CISA Adds Critical Flaw to Known Exploited Vulnerabilities Catalog

Background

CISA (Cybersecurity and Infrastructure Security Agency) added the critical flaw, CVE-2024-12356, to its Known Exploited Vulnerabilities (KEV) catalog on December 19, 2024. This action indicates that the agency had information that the vulnerability had been exploited in the wild. This led some to believe that the flaw was probably the one exploited in the attack that led to the compromise of workstations at the US Treasury.

Second Flaw Also Exploited in the Wild

On Monday, CISA added the second medium-risk vulnerability, CVE-2024-12686, to KEV as well. It is not clear if this was exploited as part of the same attacks or new ones after the BeyondTrust disclosure. As per CISA’s mandate, government agencies have until February 3 to identify if they have vulnerable deployments and make sure the patches are applied.

Investigation Update

Last week, in an update on its investigation into the Treasury breach, CISA said it did not have any indication that other government agencies had been impacted in the attack.

Timeline

CISA added CVE-2024-12356 to KEV on December 19, 2024.
CISA added CVE-2024-12686 to KEV on [Monday, date].
Government agencies have until February 3 to identify and patch vulnerable deployments.

Conclusion

In conclusion, CISA’s action to add these vulnerabilities to its Known Exploited Vulnerabilities catalog highlights the importance of prompt patching and vulnerability management. It is crucial for government agencies and organizations to stay vigilant and take proactive measures to mitigate these threats.

FAQs

Q: What was the critical flaw added to CISA’s Known Exploited Vulnerabilities catalog?

A: The critical flaw, CVE-2024-12356, was added to the catalog on December 19, 2024.

Q: Was the second flaw also exploited in the wild?

A: Yes, the second medium-risk vulnerability, CVE-2024-12686, was also exploited in the wild.

Q: What is the deadline for government agencies to patch vulnerable deployments?

A: Government agencies have until February 3 to identify and patch vulnerable deployments.

Q: Has CISA found any indication of other government agencies being impacted in the attack?

A: No, CISA did not find any indication that other government agencies were impacted in the attack, according to its investigation update.

About Us

Crypto Endevr aims to simplify the vast world of cryptocurrencies and blockchain technology for our readers by curating the most relevant and insightful articles from around the web. Whether you’re a seasoned investor or new to the crypto scene, our mission is to deliver a streamlined feed of news and analysis that keeps you informed and ahead of the curve.

CISA warns second BeyondTrust vulnerability also exploited in the wild

cryptoendevr

Related Stories

Google Workspace Plans See Price Hike as Gemini AI Expands to All Tiers

Cisco Unveils AI Defense to Secure the AI Transformation of Enterprises

ChatGPT Can Now Schedule Tasks in Advance

Die Top 10 Geschäftsrisiken in Deutschland 2025

Leave a Reply Cancel reply

Recommended

Bitcoin Could Top $300,000 This Year, New HashKey Survey Claims

Google Workspace Plans See Price Hike as Gemini AI Expands to All Tiers

DO NOT BE FOOLED – BITCOIN CRASHING DUE TO MANIPULATION (MUST WATCH ASAP)

XRP’s Bullish Momentum Strongest Since January 2018 as Futures Open Interest Hits Record High

Bitcoin Will WRECK Traders Today… And I Don’t Blame Them

Our Newsletter

CRYPTO ENDEVR

About Us

Links

Resources

Other