CISA tells agencies to patch BeyondTrust bug now
Posted by:
Olivia Smith
The US Cybersecurity and Infrastructure Security Agency (CISA) has identified two newly-discovered vulnerabilities in BeyondTrust products that have been exploited in the wild. The vulnerabilities, tracked as CVE-2024-12686 and CVE-2024-12356, pose significant risks, with one allowing malicious actors to inject commands and the other enabling unauthenticated attackers to do the same. BeyondTrust confirmed a cyberattack in December 2024, leading to the discovery of these flaws.
CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch the software by February 3, 2025. Notably, the US Treasury Department was recently targeted in a cyberattack linked to the Chinese government-affiliated group Silk Typhoon, highlighting the severity of these security breaches.
This development underscores the ongoing threat posed by cyber-espionage groups and the importance of timely software updates and security measures in safeguarding critical infrastructure.
Recent Posts1
