The application suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials, through a man-in-the-middle attack, potentially compromising user accounts and sensitive data.

Title: ABB Cylon Aspect 3.08.02 Cookie User Password Disclosure  
Advisory ID: ZSL-2025-5895  
Type: Local/Remote  
Impact: Exposure of Sensitive Information, Security Bypass  
Risk: (4/5)  
Release Date: 06.01.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

The application suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials, through a man-in-the-middle attack, potentially compromising user accounts and sensitive data.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.08.02

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[03.12.2024\] Vendor releases version 3.08.03 to address this issue.  
\[06.01.2025\] Public security advisory released.

**PoC**

abb\_aspect\_cookie1.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch  
\[2\] https://www.cve.org/CVERecord?id=CVE-2024-51546

**Changelog**

\[06.01.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon Aspect 3.08.02 Cookie User Password Disclosure

The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.

Title: ABB Cylon Aspect 3.08.02 (CookieDB) SQL Injection  
Advisory ID: ZSL-2025-5899  
Type: Local/Remote  
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data  
Risk: (5/5)  
Release Date: 06.01.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.08.02

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[03.12.2024\] Vendor releases version 3.08.03 to address this issue.  
\[06.01.2025\] Coordinated public security advisory released.

**PoC**

abb\_aspect\_sqli1.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch  
\[2\] https://www.cve.org/CVERecord?id=CVE-2024-48843

**Changelog**

\[06.01.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon Aspect 3.08.02 (CookieDB) SQL Injection

The ABB BMS/BAS controller suffers from a weak password policy, allowing users to set overly simplistic or blank passwords and usernames without restrictions. This vulnerability significantly reduces account security, enabling attackers to exploit weak credentials for unauthorized access to the system.

Title: ABB Cylon Aspect 3.07.02 (userManagement.php) Weak Password Policy  
Advisory ID: ZSL-2025-5898  
Type: Local/Remote  
Impact: Security Bypass, Weak Policy  
Risk: (3/5)  
Release Date: 06.01.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

The ABB BMS/BAS controller suffers from a weak password policy, allowing users to set overly simplistic or blank passwords and usernames without restrictions. This vulnerability significantly reduces account security, enabling attackers to exploit weak credentials for unauthorized access to the system.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.07.02

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[13.10.2023\] Vendor releases version 3.08.00 to address this issue.  
\[06.01.2025\] Coordinated public security advisory released.

**PoC**

abb\_aspect\_weakpwd1.html

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch  
\[2\] https://www.cve.org/CVERecord?id=CVE-2024-48845

**Changelog**

\[06.01.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon Aspect 3.07.02 (userManagement.php) Weak Password Policy

Title: ABB Cylon Aspect 3.08.03 (CookieDB) SQL Injection  
Advisory ID: ZSL-2025-5900  
Type: Local/Remote  
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data  
Risk: (5/5)  
Release Date: 06.01.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.08.03

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[06.01.2025\] Public security advisory released.

**PoC**

abb\_aspect\_sqli2.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[06.01.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon Aspect 3.08.03 (CookieDB) SQL Injection

In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.

Source: TippaPatt via Shutterstock

The use of large language models (LLMs) for code generation surged in 2024, with a vast majority of developers using OpenAI's ChatGPT, GitHub Copilot, Google Gemini, or JetBrains AI Assistant to help them code.

However, the security of the generated code — and developers' trust in that code — continues to lag. In September, a group of academic researchers found more than 5% of the code generated by commercial models and nearly 22% of the code generated by open source models contained package names that do not exist. And in November, a study of the code generated by five different popular artificial intelligence (AI) models found that at least 48% of the generated code snippets contained vulnerabilities.

While code-generating AI tools are accelerating development, companies need to adapt secure coding practices to keep up, says Ryan Salva, senior director of product and lead for developer tools and productivity at Google.

"I am deeply convinced that, as we adopt these tools, we can't just keep doing things the exact same way, and we certainly can't trust that the models will always give us the right answer," he says. "It absolutely has to be paired with good, critical human judgment every step of the way."

One significant risk is hallucinations by code-generating AI systems, which — if accepted by the software developer — result in vulnerabilities and defects, with 60% of IT leaders describing the impact of AI-coding errors as very or extremely significant, according to the "State of Enterprise Open-Source AI" report published by developer-tools maker Anaconda.

