BeyondTrust says hackers hit its remote support products

BeyondTrust says it spotted an attack in early December 2024
It found some of its Remote Support SaaS instances were compromised
It also found and patched two zero-day flaws

BeyondTrust has confirmed it recently suffered a cyberattack after spotting “anomalous behavior” on its network and uncovering some of its Remote Support SaaS instances were compromised.

In an announcement published on its website, the company, which provides Privileged Access Management (PAM) and secure remote access solutions, said a subsequent investigation uncovered that the threat actors accessed a Remote Support SaaS API key, which they used to reset local app account passwords.

“BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers,” the company said in its announcement.

It wasn’t ransomware

The company said it found two vulnerabilities, which it patched. It doesn’t seem as if these vulnerabilities were used in the attacks, though.

In any case, BeyondTrust’s research uncovered a critical command injection flaw impacting the Remote Support (RS) and Privileged Remote Access (PRA) products. This flaw is tracked as CVE-2024-12356 and has a severity score of 9.8/10 (critical).

The second flaw is a medium-severity one, with a 6.6 score, and tracked as CVE-2024-12686. It allows attackers with existing admin privileges to inject commands and run as a site user on Privileged Remote Access (PRA) and Remote Support (RS).

The instances provide cloud-hosted solutions for secure, scalable remote support, allowing IT and service desk professionals to remotely access and troubleshoot devices or systems while maintaining strict security and compliance standards. BeyondTrust’s usual clients are large enterprises, government agencies, financial institutions, tech giants, and similar.

The company did not state if the attack trickled down to any of BeyondTrust’s customers, but it did stress that it “proactively completed” an update for its Secure Remote Access Cloud customers, tightening up on their defenses.

The nature of the attack is not known at this time, but the company did confirm to BleepingComputer that it was not ransomware.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/exjZtnyH8bykMKrG4TDthC-1200-80.jpg

Source link

New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max

Is Microsoft’s Update a Feature or a Bug?

This prototype mini PC demonstrates a massive leap forward for integrated graphics in a console form factor

No, it’s not a giant heatsink: Maxtang’s passively cooled PC has a dozen connectors including five HDMI

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Trump nominates Republic Airways CEO to lead US FAA

Wells Fargo takes another step forward as OCC terminates 2021 consent order

In wake of tragedies, BofA tasks senior execs with overseeing junior banker workload

Trump revokes secret service protection for Biden's children Hunter and Ashley

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

BeyondTrust says hackers hit its remote support products

New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max

Trump nominates Republic Airways CEO to lead US FAA

Is Microsoft’s Update a Feature or a Bug?

Wells Fargo takes another step forward as OCC terminates 2021 consent order