Summary: The U.S. CISA has added a medium-severity vulnerability (CVE-2024-12686) affecting BeyondTrust products to its Known Exploited Vulnerabilities catalog, highlighting active exploitation in the wild. This follows the discovery of another critical flaw (CVE-2024-12356) that could lead to arbitrary command execution, both linked to a cyber incident involving a compromised API key.
Threat Actor: Silk Typhoon (Hafnium) | Silk Typhoon
Victim: U.S. Treasury Department | U.S. Treasury Department
Key Point :
- CVE-2024-12686 allows attackers with administrative privileges to inject commands and execute them as site users.
- Both vulnerabilities were discovered during an investigation into a cyber incident involving a compromised Remote Support SaaS API key.
- The U.S. Treasury Department’s network was breached using the compromised API key, targeting specific offices within the department.
- A critical vulnerability in Qlik Sense (CVE-2023-48365) was also added to the KEV catalog, previously exploited by the Cactus ransomware group.
- Federal agencies must apply necessary patches by February 3, 2024, to protect against these active threats.
Source: https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html