1. Forum
  2. tqwNet
  3. TQW GENTECH

  • BeyondTrust says hackers hit its remote support products

    From TechnologyDaily@1337:1/100 to All on Friday, December 20, 2024 17:15:05
    BeyondTrust says hackers hit its remote support products

    Date:
    Fri, 20 Dec 2024 17:01:00 +0000

    Description:
    This was not a ransomware attack, BeyondTrust confirms, but users should
    still be wary.

    FULL STORY ======================================================================BeyondTr ust says it spotted an attack in early December 2024 It found some of its Remote Support SaaS instances were compromised It also found and patched two zero-day flaws

    BeyondTrust has confirmed it recently suffered a cyberattack after spotting anomalous behavior on its network and uncovering some of its Remote Support SaaS instances were compromised.

    In an announcement published on its website, the company, which provides Privileged Access Management (PAM) and secure remote access solutions, said a subsequent investigation uncovered that the threat actors accessed a Remote Support SaaS API key, which they used to reset local app account passwords.

    "BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers, the company said in its announcement. It wasn't ransomware

    The company said it found two vulnerabilities, which it patched. It doesnt seem as if these vulnerabilities were used in the attacks, though.

    In any case, BeyondTrusts research uncovered a critical command injection
    flaw impacting the Remote Support (RS) and Privileged Remote Access (PRA) products. This flaw is tracked as CVE-2024-12356 and has a severity score of 9.8/10 (critical).

    The second flaw is a medium-severity one, with a 6.6 score, and tracked as CVE-2024-12686. It allows attackers with existing admin privileges to inject commands and run as a site user on Privileged Remote Access (PRA) and Remote Support (RS).

    The instances provide cloud -hosted solutions for secure, scalable remote support, allowing IT and service desk professionals to remotely access and troubleshoot devices or systems while maintaining strict security and compliance standards. BeyondTrusts usual clients are large enterprises, government agencies, financial institutions, tech giants, and similar.

    The company did not state if the attack trickled down to any of BeyondTrusts customers, but it did stress that it proactively completed an update for its Secure Remote Access Cloud customers, tightening up on their defenses.

    The nature of the attack is not known at this time, but the company did confirm to BleepingComputer that it was not ransomware.

    Via BleepingComputer You might also like Okta could be facing more cyberattacks following customer support hack Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/beyondtrust-says-hackers-hit-its-remote -support-products


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)