Accellion Supply Chain Hack
There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.
The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application—using antiquated technology and set for retirement—had been breached.
Despite having a patch available on Dec. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said.
EDITED TO ADD (4/14): It appears spy plane details were leaked after the vendor didn’t pay the ransom.