CISA is warning federal agencies of a second vulnerability in BeyondTrust enterprise solutions. The vulnerability affects Privileged Remote Access (PRA) and Remote Support (RS) solutions. The flaw was discovered during an investigation by BeyondTrust into customer compromises, including a customer associated with the U.S. Department of Treasury. The U.S. Treasury attack was disclosed in December and attributed to Chinese actors. 

Read more: https://www.securityweek.com/cisa-warns-of-second-beyondtrust-vulnerability-exploited-in-attacks/