resident of North Carolina is accused of organizing a fraudulent scheme that was disguised as…
Accellion later introduced improved products like Kiteworks with new features and enhanced security, but many organizations continue to use the Accellion FTA to this day.
As the Accellion FTA code became obsolete, vulnerabilities began to be discovered in it, which the researchers privately reported to the manufacturer. Typically, the company managed to fix them before attackers could take advantage of them.
However, in December last year, cybercriminals managed to find an unpatched vulnerability in the software and through it attacked organizations around the world. The victims of the cyberattacks were the Central Bank of New Zealand, the law firm Allens, the University of Colorado, the Singapore telecommunications company Singtel, etc.
“Attackers performed SQL injections, deployed a web shell and through it entered IT networks and stole files stored in Accellion FTA installations”, – says the report of the information security company Guide Point Security.
As Accellion stated in a January 11 press release, the company became aware of a zero-day vulnerability in its product being exploited by hackers and released an emergency fix. At that time, according to the company, the zero-day vulnerability was exploited in attacks on fewer than 50 Accellion FTA users, but according to experts, this statement is too optimistic.
“The company didn’t bother to notify its users of the problem. Not only did the patch come out on Christmas night, when IT staff at most companies were away from work, Accellion has not issued any security notices or assigned a CVE to the vulnerability”, – Risky Business reports.
After returning to work after the holidays, many IT specialists did not even realize that a critical update had been waiting for installation for several days.
Two days after the press release, Accellion posted a PDF on its website announcing the formal end of support for Accellion FTA on April 30, 2021. After that date, the company will not honour renewal requests for FTA device licenses.
Let me also remind you that researchers discovered in Google Cloud, AWS, and Azure Explore 34 Million Vulnerabilities.
Downloads-adblocker.com is a site that tries to force you into subscribing to its browser notifications…
Oohpicmuch.live is a domain that tries to force you into subscribing to its browser notifications…
Tolakibs.xyz is a site that tries to force you into subscribing to its browser notifications…
Makejugash.live is a site that tries to force you into subscribing to its browser notifications…
Nifadorb.xyz is a site that tries to trick you into subscribing to its browser notifications…
Web-amanda.com is a site that tries to force you into subscribing to its browser notifications…
View Comments
[…] outdated product, and urged their customers to migrate to the new Kiteworks platform. The company recently announced that it would finally end support for the FTA on April 30, […]