Home » Blog » BeyondTrust says hackers hit its remote support products
Technology

BeyondTrust says hackers hit its remote support products

by
by 0 comments
  • BeyondTrust says it spotted an attack in early December 2024
  • It found some of its Remote Support SaaS instances were compromised
  • It also found and patched two zero-day flaws

BeyondTrust has confirmed it recently suffered a cyberattack after spotting “anomalous behavior” on its network and uncovering some of its Remote Support SaaS instances were compromised.

In an announcement published on its website, the company, which provides Privileged Access Management (PAM) and secure remote access solutions, said a subsequent investigation uncovered that the threat actors accessed a Remote Support SaaS API key, which they used to reset local app account passwords.

“BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers,” the company said in its announcement.

It wasn’t ransomware

The company said it found two vulnerabilities, which it patched. It doesn’t seem as if these vulnerabilities were used in the attacks, though.

In any case, BeyondTrust’s research uncovered a critical command injection flaw impacting the Remote Support (RS) and Privileged Remote Access (PRA) products. This flaw is tracked as CVE-2024-12356 and has a severity score of 9.8/10 (critical).

The second flaw is a medium-severity one, with a 6.6 score, and tracked as CVE-2024-12686. It allows attackers with existing admin privileges to inject commands and run as a site user on Privileged Remote Access (PRA) and Remote Support (RS).

The instances provide cloud-hosted solutions for secure, scalable remote support, allowing IT and service desk professionals to remotely access and troubleshoot devices or systems while maintaining strict security and compliance standards. BeyondTrust’s usual clients are large enterprises, government agencies, financial institutions, tech giants, and similar.

The company did not state if the attack trickled down to any of BeyondTrust’s customers, but it did stress that it “proactively completed” an update for its Secure Remote Access Cloud customers, tightening up on their defenses.

The nature of the attack is not known at this time, but the company did confirm to BleepingComputer that it was not ransomware.

Via BleepingComputer

You might also like

You Might Also Like

You may also like

What is phishing and how dangerous is it?

Analog AI chip startup wants to achieve 1 POPS per...

VPN testing – the latest results from our team of...

Xbox Game Pass Ultimate subscribers can now stream “select” games...

Mobvoi Ticwatch Atlas is a Garmin rival Wear OS watch...

NYT Strands today — hints, answers and spangram for Sunday,...

Pro-Ject’s new flagship turntable weighs 80lb and costs $15,000… without...

Box AI Studio wants to get your business using AI...

These are the most popular websites right now – and...

No, Arcane isn’t getting three League of Legends sequels –...

Leave a Comment

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00
Verified by MonsterInsights