"Shell Latest to Fall to Accellion FTA Exploits"

The oil giant Shell is a customer of Accellion's File Transfer Appliance (FTA) product and is the latest company to announce that they were affected by a data breach due to adversaries targeting vulnerabilities in the legacy file transfer software.  Shell has stated that they have addressed the exploited vulnerabilities and begun an investigation into the incident. Their core IT system was unaffected as FTA is isolated from the rest of its digital infrastructure.  They found that an unauthorized party gained access to various files during a limited window of time through the ongoing investigation. Some of the files contained personal data, and others included data from Shell companies and some of their stakeholders.  Shell did not state when they discovered the breach and which vulnerabilities were targeted. Accellion patched two zero-day bugs in late December.  Other organizations known to have been breached due to adversaries targeting vulnerabilities in the legacy file transfer software include the New Zealand central bank, aircraft maker Bombardier, retail giant Kroger, and legal firm Jones Day.

Infosecurity reports: "Shell Latest to Fall to Accellion FTA Exploits"