|
Cyber Daily: Hack of Software Provider Accellion Sets Off Global Ripple Effects
|
|
|
|
|
|
Hello. In the five weeks since tech firm Accellion disclosed one of its file-transfer tools was hacked, customers ensnared in the incident have struggled to figure out the extent of the damage. Their investigations reveal events that differ from Accellion's public statements, WSJ Pro's David Uberti reports.
Other news: Facebook's steps to curb collection of personal data aren't enough for a New York regulator; Microsoft says SolarWinds hackers viewed and downloaded segments of its source code.
Weekend reading: The mishmash that is privacy regulation; North Korea implicated in cryptocurrency schemes.
|
|
|
|
|
Adrian Orr, governor of the Reserve Bank of New Zealand, said Accellion failed to notify the central bank for days that an attack was occurring. PHOTO: BIRGIT KRIPPNER/BLOOMBERG NEWS
|
|
|
“Mini-SolarWinds.” The hack of software provider Accellion USA LLC has renewed security experts’ fears of attacks on suppliers and highlighted the difficulty of defending against them in real time.
A growing list of affected customers have shared timelines of the attack and claims of inadequate software patches that at times contradict the vendor’s account of events. The disclosure this week that victims include Jones Day—a law firm that handles sensitive information for clients—underscores how individuals who don't interact with Accellion directly nonetheless might be exposed.
The attack on Accellion “feels like a mini-SolarWinds,” said Sachin Bansal, general counsel for SecurityScorecard Inc., a cyber firm that rates businesses’ security posture.
Among those caught up in the incident are New Zealand's central bank, one of Singapore's largest telecom firms and the Washington State Auditor’s Office—and their own customers and clients.
Read the full story.
|
|
|
Not enough: Facebook has taken steps so it doesn't collect unauthorized data about people’s medical conditions, religious practices and finances, but the company should do more to limit the sharing of such information, the New York Department of Financial Services said Thursday.
|
|
|
-
Facebook cooperated with the agency’s requests to explain how the lapses had occurred, the DFS said, but the company balked at undertaking a review of which developers had provided such data and how it was used within Facebook’s targeting systems.
-
In response to the DFS’s findings, Facebook called the issue of health data sharing an industry-wide problem and said that it welcomed New York’s review. “Our policies prohibit sharing sensitive health information and it’s not something we want,” a spokeswoman wrote. (WSJ)
|
|
Vulnerability hunt: SolarWinds hackers examined Microsoft's source code for Azure cloud software and other products to look for security weaknesses, Microsoft said Thursday in a blog post that detailed the findings of its investigation into the attack. Some pieces of source code were downloaded.
|
|
|
|
|
|
|
|
|
|
|
|
|
|