The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government organizations as well as private industry organizations…
Category: Of Note
SolarWinds hackers targeted NASA, Federal Aviation Administration networks
Zack Whittaker reports: Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies. The two agencies were named by the Washington Post on Tuesday, hours ahead of a Senate Intelligence Committee hearing tasked with…
Fake whistleblower sentenced to federal prison for trying to frame a former acquaintance for violating patient privacy
This is a bit different. From the U.S. Attorney’s Office, Southern District of Georgia: A Rincon man who portrayed himself as a whistleblower while falsely accusing a former acquaintance of violating patient privacy has been sentenced to federal prison. Jeffrey Parker, 44, of Rincon, Ga., was sentenced to six months in prison by U.S. District…
NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites
Hunton Andrews Kurth writes: On February 16, 2021, the New York Department of Financial Services (“NYDFS”) issued a Cyber Fraud Alert (the “Alert”) to regulated entities in light of a growing campaign to steal Nonpublic Information (“NPI”), as defined under New York law, from public-facing websites that provide instant quotes for products like auto insurance (“Instant Quote…
Follow-up: Data from the Toledo Public Schools attack by Maze reportedly being misused
In September, DataBreaches.net reported that Maze threat actors claimed to have attacked an Ohio public school district, but the district was not responding to inquiries from this site about the claims. One month later, this site named the district as Toledo Public Schools and reported that while Maze had dumped files with student and employee…
FireEye and Accellion provide more details on attack
Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta of FireEye write: Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations…