Application Security , Governance & Risk Management , IT Risk Management
Company Should Have Retired Legacy File Sharing App Sooner Jeremy Kirk (jeremy_kirk) • February 3, 2021 New Zealand's Reserve Bank is one victim of a breach involving Accellion's FTA product. (Source: Wikimedia Commons)Several data breaches stemming from unpatched vulnerabilities in Accellion's File Transfer Appliance have been revealed. What went wrong? Where does the fault lie? And what can organizations do about it?
See Also: Defining and Refining Next-Gen AML
It’s not a straightforward story, and it points to problems around balancing use of an aging software product with risk, a reluctance to move onto a newer platform and internal patching hiccups.
It’s prudent for those still using Accellion's FTA to wean themselves off of it if possible.
To recap: Accellion, a privately held company based in Palo Alto, California, developed the File Transfer Appliance as a secure way to overcome limits imposed on the size of email attachments. Recipients get links to files hosted on the FTA, which can then be downloaded.
The product is nearly 20 years old, yet it's still used by hundreds of organizations in the finance, government and insurance sectors to transfer sensitive files. Accellion prides itself on secure file sharing, so the appliance – given its age and wide use – is a juicy target. Over the last seven weeks or so, several SQL and other ..
Support the originator by clicking the read the rest link below.
