- BeyondTrust says it detected an attack in early December 2024
- You discovered that some of your Remote Support SaaS instances were compromised
- It also found and fixed two zero-day bugs.
BeyondTrust has confirmed that it recently suffered a cyberattack after detecting “anomalous behavior” on its network and discovering that some of its remote support SaaS instances were compromised.
In an announcement posted on its website, the company, which provides privileged access management (PAM) and secure remote access solutions, said a subsequent investigation found that threat actors accessed a remote support SaaS API key, which used to reset the local app account. passwords.
“BeyondTrust immediately revoked the API key, notified known affected customers, and suspended those instances on the same day while providing alternative remote support SaaS instances for those customers,” the company said in its announcement.
It wasn’t ransomware
The company said it found two vulnerabilities and patched them. However, it does not appear that these vulnerabilities were used in the attacks.
In any case, BeyondTrust’s investigation discovered a critical command injection flaw affecting Remote Support (RS) and Privileged Remote Access (PRA) products. This flaw is tracked as CVE-2024-12356 and has a severity score of 9.8/10 (critical).
The second defect is of medium severity, with a score of 6.6 and registered as CVE-2024-12686. It allows attackers with existing administrator privileges to inject commands and execute them as site users in Privileged Remote Access (PRA) and Remote Support (RS).
The instances provide cloud-hosted solutions for secure and scalable remote support, allowing IT and service desk professionals to access and troubleshoot devices or systems remotely while maintaining strict security and compliance standards. BeyondTrust’s typical customers are large companies, government agencies, financial institutions, technology giants, and the like.
The company did not indicate whether the attack reached any of BeyondTrust’s customers, but did emphasize that it “proactively completed” an update for its Secure Remote Access Cloud customers, strengthening their defenses.
The nature of the attack is unknown at this time, but the company confirmed beepcomputer which was not ransomware.
Through beepcomputer