Companies need to make sure that AI is augmenting developers' efforts, not supplanting them, says Peter Wang, chief AI and innovation officer and co-founder at Anaconda.

"Users of these code-generation AI tools have to be really careful in vetting code before implementation," he says. "Using these tools is one way malicious code can slip in, and the stakes are incredibly high."

**Developers Pursue Efficiency Gains**

Nearly three-quarters of developers (73%) working on open source projects use AI tools for coding and documentation, according to GitHub's 2024 Open Source Survey, while a second GitHub survey of 2,000 developers in the US, Brazil, Germany, and India found that 97% had used AI coding tools to some degree.

The result is a significant increase in code volume. About a quarter of code produced within Google is generated by AI systems, according to Google's Salva. Developers who use GitHub regularly and GitHub Copilot are more active as well, producing 12% to 15% more code, according the company's Octoverse 2024 report.

Overall, developers like the increased efficiency, with about half of developers (49%) finding that they save at least two hours a week due to their use of AI tools, according to the annual "State of Developer Ecosystem Report" published by software tools maker JetBrains.

In the push to get developer tools into the market, AI firms chose versatility over precision, but those will evolve over the coming year, says Vladislav Tankov, director of AI at JetBrains.

"Before the rise of LLMs, fine-tuned and specialized models dominated the market," he says. "LLMs introduced versatility, making anything you want just one prompt away, but often at the expense of precision. We foresee a new generation of specialized models that combine versatility with accuracy."

In October, JetBrains launched Mellum, an LLM specialized in code-generation tasks. The company trained the model in several phases, Tankov says, starting with a "general understanding and progressing to increasingly specialized coding tasks. This way, it retains a general understanding of the broader context, while excelling in its key function."

As part of its efforts, JetBrains has feedback mechanisms to reduce the likelihood of vulnerable code suggestions and extra filtering and analysis steps for AI-generated code, he says.

**Security Remains a Concern**

Overall, developers appear to increasingly trust the code generated by popular LLMs. While the majority of developers (59%) have security concerns with using AI-generated code, according to the JetBrains report, more than three-quarters (76%) believe that AI-powered coding tools produce more secure code than humans.

The AI tools can help accelerate development of secure code, as long as developers know how to use the tools safely, Anaconda's Wang says. He estimates that AI tools can as much as double developer productivity, while producing errors 10% to 30% of the time.

Senior developers should use code-generating AI tools as "a very talented intern, knocking out a lot of the rote grunt work before passing it on for refinement and confirmation," he says. "For junior developers, it can reduce the time required to research and learn from various tutorials. Where junior developers need to be careful is with using code-generation AI to pull from sources or draft code they don't understand."

Yet AI is also helping to fix the problem as well.

GitHub's Wales points to tools like the service's Copilot Autofix as a way that AI can augment the creation of secure code. Developers using Autofix tend to fix vulnerabilities in their code more than three times faster than those who do so manually, according to GitHub.

"We've seen improvements in remediation rates since making the tool available to open source developers for free, from nearly 50% to nearly 100% using Copilot Autofix," Wales says.

And the tools are getting better. For the past few years, AI providers have seen code-suggestion acceptance rates increase by about 5% per year, but they have largely plateaued at an unimpressive 35%, says Google's Salva.

"The reason for that is that these tools have largely been grounded in the context that's surrounding the cursor, and that's in the \[integrated development environment (IDE)\] alone, and so they basically just take context from a little bit before and a little bit after the cursor," he says. "By expanding the context beyond the IDE, that's what tends to get us the next significant step in improving the quality of the response."

**Discrete AIs for Developers' Pipelines**

AI assistants are already specializing, targeting different aspects of the development pipeline. While developers continue to use AI tools integrated into their development environments and standalone tools, such as ChatGPT and Google's Gemini, development teams will likely need specialists to effectively produce secure code.

"The good news is that the advent of AI is already reshaping how we think about and approach cybersecurity," says GitHub's Wales. "2025 will be the era of the AI engineer, and we'll see the composition of security teams start to alter."

As attackers become more familiar with code-generation tools, attacks that attempt to leverage the tools may become more prevalent as well, says JetBrains' Tankov.

