A new round of software attacks has raised another red flag concerning supply-chain security and the prevalence of third-party supply-chain targeting. Cybercriminals exploited four zero-day vulnerabilities in Accellion’s File Transfer Appliance (FTA) software, which was nearing End-of-Life (EoL) status, to access Accellion customers’ data. The attacks allegedly began in December 2020, and in the following two months victims received ransom notes from the cybercriminals who operate the “Clop” ransomware. The notes stated that the victims’ data would be exposed unless payments were made. These attacks mark a technical advancement for cybercriminal groups: Supply-chain attacks and exploitation of zero-day vulnerabilities are common, but are more typically the work of state-sponsored groups.
Four zero-day vulnerabilities in Microsoft Exchange Servers have been linked to more than 30,000 cyber atta...
Most Recent Flipbooks
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage
Main story: REvil REturns with new data-leak site
Main story: Russian cyber attacks on Ukraine: Where’s the boom?
Main story: Karakurt Hacking Team moonlights as Conti side business
RaidForums takedown sends cybercriminals scrambling
Carbanak group’s evolution extends to ransomware
Q1 2022: What happened and what lies ahead
Maverick extortionist group Lapsus$ goes after big tech
US executive order pushes for responsible cryptocurrency use
The Russia-Ukraine war has triggered a resurgence of hacktivism around the world
The US government has issued an alert about the Iran-linked "MuddyWater" advanced persistent threat group
Conti ransomware group aims to ascend with new tools, structure
US DoJ arrests shine light on ease and impact of cryptocurrency laundering
Microsoft has announced plans to restrict its product users' ability to manually enable macros in several Office documents