skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

CISA Adds BeyondTrust Vulnerability to KEV Catalog

/ 1 min read

🕵️‍♂️ CISA adds new BeyondTrust vulnerability to Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a medium-severity vulnerability (CVE-2024-12686) affecting BeyondTrust’s Privileged Remote Access and Remote Support products in its KEV catalog, citing active exploitation. This flaw allows attackers with administrative privileges to execute commands as a site user, potentially leading to significant security breaches. This addition follows the recent inclusion of a critical vulnerability (CVE-2024-12356) with a CVSS score of 9.8, linked to a cyber incident involving a compromised API key. The U.S. Treasury Department has reported a breach related to this incident, attributed to the Chinese state-sponsored group Silk Typhoon. Federal agencies must apply necessary patches by February 3, 2024, to mitigate these threats.

Source
{entry.data.source.title}
Original