"Security will become even more pressing as agents generate larger volumes of code, some potentially bypassing thorough human review," he says. "These agents will also require execution environments where they make decisions, introducing new attack vectors — targeting the coding agents themselves rather than developers."

As AI code-generation becomes the de facto standard in 2025, developers will need to be more cognizant of how they can check for vulnerable code and ensure their AI tools are prioritizing security.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Will AI Code Generators Overcome Their Insecurities This Year?

AI is now essential for businesses, driving efficiency, innovation, and growth. Leverage its power for better decisions, customer…

AI is now essential for businesses, driving efficiency, innovation, and growth. Leverage its power for better decisions, customer personalization, and competitive advantage in 2025.

It’s 2025 and Artificial Intelligence (AI) has transitioned from an emerging technology to a fundamental driver of business success. Today, integrating AI is more than just implementing new software; it’s about reshaping business models, improving operational efficiency, and fostering innovation.

In fact, according to a Forbes report, 72% of businesses have adopted AI for at least one business function, with nearly three out of four businesses leveraging AI to improve their operations. This marks a sharp increase from 2023 when less than a third of businesses reported using AI for two or more functions. 

To capitalize on the growing adoption of AI, businesses must prioritize developing a clear AI development strategy that positions them for long-term success. Here are several reasons why your business should adopt AI in 2025. Here are several reasons why your business should adopt AI now: 

****1\. Enhancing Operational Efficiency** **

The growth of AI technologies has been nothing short of remarkable. Machine learning algorithms now allow businesses to predict market trends with higher accuracy, enabling smarter decision-making. Similarly, AI-driven Natural Language Processing (NLP) makes it easier for businesses to interact with customers in more natural, intuitive ways, while computer vision opens doors for automation in industries like manufacturing, healthcare, and transportation. Businesses that embrace AI can improve productivity, reduce costs, and streamline operations. 

****2\. Growing Accessibility for Businesses of All Sizes** **

Once considered a tool for large corporations with hefty budgets, AI is now more accessible than ever. Cloud-based platforms from tech giants like Google, Amazon, and Microsoft offer scalable AI services that suit businesses of all sizes. This democratization of AI has made it possible for companies to adopt AI tools without the need for extensive technical expertise. Even small businesses can apply AI to boost their capabilities, thanks to pre-built models and open-source frameworks that lower costs and shorten implementation times. 

****3\. Staying Ahead of Competitors**  **

Companies that incorporate AI into their strategies are seeing a clear competitive advantage. Industry leaders are using it to develop new products, enhance customer experience, and optimize operations. AI has already made a significant impact across multiple sectors. In healthcare, AI-driven diagnostics, predictive health models, and personalized medicine are transforming patient care.

In transportation, autonomous vehicles and intelligent traffic management systems are changing the way goods and people move. Similarly, AI in finance is being used for fraud detection, personalized financial advice, and automated trading systems, while manufacturing companies are using predictive maintenance to avoid costly downtimes.   

As AI continues to evolve, businesses that hesitate to adopt these technologies risk falling behind. Competitors who adopt AI early will be able to meet customer expectations for faster, more personalized service, while those who delay will struggle to keep up, which leads us to our next point.   

****4\. Meeting Customer Expectations with Personalization** **

In today’s digital world, customers expect businesses to offer tailored, real-time experiences. AI makes it possible to analyze vast amounts of customer data and use that information to provide personalized recommendations, dynamic pricing, and targeted marketing campaigns. AI-driven chatbots and virtual assistants can enhance customer support by providing immediate, intelligent responses. With more personalized interactions, businesses can increase customer satisfaction, loyalty, and ultimately, revenue. 

****5\. Expanding Business Opportunities and Offerings** **

Integrating AI allows businesses to improve current processes while opening up new avenues for growth. AI can help businesses create innovative products and services that weren’t possible before. Whether it’s developing intelligent software for business analytics or enhancing existing services with AI capabilities, the possibilities are vast. For example, AI in healthcare is enabling the development of advanced diagnostic tools, while in transportation, smart innovations like self-driving cars are revolutionizing mobility. Adopting these technological advancements enables businesses to enter new markets and explore untapped revenue streams. 

****6\. Improving Decision-Making with Data-Driven Insights** **

AI excels at processing large volumes of data and extracting meaningful insights that humans may miss. This ability to turn data into actionable insights allows businesses to make more informed, timely decisions. With AI, businesses can identify trends, predict customer behavior, and assess risk with a level of precision that would be impossible with traditional methods. These insights can drive smarter strategies in marketing, operations, and finance, helping businesses stay agile and competitive in an ever-changing market. 

****Making The First Step****

Successfully integrating AI into your business starts with assessing your current capabilities. Review your technological infrastructure to ensure it can handle AI workloads, from computational power to cloud-based solutions. Data is at the core of AI, so it’s essential to assess your data quality and governance policies. Additionally, your workforce needs to be ready for this transformation. Ensure that your employees have the skills necessary for AI adoption and foster a culture of continuous learning and innovation.  

Before implementing new technologies, it’s important to evaluate potential AI applications based on their feasibility, expected return on investment (ROI), and alignment with your strategic priorities. Focus on projects that offer quick wins and measurable benefits. Some key areas where AI can make an immediate impact in 2025 include:  

*   **AI-Powered Data Analytics:** Deploy AI tools to process and analyze large datasets in real-time, providing actionable insights for strategic decision-making. This can enhance market intelligence, product development, and customer targeting.

*   **Cybersecurity Enhancements:** As cyber threats grow more sophisticated, AI-driven security systems can proactively detect and respond to vulnerabilities faster than traditional methods, safeguarding your business assets and maintaining customer trust.  

*   **Remote Work Optimization:** With the rise of remote and hybrid work models, AI can improve virtual collaboration, automate workflow management, and enhance employee productivity through intelligent virtual assistants and performance analytics.  

*   **Market Trend Forecasting:** Implement AI solutions that analyze market trends and consumer behavior to anticipate shifts and identify new opportunities. This foresight can help inform strategic pivots and investment decisions, keeping your business ahead of the competition.  

Positioning your business for success tomorrow starts with preparing for AI adoption today. As the AI infrastructure evolves, those who act early will set the standard in their industries. The future of business lies in AI, and now is the time to make it a cornerstone of your business.     

1.  **Enhance customer experiences with Generative AI**
2.  **Cyber Resiliency in the AI Era: Building the Unbreakable Shield**
3.  **AI Trends A Software Development Company to Follow in 2025**
4.  **A New Dawn for Storytelling: The Intersection of AI and Cinema**
5.  **Need for Specialized AI Models to Transform Industry Challenges**

6 Reasons Why You Should Integrate AI in Your Business in 2025 

A list of topics we covered in the weeks of December 16 to January 5 of 2025

January 3, 2025 - Invitations to try a beta lead to a fake game website where victims will get an information stealer instead of the promised game

December 31, 2024 - From "spying" air fryers to 3 million rogue toothbrushes, here are the strangest stories about internet-connected home goods in 2024.

December 31, 2024 - An overview of what the year 2024 had to offer in the realm of data breaches: Big ones, sensitive data and some duds

December 30, 2024 - This week on the Lock and Code podcast, we speak with Anna Brading and Mark Stockley about whether anywhere is safe from AI slop.

December 27, 2024 - An overview of incidents and news surrounding Artificial Intelligence in 2024.

 Some weeks in security (December 16 &#8211; January 5) 

Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.

Source: artpartner-images.com via Alamy Stock Photo

A remarkable number of BeyondTrust instances remain connected to the Internet, despite dire warnings Chinese state-sponsored threat actors are actively exploiting a critical vulnerability in unpatched systems.

The BeyondTrust bug, tracked under CVE-2024-12356, has an assigned CVSS score of 9.8 and affects Privileged Remote Access (PRA) and Remote Support (RS). It was first reported by BeyondTrust on Dec. 16, 2024. Three days later, the vulnerability was added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities list. By the end of the month, a Chinese state-sponsored hacker group had used the flaw to break into the US Department of the Treasury and steal data.

New analysis from Censys has found that despite highly publicized evidence of a widespread advanced persistent threat (APT) campaign against unpatched systems, there are 8,602 instances of BeyondTrust PRA and RS still connected to the Internet, 72% of which are in the US. But Censys added a big caveat to the research — there is no way for them to know whether the exposed instances have been patched or not.

