CISA Adds One Known Exploited Vulnerability to Catalog
Dec 19, 2024 · CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CISA Update on Treasury Breach
4 days ago · WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) today issued the following update on last week's cybersecurity incident at the U.S. Department of the Treasury: CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident.
CISA says Treasury was the only US agency breached via BeyondTrust
3 days ago · The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident ...
CISA: BeyondTrust breach affected Treasury Department only
2 days ago · The U.S. Treasury Department was the only federal agency affected by the BeyondTrust breach last month, according to an update from CISA. On Dec. 30, the Treasury Department revealed that Chinese nation-state threat actors breached the department by leveraging a compromised cloud service at BeyondTrust. The department disclosed the incident in a letter to members of the U.S. Senate Committee ...
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury ...
Dec 31, 2024 · The federal agency said it has been working with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), and that available evidence points to it being the work of an unnamed state-sponsored Advanced Persistent Threat (APT) actor from China.
CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust …
3 days ago · The US cybersecurity agency CISA on Monday said that no other federal agency beyond the Department of the Treasury was impacted by the recent ‘major cybersecurity incident’ involving a BeyondTrust cloud-based service. Disclosed on December 31, the attack resulted in Chinese state-sponsored hackers accessing Treasury workstations and unclassified documents using a compromised API key for a ...
CISA: No Wider Federal Impact from Treasury Cyber Attack, …
3 days ago · The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it's working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts.
CISA Adds Critical Flaw in BeyondTrust Software to Exploited ...
Dec 20, 2024 · The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities catalog, citing evidence of active exploitation in the wild.
CISA Urges Immediate Patching of Exploited BeyondTrust …
Dec 20, 2024 · The US cybersecurity agency CISA warns that a recently disclosed vulnerability in BeyondTrust’s remote access products has been exploited in the wild. The issue, tracked as CVE-2024-12356 (CVSS score of 9.8), is a command injection bug impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) that can be exploited without ...
The US Treasury Department was hacked - The Verge
Dec 30, 2024 · The threat actor stole a key used by BeyondTrust “to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.”
- Some results have been removed