AvidXchange Security Incident

High Level Summary of the Security Advisory

AvidXchange is an automated payment software that helps in making bill payments electronically. Their automated accounts payable software converts invoices to digital format and automatically routes them through the accounts payable workflow from end to end.

On May 15, 2023, AvidXchange released a response to a security incident that affected some of AvidXchange’s systems and that data from these systems was exfiltrated.

AvidXchange encountered a cybersecurity incident during their routine security monitoring activities, in early April 2023. In response, AvidXchange initiated an investigation with the assistance of cybersecurity experts and informed law enforcement. The ongoing investigation revealed that certain systems of AvidXchange were impacted by the incident, resulting in the unauthorized extraction of data from these systems. The threat actors behind the breach have stolen data and made it public.

Upon closer examination of the compromised files, it was discovered that the login credentials for a specific application utilized by a limited number of customers were exposed. As a precautionary step, AvidXchange temporarily disabled the application and reached out to the affected customers to reset their passwords, safeguarding their accounts.

AvidXchange acknowledges the possibility that additional information may be released by the threat actors in the future. In the event that it is determined that your confidential data has been compromised, AvidXchange will directly contact customers to provide the necessary information and support.

On May 23, 2023, AvidXchange updated their security incident webpage, with additional incident information including FAQs, remediation steps and additional security measures to follow.

Should I be concerned?

Maybe. It depends on if you have a relationship with AvidXchange. Click on the link below to find out if you have a relationship with this vendor. If you do, follow the recommendations below.

Note: this link specifically references vendor directory records. You may also want to search your Relationship List for "AvidXchange” to confirm.

What to do if you have an active relationship with AvidXchange

In response to the incident (as part of their announcement), AvidXchange has cautioned their customers about temporary disruptions in certain features or products as they focus on resolving the incident and strengthening security measures. Additionally, they have advised customers to remain vigilant against phishing attempts and exercising caution when interacting with links.

AvidXchange has created a dedicated cybersecurity security incident webpage to provide updates while the investigation is in progress. The affected customers are being contacted with guidance on protecting themselves.

In addition, AvidXchange is implementing the following security measures:

Resetting internal passwords for both service accounts and team members throughout the company.
Adjusting firewall settings to impose stricter controls on incoming and outgoing access to their systems.
Introducing enhanced logging and process restrictions.
Enhancing the Secure Endpoint Policy configuration.
Implementing additional conditional access policies to ensure that logins originate from trusted sources.
Establishing separate user accounts in the cloud to limit and restrict the capabilities of privileged accounts.

AvidXchange also recommended that their customers review general security best practices. These include guidelines from the Federal Trade Commission on fundamental practices to minimize the risk of cyber attacks, as well as tips on maintaining secure passwords.

Federal Trade Commission: Cybersecurity Best Practices
Federal Trade Commission: How to Keep Your Password Secure
National Institute of Standards and Technology: Using Strong Passwords and a Password Manager
Federal Communications Commission: Cybersecurity for Small Business

---------------------------------------------------------------------------

We are actively working on future product enhancements related to these types of events. If you found this information helpful or have additional feedback please let us know at product@visotrust.com.

For any additional questions, please reach out to your customer success manager.

AvidXchange Security Incident

High Level Summary of the Security Advisory

Should I be concerned?

What to do if you have an active relationship with AvidXchange

How did we do?

Progress Software MOVEit Zero-Day Vulnerability

GoAnywhere MFT (Fortra) Incident

Related Articles

Fiserv Security Incident

AnyDesk Security Incident

Optum Security Incident

High Level Summary of the Security Advisory

Should I be concerned?

What to do if you have an active relationship with AvidXchange

How did we do?

Progress Software MOVEit Zero-Day Vulnerability

GoAnywhere MFT (Fortra) Incident

Related Articles

Fiserv Security Incident

AnyDesk Security Incident

Optum Security Incident

Contact

Related Articles

Custom Organization Email Domain

Artifact Intelligence Trust Center

VISO TRUST Roles & Permissions

Netksope Application Risk Exchange Plugin

How to Create an API Access Token

How To Configure The VISO TRUST Netskope Application Risk Exchange (ARE) Plugin

How To Configure Coupa Supplier Sync

Customize branding for your organization

VISO TRUST Risk Assessment Process

All About Risk Review and Remediation

Lifecycle Management for Relationships

How To Import New or Existing Relationships

DROPBOX, INC. Cybersecurity Incident

Persistent Malicious Campaign: Exploiting Exchange Server Vulnerability Leading to Data Breach in Azure Cloud Environments

Infosys McCamish Data Breach Hits Bank of America

ConnectWise ScreenConnect Authentication Bypass Vulnerability

Okta's Support System Security Incident

VF Corporation Data Breach Incident

HealthEC LLC (HEC) Cyber Security Event

Orrick Herrington & Sutcliffe LLP Breach Incident

Citrix Hypervisor Security Incident

Citrix NetScaler ADC and NetScaler Gateway vulnerabilities

Sumo Logic Potential Security Incident

Arietis Health Security Incident

Cisco IOS XE Software Web Management User Interface vulnerabilities

CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence Data Center and Server

JumpCloud's Ongoing Incident: API Key Reset

Progress Software MOVEit Zero-Day Vulnerability

GoAnywhere MFT (Fortra) Incident