It is unknown what portion of these open instances remain unpatched. BeyondTrust says all self-hosted instances have been force updated, however the company did not confirm when asked if that meant these open instances were indeed patched. A sizable portion, if not all, of these systems are self-hosted BeyondTrust deployments that have been left open to the Internet, and also potentially vulnerable, experts say.

Censys has not responded to a request for clarification.

**Self-Hosted BeyondTrust Deployments Likely Behind the Lag**

"If this data is correct, it reflects the age-old tradeoff in software service operating philosophies and licensing models," Bugcrowd CISO Trey Ford says. "Hosted services will have scale economies supporting both detection/response efforts, as well as centralized patching and hardening."

Ford adds organizations can see a cost savings on licensing with self-hosted software-as-a-service (SaaS) models, but what they miss out on in turn is critical threat intelligence and remediation help.

"Customers own patching, hardening, and building monitoring capabilities — you're effectively operating on an island by yourself," Ford explains. "Service providers charge a slight premium to provide the patching, hardening, and monitoring — at scale — where the rising tide of operational efficiency protects all customers."

BeyondTrust cloud customers were automatically patched Dec. 16, 2024, as soon as the vulnerability was reported.

"Customers using centralized services will see prioritized, and nearly immediate, patch deployment during incident response cycles," Ford says. "The systems observed online by the Censys report with lagging patch deployment is the delay in patch discovery, testing, and patch deployment."

Self-hosted deployments that can't be patched, for whatever reason, can still protect vulnerable BeyondTrust remote tools, according to John Bambenek, cybersecurity expert and president, Bambenek Consulting.

"In situations like this, even if patching cannot be done, organizations can still limit inbound connectivity to these systems to trusted IP addresses only," he says. "Organizations know who is remotely supporting them, \[so\] they can easily lock down those IP addresses."

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Thousands of Buggy BeyondTrust Systems Remain Exposed

Businesses are perpetually under pressure to innovate in a fast-paced digital era. But legacy applications, written with outdated…

Businesses are perpetually under pressure to innovate in a **fast-paced digital era**. But legacy applications, written with outdated technologies, slow down progress and efficiency. However, legacy app migration provides a strategic solution to overcome this challenge and help organizations modernize their systems and gain scalability, security as well as performance.

We explore the concept of legacy app migration, its vital signs in the modern technological world, and how companies are using migration strategies to unlock new growth and innovation possibilities.

****What is Legacy App Migration?****

Legion migrates legacy apps by moving older software from old frameworks, platforms, or infrastructures to new ones. It is also a process for **migrating to the cloud platform**, changing underlying technologies, or reengineering the applications to current business requirements.

Migration is a bigger deal than just being a technical exercise; it’s a key step in bringing IT systems in line with business goals. With legacy app modernization, businesses eliminate inefficiencies and cost reduction, while increasing the capacity to respond to market dynamics.

****Legacy App Migration: Why You Need It****

Though legacy applications are usually reliable, they can become liabilities. Inevitably, however, they are based on obsolete technology that does not play well with modern systems or tools. These applications may also find themselves unable to support today’s digital ecosystem such as high volumes of traffic requiring enhanced security or real-time data processing.

The high maintenance cost of legacy systems is one of the biggest hurdles for legacy systems. But as the technologies become obsolete, the finding of skilled professionals who are willing and able to maintain, and upgrade these systems becomes more difficult. Secondly, organizations are more exposed to potential risks because of legacy systems which are more vulnerable to security breaches.

Legacy app migration manages these challenges by taking legacy systems and turning them into modern, energy-efficient applications. Moreover, it ensures business continuity and increases organizations’ ability to innovate and compete.

****Legacy App Migration: Transforming Outdated Systems****

Businesses are perpetually under pressure to innovate in a fast-paced digital era. But legacy applications, written with outdated technologies, slow down progress and efficiency. However, legacy app migration provides a strategic solution to overcome this challenge and help organizations modernize their systems and gain scalability, security as well as performance.

We explore the concept of legacy app migration, its vital signs in the modern technological world, and how companies are using migration strategies to unlock new growth and innovation possibilities.

****Moving the Legacy App****

Though legacy applications are usually reliable, they can become liabilities. Inevitably, however, they are based on obsolete technology that does not play well with modern systems or tools. These applications may also find themselves unable to support today’s digital ecosystem such as high volumes of traffic requiring enhanced security or real-time data processing.

