CISA tells agencies to patch BeyondTrust bug now

Posted by:
Olivia Smith
Wed, 15 Jan
0 Comment
Feature image

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified two newly-discovered vulnerabilities in BeyondTrust products that have been exploited in the wild. The vulnerabilities, tracked as CVE-2024-12686 and CVE-2024-12356, pose significant risks, with one allowing malicious actors to inject commands and the other enabling unauthenticated attackers to do the same. BeyondTrust confirmed a cyberattack in December 2024, leading to the discovery of these flaws.

CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch the software by February 3, 2025. Notably, the US Treasury Department was recently targeted in a cyberattack linked to the Chinese government-affiliated group Silk Typhoon, highlighting the severity of these security breaches.

This development underscores the ongoing threat posed by cyber-espionage groups and the importance of timely software updates and security measures in safeguarding critical infrastructure.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest


0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments