The Australian Securities and Investments Commission (ASIC) have become the most recent organization to announce they’ve suffered a data breach due to an unpatched SQL injection vulnerability within file transfer software from Accellion, a software company based in California. The ASIC uses the Accellion software to move files back and forth and it says credit license applications that had been recently filled out were accessed by unauthorized parties. ASIC stated, “While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor. At this time, ASIC has not seen evidence that any Australian credit license application forms or any attachments were opened or downloaded.” ASIC has not yet responded to requests for comments from reporters.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is