CISA orders agencies to patch BeyondTrust bug exploited in attacks
Here is a detailed overview of the latest news regarding the CISA, BeyondTrust vulnerability, and other relevant cybersecurity patch alerts as of January 13, 2025:
U.S. Treasury Department Hack and BeyondTrust Vulnerability
- A recent cyberattack targeted the U.S. Treasury Department, involving a breach of BeyondTrust’s systems. The attackers used a compromised Remote Support SaaS API key to infiltrate some of BeyondTrust’s Remote Support SaaS instances3.
- China has been implicated in the attack, although China has denied any involvement, accusing the U.S. of using cybersecurity issues to "vilify and smear" China3.
- During the investigation, a critical zero-day vulnerability tracked as CVE-2024-12356 was discovered. This vulnerability was part of the attack vector used by the adversaries1.
CISA Response and Mitigation
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported that there is no evidence the cyberattack on the U.S. Treasury Department has impacted other federal agencies. CISA is working with BeyondTrust to analyze the breach and mitigate its effects3.
- CISA has emphasized the importance of addressing known exploited vulnerabilities through its Known Exploited Vulnerabilities Catalog. This catalog is part of Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by specified due dates to protect FCEB networks against active threats2.
Recent CISA Vulnerability Alerts
- On January 13, 2025, CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog:
- CVE-2024-41713: Mitel MiCollab Path Traversal Vulnerability
- CVE-2024-55550: Mitel MiCollab Path Traversal Vulnerability
- CVE-2020-2883: Oracle WebLogic Server Unspecified Vulnerability
These vulnerabilities are based on evidence of active exploitation and pose significant risks to the federal enterprise2.
Industrial Control Systems (ICS) Vulnerabilities
- CISA released four advisories concerning industrial control systems (ICS) from Schneider Electric, Delta Electronics, and Rockwell Automation. One notable vulnerability is in Schneider Electric’s PowerChute Serial Shutdown equipment, tracked as CVE-2024-10511, which involves improper authentication and could cause denial of access to the web interface. Schneider Electric recommends updating to Version 1.3 to mitigate this vulnerability4.
Other Relevant Vulnerabilities
- An OpenVPN Connect vulnerability (CVE-2024-8474) has been identified, which allows attackers to compromise VPN traffic by accessing users’ private keys due to improper handling of sensitive information within the application. This vulnerability primarily affects Android devices but may also impact other platforms. OpenVPN has issued a patch to remedy this flaw, and users are advised to update their systems immediately3.
In summary, the recent cybersecurity landscape involves a significant breach at the U.S. Treasury Department linked to BeyondTrust, ongoing efforts by CISA to address known exploited vulnerabilities, and various other critical vulnerabilities in industrial control systems and software applications. These updates highlight the continuous need for vigilance and prompt action in mitigating cybersecurity threats. For more detailed information, refer to the sources provided:
- [SecurityWeek: China Targeted Foreign Investment, Sanctions Offices in Treasury Hack Reports]1
- [RedPacketSecurity: CISA Adds Three Known Exploited Vulnerabilities to Catalog]2
- [NetworkTigers: Cybersecurity News roundup January 13, 2025]3
- [IndustrialCyber: CISA reports security vulnerabilities in ICS equipment from Schneider Electric, Delta Electronics, Rockwell Automation]4
