't pay the ransom.

News URL

https://www.schneier.com/blog/archives/2021/03/accellion-supply-chain-hack.html

#hack #supplychain

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Accellion		7	0	22	16	4	42