BeyondTrust

  • Blog
    digitpatrox1 week ago
    316

    PostgreSQL flaw exploited as zero-day in BeyondTrust breach

    ​Rapid7’s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. BeyondTrust revealed that attackers breached its systems and 17 Remote Support SaaS instances in early December using two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) and a stolen API key. Less than one month later, in…

    Read More »
  • Blog
    digitpatroxJanuary 14, 2025
    63

    CISA orders agencies to patch BeyondTrust bug exploited in attacks

    ​CISA has tagged a command injection vulnerability (CVE-2024-12686) in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01, after being added to CISA’s Known Exploited Vulnerabilities catalog, U.S. federal agencies must secure their networks against ongoing attacks targeting the flaw within three weeks by February 3.…

    Read More »
Back to top button
close