Summary: The US cybersecurity agency CISA is urging federal agencies to patch a newly identified vulnerability in BeyondTrust’s enterprise solutions, which is being actively exploited. This follows a previous critical zero-day vulnerability and is linked to a cyberattack attributed to the state-sponsored threat actor, Silk Typhoon.
Threat Actor: Silk Typhoon | Silk Typhoon
Victim: US Department of Treasury | US Department of Treasury
Key Point :
- CISA has added CVE-2024-12686 to its Known Exploited Vulnerabilities (KEV) list due to active exploitation.
- The vulnerability allows attackers with administrative privileges to execute commands on the underlying operating system.
- Federal agencies have until February 3 to patch the vulnerabilities or consider removing affected products.
- The initial attack was linked to a compromised API key targeting multiple customers, including the US Treasury.
Source: https://www.securityweek.com/cisa-warns-of-second-beyondtrust-vulnerability-exploited-in-attacks/