One Article Review
| Source |  Checkpoint |
|---|---|
| Identifiant | 8632147 |
| Date de publication | 2024-12-31 20:53:15 (vue: 2024-12-31 21:07:52) |
| Titre | What You Need to Know about the US Treasury Breach – and How to Protect Your Organization from a “Major Incident” |
| Texte | >US officials have announced that threat actors linked to China have leveraged vulnerabilities in BeyondTrust\'s remote support software to steal documents in what Treasury Department officials called a “major incident” in a letter to lawmakers. The investigation is still ongoing, but we can outline several key details, insights, and remediation pathways based on available facts. According to reports, the attack leveraged two specific vulnerabilities in BeyondTrust\'s remote support software: CVE-2024-12356 (CVSS 9.8): A critical vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software that allowed unauthorized attackers to gain access through improperly validated API endpoints. CVE-2024-12686 (CVSS […]
>US officials have announced that threat actors linked to China have leveraged vulnerabilities in BeyondTrust\'s remote support software to steal documents in what Treasury Department officials called a “major incident” in a letter to lawmakers. The investigation is still ongoing, but we can outline several key details, insights, and remediation pathways based on available facts. According to reports, the attack leveraged two specific vulnerabilities in BeyondTrust\'s remote support software: CVE-2024-12356 (CVSS 9.8): A critical vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software that allowed unauthorized attackers to gain access through improperly validated API endpoints. CVE-2024-12686 (CVSS […] |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 12356 12686 2024 >us about access according actors allowed announced api attack attackers available based beyondtrust breach but called can china critical cve cvss department details documents endpoints facts from gain have how improperly incident” insights investigation key know lawmakers letter leveraged linked need officials ongoing organization outline pathways pra privileged protect remediation remote reports several software software: specific steal support threat through treasury two unauthorized validated vulnerabilities vulnerability what your “major |
| Tags | Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.