Tuesday , January 14 2025
CISA

CISA Adds Second BeyondTrust Flaw to KEV On Active Attacks

infosecbulletin 12 hours ago Alert, International

U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products to its Known Exploited Vulnerabilities (KEV) catalog, noting that it is actively being exploited.

CVE-2024-12686 is a medium-severity vulnerability (CVSS score: 6.6) that could let an attacker with admin privileges inject commands and execute them as a site user.

CVE-2023-37936
Fortinet released update for a critical cryptographic key vuln

By infosecbulletin / Tuesday , January 14 2025
Fortinet released security patches for a critical vulnerability (CVE-2023-37936) involving a hard-coded cryptographic key. This flaw lets remote, unauthorized attackers...
Read More
CVE-2023-37936 Fortinet released update for a critical cryptographic key vuln

Millions of Accounts Vulnerable due to Google’s OAuth Flaw

By infosecbulletin / Tuesday , January 14 2025
A critical flaw in Google’s "Sign in with Google" system has put millions of Americans at risk of data theft....
Read More
Millions of Accounts Vulnerable due to Google’s OAuth Flaw

CISA Adds Second BeyondTrust Flaw to KEV On Active Attacks

By infosecbulletin / Tuesday , January 14 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote...
Read More
CISA Adds Second BeyondTrust Flaw to KEV On Active Attacks

Abusing AWS features: Ransomware Encrypting S3 Buckets

By infosecbulletin / Tuesday , January 14 2025
Executive Summary: Native Resource Abuse: Threat actor dubbed Codefinger uses compromised AWS keys to encrypt S3 bucket data via SSE-C,...
Read More
Abusing AWS features: Ransomware Encrypting S3 Buckets

$12.9 B Cybersecurity Boom Awaits India for 2030

By infosecbulletin / Tuesday , January 14 2025
India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that...
Read More
$12.9 B Cybersecurity Boom Awaits India for 2030

Emerging Phishing Threat in Bangladesh’s Cyber Space

By infosecbulletin / Monday , January 13 2025
BGD e-GOV CIRT report highlights a recent surge in phishing attacks targeting Bangladeshi government organizations, law enforcement, and educational institutions....
Read More
Emerging Phishing Threat in Bangladesh’s Cyber Space

Fake LDAPNightmware exploit on GitHub spreads malware

By infosecbulletin / Saturday , January 11 2025
A deceptive proof-of-concept exploit for CVE-2024-49113, known as "LDAPNightmare," on GitHub spreads infostealer malware that steals sensitive data and sends...
Read More
Fake LDAPNightmware exploit on GitHub spreads malware

Alert! Fake Crowdstrike Recruitment Emails Spread XMRig cryptominer

By infosecbulletin / Friday , January 10 2025
In a sophisticated phishing campaign, uncovered cybercriminals are exploiting CrowdStrike’s recruitment branding to target developers and deploy the XMRig cryptominer....
Read More
Alert! Fake Crowdstrike Recruitment Emails Spread XMRig cryptominer

Facebook awards researcher $100,000 to find bug allowing internal access

By infosecbulletin / Friday , January 10 2025
In October 2024, security researcher Ben Sadeghipour discovered a vulnerability in Facebook's ad platform that allowed him to run commands...
Read More
Facebook awards researcher $100,000 to find bug allowing internal access

Top 4 Malware you have to Prepare for in 2025

By infosecbulletin / Friday , January 10 2025
In 2025, malware attacks will persist. To prepare, organizations should familiarize themselves with common malware families. Here are five to...
Read More
Top 4 Malware you have to Prepare for in 2025

“BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file,” CISA said.

“Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.”

“The addition of CVE-2024-12686 to the KEV catalog comes nearly a month after it added another critical security issue affecting the same product that could also allow remote command execution.”

BeyondTrust stated that both vulnerabilities were found during an investigation into a cyber incident in early December 2024, where attackers used a stolen Remote Support API key to access some systems and change local account passwords.

The API key has been revoked, but it’s unclear how it was compromised. It’s believed that attackers used two zero-day vulnerabilities to access BeyondTrust systems.

Emerging Phishing Threat in Bangladesh’s Cyber Space

Check Also

malware

Top 4 Malware you have to Prepare for in 2025

In 2025, malware attacks will persist. To prepare, organizations should familiarize themselves with common malware …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin