CISA: Second BeyondTrust Vulnerability Added To KEV Catalog

BeyondTrust Breach Exposes API Key Abuse Risks

3 min readWhen a single API key compromise spiraled into a broader attack, it exposed how overlooked non-human identities can become gateways for escalating threats. The post BeyondTrust Breach Exposes API Key Abuse Risks appeared first on Aembit. The post BeyondTrust Breach Exposes API Key Abuse Risks appeared first on Security Boulevard.

CISA: Second BeyondTrust Vulnerability Added To KEV Catalog

NEWS BRIEF The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a command injection flaw tracked as CVE-2024-12686, otherwise known as BT24-11, and has added it to the Known Exploited Vulnerabilities (KEV) Catalog. The medium-severity security bug was found as a part of BeyondTrust’s Remote Support SaaS Service security investigation, which was launched after a major data breach at the US Treasury Depar…

CISA warns second BeyondTrust vulnerability also exploited in the wild

The US Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities a second vulnerability by BeyondTrust, which was patched in December. The flaw is different than the one that was used to compromise US Treasury workstations last month. At the end of December, the US Department of the Treasury disclosed that state-sponsored Chinese attackers had managed to access some of its workstations an…