SonicWall Patches 3 Zero-Day Flaws govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
Qualys Is the Latest Victim of Accellion Data Breach
Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.
Qualys has become the latest known victim of a data breach at enterprise firewall vendor Accellion that has affected numerous companies including, most notably, retail giant Kroger, law firm Jones Day, and the state of Washington.
In a statement late Wednesday, Qualys confirmed rumors that had been circulating all day about the company s network having been breached. But it provided few details on the nature of the incident or whether it had become a victim of the Clop ransomware strain, as numerous people reported via Twitter on Wednesday.
Emergency patch addresses MS Exchange Server zero-days
Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server
Share this item with your network: By Published: 03 Mar 2021 12:30
Organisations using on-premises versions of Microsoft Exchange Server are at risk of targeted attacks exploiting three newly-disclosed zero-day exploits, which are already being taken advantage of by malicious actors associated with the Chinese state.
The three vulnerabilities, assigned CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 enable threat actors to access victim email accounts and install malware to gain long-term access to their wider environments. According to Microsoft’s Threat Intelligence Center (MSTIC), the campaign is attributed with a high degree of confidence to a group known as Hafnium.
Accellion on January 12 briefly disclosed that attackers had exploited a zero-day vulnerability in its File Transfer Appliance (FTA), a near-obsolete 20-year-old technology that enterprise organizations around the world have been using for years to transfer large files. The vendor said it had learned of the breach in mid-December and issued a patch for it in less than 72-hours. A subsequent and similarly brief update on Feb 1, suggested that the attackers had exploited not one, but several vulnerabilities in FTA, all of which the company said it had closed. Accellion urged FTA customers to switch to the company s newer Kiteworks technology as soon as possible.