skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

CISA Directs Agencies to Address BeyondTrust Vulnerabilities

/ 1 min read

🔒✨ CISA warns of critical vulnerabilities in BeyondTrust software amid active exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) has identified a command injection vulnerability (CVE-2024-12686) in BeyondTrust’s Privileged Remote Access and Remote Support software as actively exploited in attacks, mandating U.S. federal agencies to secure their networks by February 3. Additionally, another critical vulnerability (CVE-2024-12356) was reported following a breach of BeyondTrust’s Remote Support SaaS instances, where attackers stole an API key to reset passwords. The breaches have been linked to the Chinese state-backed group Silk Typhoon, which targeted sensitive U.S. Treasury systems. BeyondTrust has issued patches for the vulnerabilities, but users of self-hosted instances must apply them manually.

Source
{entry.data.source.title}
Original