Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key

The Hacker News by The Hacker News
February 1, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Feb 01, 2025Ravie LakshmananVulnerability / Zero-Day

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company’s Remote Support SaaS instances by making use of a compromised API key.

The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged on December 5, 2024.

“The investigation determined that a zero-day vulnerability of a third-party application was used to gain access to an online asset in a BeyondTrust AWS account,” the company said this week.

“Access to that asset then allowed the threat actor to obtain an infrastructure API key that could then be leveraged against a separate AWS account which operated Remote Support infrastructure.”

Cybersecurity

The American access management company did not name the application that was explored to obtain the API key, but said the probe uncovered two separate in its own products (CVE-2024-12356 and CVE-2024-12686).

BeyondTrust has since revoked the compromised API key and suspended all known affected customer instances, while also providing them with alternative Remote Support SaaS instances.

It’s worth noting that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added both CVE-2024-12356 and CVE-2024-12686 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The exact details of the malicious activity are presently not known.

The development comes as the U.S. Treasury Department said it was one of the affected parties. No other federal agencies are assessed to have been impacted.

The attacks have been attributed to a China-linked hacking group dubbed Silk Typhoon (formerly Hafnium), with the agency imposing sanctions against a Shanghai-based cyber actor named Yin Kecheng for his alleged involvement in the breach of the Treasury’s Departmental Offices network.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Recommended.

5 Things To Know About China-Linked Juniper Router Attacks

5 Things To Know About China-Linked Juniper Router Attacks

March 13, 2025
Colgate-Palmolive plans agentic AI push in pursuit of growth

Colgate-Palmolive plans agentic AI push in pursuit of growth

November 3, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio