- #ACCELLION FILE TRANSFER APPLIANCE UPDATE#
- #ACCELLION FILE TRANSFER APPLIANCE SOFTWARE#
- #ACCELLION FILE TRANSFER APPLIANCE SERIES#
Most importantly, the unpredictability of zero-days must be confronted with an active and continual approach to security.
#ACCELLION FILE TRANSFER APPLIANCE UPDATE#
These require not only an early update in the customers’ yards, but the vendor must provide then them with one. Nevertheless, it is remarkable by exploiting zero-day vulnerabilities instead of conventional and easy-available techniques. The case seems like a sophisticated example of a financially motivated fraud scheme. Researches anyhow remain skeptical about a definite attribution, since FIN11 tends to rely on phishing as an initial attack vector. It is a known cybercrime group, which has been deploying Clop since the last year. The investigators identified overlays in the infrastructures of the FTA zero-day exploitation and the data theft campaign of FIN11. Some of them have already found their data breached on the Clop ransomware gang. Around 25 organizations received an extortion email demanding payment in Bitcoin unless they wanted their documents published. Part of an Extortion SchemeĪ hundred subjects fell victim to the malicious intentions of hackers in the attack, including critical infrastructure operators or government bodies. The customers will need to switch to a new solution afterwards. Nevertheless, the company announced that the legacy file-sharing product will be reaching the end of its days by April 2021.
#ACCELLION FILE TRANSFER APPLIANCE SERIES#
LIFARS’ Incident Response and Digital Forensic team of professionals will effectively manage data breach response, examine digital evidence and compromised systems for forensic artifacts of threat actor actions, lateral movement, and data exfiltration.Īccellion has patched all the file transfer security gaps in a series of updates, while versions FTA_9_12_432 and later should now be secured. It also included a clean-up function, but analysts can verify records of a compromise in Apache and system access logs. Web shell granted a path to access and download files from victims’ internal databases. They pursued by writing a web shell named DEWMODE to a system, although research still did not uncover how. Initially, the attackers SQL-injected the application’s servers to remotely execute commands. CVE-2021-27104 – OS command execution via a crafted POST request.CVE-2021-27103 – SSRF via a crafted POST request.CVE-2021-27102 – OS command execution via a local web service call.CVE-2021-27101 – SQL injection via a crafted Host header.
#ACCELLION FILE TRANSFER APPLIANCE SOFTWARE#
No wonder the interest – the two-decades-old software server has been carrying oodles of customer data.Īltogether three critical and one highly severe security flaw can be tracked in the list of common vulnerabilities and exposures accordingly: As found out later, the file transfer security compromise was a part of a broader, coordinated attack. Back in December 2020, a software vendor Accellion informed about an actively exploited zero-day vulnerability in its File Transfer Appliance (FTA).
0 kommentar(er)
