Ethical Hacking News
The US CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the ongoing threat landscape in the cybersecurity world. CVE-2023-48365 affects Qlik Sense, emphasizing the importance of timely patching and addressing known security risks.
CISA has added two new vulnerabilities, CVE-2024-12686 and CVE-2023-48365, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities affect BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software and Qlik Sense platform respectively. CVE-2024-12686 is a zero-day vulnerability allowing attackers to gain unauthorized access to sensitive data. CVE-2023-48365 is an HTTP tunneling vulnerability in Qlik Sense with a CVSS score of 9.6, indicating high severity. Federal agencies have until February 3, 2025, to address CVE-2023-48365 and protect their networks against attacks exploiting it. Experts urge private organizations to review the KEV catalog and take immediate action to address these vulnerabilities.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are CVE-2024-12686 and CVE-2023-48365, which affect the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software, as well as the Qlik Sense platform respectively. This move is part of CISA's ongoing efforts to inform organizations about potential security risks and provide guidance on how to mitigate them.
CVE-2024-12686 is a zero-day vulnerability in BeyondTrust PRA and RS that allows an attacker with existing administrative privileges to exploit it. Once exploited, the attacker can execute underlying operating system commands within the context of the site user, effectively gaining unauthorized access to sensitive data. Furthermore, threat actors have already successfully breached some Remote Support SaaS instances belonging to BeyondTrust, demonstrating the potential impact of this vulnerability.
In December 2024, China-linked threat actors were found to have breached the U.S. Treasury Department via a compromised remote support platform. The breach was discovered by BeyondTrust on December 8th and led to the investigation into the cyberattack against BeyondTrust, which ultimately resulted in the discovery of the zero-day vulnerabilities.
CVE-2023-48365, on the other hand, is an HTTP tunneling vulnerability in Qlik Sense that enables attackers to escalate privileges and send HTTP requests to the backend server. This vulnerability has a CVSS score of 9.6, indicating a high level of severity. According to CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have until February 3, 2025, to address this vulnerability and protect their networks against attacks exploiting it.
Experts are urging private organizations to review the KEV catalog and take immediate action to address these vulnerabilities in their infrastructure. The U.S. CISA is also ordering federal agencies to fix this vulnerability by February 3, 2025, emphasizing the importance of timely patching to prevent potential security breaches.
In addition to these vulnerabilities, recent reports have highlighted other significant security threats and incidents affecting various industries and organizations. These include the development of a new ransomware tool using AI tools, a campaign targeting WordPress via database injection, and a data breach impacting over 560 million Ticketmaster customers. Furthermore, a high-severity vulnerability has been discovered in Cisco Firepower Management Center, while experts have warned about the potential risks associated with Fluent Bit utility.
As organizations continue to navigate the evolving landscape of cybersecurity threats, it is essential to stay informed about emerging vulnerabilities and take proactive measures to mitigate them. The U.S. CISA's KEV catalog provides a valuable resource for this purpose, offering timely guidance on known exploited vulnerabilities that can be used by threat actors to compromise networks.
In conclusion, the recent addition of CVE-2024-12686 and CVE-2023-48365 to the KEV catalog highlights the ongoing importance of patching and addressing known security risks. Organizations must remain vigilant and proactive in their cybersecurity efforts to prevent potential breaches and protect sensitive data.
The US CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the ongoing threat landscape in the cybersecurity world. CVE-2024-12686 and CVE-2023-48365 affect the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software as well as the Qlik Sense platform respectively. This move is part of CISA's efforts to inform organizations about potential security risks and provide guidance on how to mitigate them.
Related Information:
https://securityaffairs.com/173031/security/u-s-cisa-adds-beyondtrust-pra-and-rs-and-qlik-sense-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2024-12686
https://www.cvedetails.com/cve/CVE-2024-12686/
https://nvd.nist.gov/vuln/detail/CVE-2023-48365
https://www.cvedetails.com/cve/CVE-2023-48365/
Published: Mon Jan 13 19:02:33 2025 by llama3.2 3B Q4_K_M
