Advertise

Application Security

2/1/2021
04:55 PM

Dark Reading Staff
Quick Hits

0 comments
Comment Now

50%

Data on 1.4 Million Washington State Residents Breached

Unemployment data exposed via third-party software attack.

Unemployment claims information on 1.4 million Washington state residents was exposed via a breach of its file-transfer software vendor Accellion.

Special Report: 2021 Top Enterprise IT Trends

New From The Edge: FBI Encounters: Reporting an Insider Security Incident to the Feds

The Washington state auditor's office today said names, Social Security numbers, banking information, and other personal data on residents filing unemployment claims were breached in the attack on the vendor, whose product is used by the auditor's office for transferring large files. The exposed data affects claimants who filed for unemployment benefits with the state between Jan. 1 to Dec. 10, 2020.

Meanwhile, an Accellion executive told The Seattle Times that the breached software was FTA, an older legacy package that the company has urged customers for years to abandon in favor of a next-generation product. Accellion's software was breached in December.

Read more here and here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Insider Threats: An Interactive Crisis Simulation

How the Rapid Shift to Remote Work Impacted IT Complexity and Post-Pandemic Security Priorities

More Webcasts

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

2020 SANS Enterprise Cloud Incident Response Survey

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Editors' Choice

Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It

Robert Lemos, Contributing Writer, 4/1/2021

Inside the Ransomware Campaigns Targeting Exchange Servers

Kelly Sheridan, Staff Editor, Dark Reading, 4/2/2021

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain

Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia, 3/30/2021

Live Events

Webinars

Cybersecurity Risk Management FREE Event 4/22

Using MS Teams as Your Phone System - FREE Event 4/14

Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

Are We Cyber-Resilient? The Key Question Every Organization Must Answer

10 Must-Have Capabilities for Stopping Malicious Automation Checklist

SANS 2021 Cyber Threat Intelligence Survey

Addressing Complexity and Expertise in Application Security Testing

More White Papers

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-3460
PUBLISHED: 2021-04-13

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.

CVE-2021-3462
PUBLISHED: 2021-04-13

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

CVE-2021-3463
PUBLISHED: 2021-04-13

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.

CVE-2021-3471
PUBLISHED: 2021-04-13

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE-2021-3473
PUBLISHED: 2021-04-13

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exist...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]