CISA Adds Two Known Exploited Vulnerabilities to Catalog
Jan 13, 2025 · CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability; CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability
CISA Adds One Known Exploited Vulnerability to Catalog
Dec 19, 2024 · CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CISA: BeyondTrust breach affected Treasury Department only
Jan 7, 2025 · On Dec. 30, the Treasury Department revealed that Chinese nation-state threat actors breached the department by leveraging a compromised cloud service at BeyondTrust. The department disclosed the incident in a letter to members of the U.S. Senate Committee on Banking, Housing and Urban Affairs.
CISA Update on Treasury Breach
Jan 6, 2025 · CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident. At this time, there is no indication that any other federal agencies have been impacted by this incident.
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active …
Jan 14, 2025 · The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities catalog, citing evidence of active exploitation in the wild.
CISA orders agencies to patch BeyondTrust bug exploited in …
Jan 13, 2025 · CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three...
CISA adds second BeyondTrust CVE to known exploited …
Jan 14, 2025 · CISA in December added CVE-2024-12356 to its KEV catalog. BeyondTrust also identified that command injection vulnerability during its investigation of the attack spree.
CISA Adds Critical Flaw in BeyondTrust Software to Exploited ...
Dec 20, 2024 · The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities catalog, citing evidence of active exploitation in the wild.
CISA Urges Immediate Patching of Exploited BeyondTrust …
Dec 20, 2024 · The US cybersecurity agency CISA warns that a recently disclosed vulnerability in BeyondTrust’s remote access products has been exploited in the wild. The issue, tracked as CVE-2024-12356 (CVSS score of 9.8), is a command injection bug impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) that can be exploited without ...
CISA Warns of Second BeyondTrust Vulnerability Exploited in …
Jan 14, 2025 · Last week, CISA said it had no evidence that any other agency except the US Treasury was compromised in the BeyondTrust incident. On Monday, the cybersecurity agency warned that CVE-2024-12686 – the second BeyondTrust bug identified during the security incident probe – has been exploited in the wild as well, and added it to the KEV catalog.
- Some results have been removed