BeyondTrust says hackers hit its remote support products

BeyondTrust says it spotted an attack in early December 2024
It found some of its Remote Support SaaS instances were compromised
It also found and patched two zero-day flaws

BeyondTrust has confirmed it recently suffered a cyberattack after spotting “anomalous behavior” on its network and uncovering some of its Remote Support SaaS instances were compromised.

In an announcement published on its website, the company, which provides Privileged Access Management (PAM) and secure remote access solutions, said a subsequent investigation uncovered that the threat actors accessed a Remote Support SaaS API key, which they used to reset local app account passwords.

“BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers,” the company said in its announcement.

It wasn’t ransomware

The company said it found two vulnerabilities, which it patched. It doesn’t seem as if these vulnerabilities were used in the attacks, though.

In any case, BeyondTrust’s research uncovered a critical command injection flaw impacting the Remote Support (RS) and Privileged Remote Access (PRA) products. This flaw is tracked as CVE-2024-12356 and has a severity score of 9.8/10 (critical).

The second flaw is a medium-severity one, with a 6.6 score, and tracked as CVE-2024-12686. It allows attackers with existing admin privileges to inject commands and run as a site user on Privileged Remote Access (PRA) and Remote Support (RS).

The instances provide cloud-hosted solutions for secure, scalable remote support, allowing IT and service desk professionals to remotely access and troubleshoot devices or systems while maintaining strict security and compliance standards. BeyondTrust’s usual clients are large enterprises, government agencies, financial institutions, tech giants, and similar.

The company did not state if the attack trickled down to any of BeyondTrust’s customers, but it did stress that it “proactively completed” an update for its Secure Remote Access Cloud customers, tightening up on their defenses.

The nature of the attack is not known at this time, but the company did confirm to BleepingComputer that it was not ransomware.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/exjZtnyH8bykMKrG4TDthC-1200-80.jpg

Source link

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change...

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change...

Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and ‘double performance per watt’

Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and ‘double performance per watt’

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

IDFC First Bank, LTTS among 10 biggest midcap laggards this week, fall by up to 9% – Midcap Decline

US Fed interest rate decision, tariff-related developments to drive mkt movement this week: Analysts

F&O Talk | Nifty needs to break above 23,807 for trend reversal: Rahul Ghose

Can Leapmotor save Stellantis in the shift to electric vehicles?

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

BeyondTrust says hackers hit its remote support products

IDFC First Bank, LTTS among 10 biggest midcap laggards this week, fall by up to 9% – Midcap Decline

US Fed interest rate decision, tariff-related developments to drive mkt movement this week: Analysts

F&O Talk | Nifty needs to break above 23,807 for trend reversal: Rahul Ghose

Can Leapmotor save Stellantis in the shift to electric vehicles?