US officials have announced that threat actors linked to China have leveraged vulnerabilities in BeyondTrust’s remote support software to steal documents in what Treasury Department officials called a “major incident” in a letter to lawmakers. The investigation is still ongoing, but we can outline several key details, insights, and remediation pathways based on available facts. According to reports, the attack leveraged two specific vulnerabilities in BeyondTrust’s remote support software: CVE-2024-12356 (CVSS 9.8): A critical vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software that allowed unauthorized attackers to gain access through improperly validated API endpoints. CVE-2024-12686 (CVSS […]
The post What You Need to Know about the US Treasury Breach – and How to Protect Your Organization from a “Major Incident” appeared first on Check Point Blog.