Cybersecurity Circus: BeyondTrust Vulnerabilities Trigger Major U.S. Hack Drama

CISA has flagged a medium-severity bug in BeyondTrust Privileged Remote Access, adding it to the Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-12686, lets attackers with admin privileges inject commands, making it a hacker’s dream come true—because who wouldn’t want to play IT admin for a day?

3P
Published: January 14, 2025 3:38 amAdded: January 13, 2025 at 7:52 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that the “Beyond” in BeyondTrust referred to taking trust beyond your wildest nightmares? With cybersecurity flaws popping up like unwanted email subscriptions, it seems like hackers are having a field day playing “Command and Conquer” with our sensitive data.

Key Points:

  • CISA adds a medium-severity vulnerability in BeyondTrust products to its Known Exploited Vulnerabilities catalog.
  • The vulnerability allows attackers with admin privileges to inject commands and act as a site user.
  • Both vulnerabilities were discovered following a cyber incident involving a breached Remote Support SaaS API key.
  • The U.S. Treasury Department was hacked using the compromised API key, allegedly by a Chinese state-sponsored group.
  • Another critical vulnerability in Qlik Sense, actively exploited by ransomware groups, was also added to the KEV catalog.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?