The high maintenance cost of legacy systems is one of the biggest hurdles for legacy systems. But as the technologies become obsolete, the finding of skilled professionals who are willing and able to maintain, and upgrade these systems becomes more difficult. Secondly, organizations are more exposed to potential risks because of legacy systems which are more **vulnerable to security breaches**.

Legacy app migration manages these challenges by taking legacy systems and turning them into modern, energy-efficient applications. Moreover, it ensures business continuity and increases organizations’ ability to innovate and compete. Cloud environments allow organizations to scale resources up or down based on demand, reducing operational costs and enhancing performance.

****Choose the Right Partner for Legacy App Migration****

Residing in the realm of legacy app migration is complicated stuff, and wisdom and proper planning are needed. A successful transition requires choosing the right partner.

A reliable migration partner starts by understanding the organization’s specific problem and objective. What they will do is run a thorough analysis of the system that is currently there and come up with a tailor-made migration strategy that will work in favor of the organization.

There are certain things that are critical: experience and a proven track record. Legacy app migration companies like ModLogix provide end-to-end services that ease the whole process and achieve top results. ModLogix brings a deep expertise in modern technology and industry-based approaches, making seamless changes in line with the business objective.

****Board of Legacy App Migration****

Legacy applications benefit from migrating to not only the latest apps but also to the best apps available today. Modern systems are much more reliable, secure, and adaptable allowing organizations to achieve their strategic goals.

One of the first and biggest advantages is operational efficiency. Applications are being modernized to be fast and scalable reducing downtime and boosting productivity. Another key superior is security. Installing a modern framework would protect business-sensitive data and comply with the regulatory requirements by replacing outdated technologies.

Legacy app migration not only makes your old apps work in a new environment, but it also allows for innovation. Modernized systems work in concert with the most advanced tools like artificial intelligence and data analytics to enable organizations to make data-driven decisions and explore new opportunities.

****Legacy App Migration: Future Trends****

Legacy app migration is growing more sophisticated as technology moves along. How organizations approach modernization is changing due to emerging trends.

Migration efforts are manifesting through artificial intelligence and machine learning. These technologies can automate complex processes, analyze legacy systems, and recommend the best migration strategy which slashes down the costs as well as spike the accuracy.

The other big trend is cloud-native development. Building scalable and resilient apps is on every organization’s microservices, containers, and serverless computing. These approaches are in line with a dynamic market and create flexibility for long-term adaptation.

Edge computing also has an impact on **legacy app migration** strategies. Edge computing processes data nearer to the source and improves the performance of modernized applications, especially in real-time scenarios.

****Conclusion****

Legacy app migration is a necessary process when updating older systems in preparation for the future. Businesses thus leveraging the ability to transform legacy applications into high-performing, secure, and adaptable solutions will open up new avenues for growth and innovation.

Trusted partners such as ModLogix simplify the migration process making the transition easy and successful outcomes. With legacy apps being the mainstay of business, it is time to take a migration of those legacy apps seriously in an era where agility and scalability are more important than ever.

1.  **Cross Tenant Microsoft 365 Migration**
2.  **Types of SaaS Applications: Categories and Examples**
3.  **Building Your First Web Application with Yii Framework**
4.  **How To Make Drupal Migration Successful: 6 Useful Tips** 
5.  **Using Power of Cloud App Dev & DevOps for Modern Businesses**

Legacy App Migration: Transforming Outdated Systems

Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.

Source: KB Photodesign via Shutterstock

NEWS BRIEF

The US Department of Treasury has sanctioned China-based cybersecurity company Integrity Technology Group Inc. for its role in computer-intrusion incidents against US victims attributed to Chinese state-sponsored Flax Typhoon. The malicious actor has been active since at least 2021 and has targeted organizations in US critical infrastructure sectors.

In tandem, the Treasury Department earlier this week alerted lawmakers of a breach in its own systems through third-party cybersecurity vendor BeyondTrust, allowing Chinese state-backed threat actors to steal data from workstations.

And previously, Salt Typhoon, another Chinese APT, targeted T-Mobile USA in its widescale cyber-espionage operation, aiming to steal sensitive information from a variety of telecommunications companies.

"The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions," Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith, said in a statement. "The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses."

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Tag

#intel