Collaborate Disseminate
Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulne… Continue reading Microsoft vulnerabilities: What’s improved, what’s at risk
It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing… Continue reading CISOs battle security platform fatigue
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek.
Continue reading China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers com… Continue reading A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)
Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product.
The post Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation appeared first on SecurityWeek.
Continue reading Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident involving compromised BeyondTrust Remote Support SaaS instance… Continue reading CISA says Treasury was the only US agency breached via BeyondTrust
Threat actors entered Treasury Department systems through BeyondTrust. The breach may be related to the Salt Typhoon attacks reported throughout the year. Continue reading China-Linked Cyber Threat Group Hacks US Treasury Department
BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installat… Continue reading BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)
Refreshed software and collaboration with the security researcher community may have contributed to the 5% drop. Continue reading BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023
The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified tha… Continue reading Okta breach post mortem reveals weaknesses exploited by attackers