![]() The office cited exemptions that “disclosure of the record would reveal vulnerabilities to, or otherwise increase the potential for an attack on, an information technology system of a public agency” and that “the public interest served by not disclosing the record clearly outweighs the public interest served by disclosure of the record.”Īccording to UCOP’s response, it is in the public interest to “protect the integrity of the University’s IT security systems and to protect against future efforts to gain access to systems” by withholding the data. The UCOP CPRA office responded to the Nexus’ CPRA request on May 11 and declined to provide records. Both parties refused to comply with the request. In accordance with California’s Public Records Act (CPRA), the Nexus submitted a request to both the UC Office of the President (UCOP) and UC Santa Barbara CPRA offices on May 10, 2021, asking for the offices to provide any and all internal university communication that discusses or mentions the UC Accellion data breach. Get notified when a critical zero-day vulnerability is disclosedįree for 12 months for 1 corporate domain and 100 auto-discovered digital assets.The hack, which targeted a vulnerability in the Accellion file transfer appliance used by the UC, leaked personal information such as social security numbers and personal addresses of students, staff, faculty and applicants across the UC system.Monitor your domain name on hacked websites and phishing databases.Check if your IP addresses tagged as malicious.Discover your unknown hacker-exposed assets.With SOCRadar® Free Edition, you’ll be able to: If you continue to use this application after it has reached its end-of-life date, you are putting your company in danger. The vendor no longer supports this program and will no longer receive security fixes. Security pros strongly advised not to utilize Accellion’s file transfer appliance app. How Can You Prevent The Accellion Vulnerability? FTA 9 12 380 and later are the fixed versions. CVE-2021–27104 - OS command execution via a crafted POST request to different admin endpoints affects Accellion FTA 9 12 370 and earlier.Accellion FTA 9 12 411 and earlier are vulnerable to SSRF via a crafted POST request to wmProgressstat.html. FTA 9 12 416 and later are the fixed versions. CVE-2021–27103 - Accellion FTA 9 12 411 and earlier are vulnerable to SSRF via a crafted POST request to wmProgressstat.html.CVE-2021–27102 - OS command execution through a local web service call affects Accellion FTA 9 12 411 and earlier.CVE-2021–27101 - SQL injection through a forged Host header in a request to document root.html affects Accellion FTA 9 12 370 and earlier.In connection with the Accellion breach, the following CVEs have been published: Following that, a patch was provided to address the vulnerability. Threat actors extort money from businesses by threatening to sell their data online if they do not pay the ransom.Īlthough Accellion issued a patch in December 2020, it was insufficient to prevent a second assault in January 2021. The attack appears to be primarily motivated by financial gain. Threat actors used a combination of zero-day exploits and a new web shell to target Accellion’s legacy file transfer application (FTA). Threatpost, February 22, 2021.Īs a result of the cyberattack, Accellion must face a series of lawsuits on its own after a federal judicial body denied consolidation. The Cybercriminal Group Behind the Accellion Attack: Researchers have identified a group of threat actors (UNC2546 and UNC2582) with ties to the FIN11 and Clop ransomware gangs as the cybercriminal group responsible for the Accellion attack. Between December 2020 and January 2021, Accellion patched various vulnerabilities. Accellion Vulnerabilities FoundĪ zero-day exploit was discovered in the Accellion File Transfer Appliance product in December 2020. Baring Private Equity Asia and Bregal Sagemount are two major investors. ![]() More than 3,000 multinational enterprises, government organizations, hospitals, and colleges use the company’s enterprise content firewall. Accellion specializes in file sharing and collaboration software that is safe and secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |