Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 19 Jan 2021
Last updated: 25 Feb 2021

Content written for

Large organisations & infrastructure

Background

Since 12 January 2021, the ACSC has been working with cyber security partners to assist Australian organisations in relation to an SQL injection vulnerability in the Accellion File Transfer Appliance (FTA).  If exploited, this vulnerability may provide an attacker with access to content stored on, and accessible by, the FTA instance.

Mitigations

If your organisation is impacted by the Accellion FTA vulnerability, the ACSC’s recommendations are:

  • Temporarily isolate or block internet access to and from systems hosting the FTA.

  • Review the joint United States, United Kingdom, Australia, New Zealand and Singapore advisory available at CISA and examine the FTA using the included indicators of compromise.

  • If indicators of compromise are identified, the ACSC strongly recommends impacted organisations report the incident to the ACSC via 1300 CYBER1.

  • If no indicators of compromise are identified, follow Accellion’s advice to apply security patches as soon as possible. Given that FTA is regarded as a legacy product by Accellion, organisations using FTA should migrate to currently supported products.

Additional information and supporting tools

Information regarding FTA and the associated vulnerability is available at the Accellion website.

The ACSC encourages all organisations to continually assess and apply the Essential Eight strategies to protect their systems.

Assistance

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted can contact the ACSC via 1300 CYBER1.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it