CISA Flags Critical Flaws in Mitel and Oracle Systems

CISA says Oracle and Mitel have critical security flaws being exploited
Mitel’s MiCollab is a popular unified communications platform, and as such - a major target for cybercriminals. In early December this year, the company patched a three-month-old zero-day vulnerability that allowed crooks to read sensitive files.
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
CVEs added to CISA's catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least five years.
Critical Mitel, Oracle flaws find active exploitation, CISA urges patching
CISA added the flaws to its known vulnerability catalog, recommending swift patching pursuant to Binding Operational Directive (BOD) 22-01.
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
CISA lists critical flaws in Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic (CVE-2020-2883).
CISA warns of critical Oracle, Mitel flaws exploited in attacks
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks.
CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks
CISA says two recently disclosed path traversal vulnerabilities in the Mitel MiCollab collaboration platform have been exploited in attacks.
SecurityWeek3d
CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust Incident
CISA says no federal agencies other than Treasury were impacted by the recent compromise of a BeyondTrust cloud-based service ...
US security agency warns of attacks on MiCollab and WebLogic Server
If attacks on Oracle WebLogic Server are successful, attackers can compromise systems. What this could look like in detail is ...
Bleeping Computer23d
CISA orders federal agencies to secure Microsoft 365 tenants
CISA has issued this year's first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments. While CISA has only finalized the required ...
Forbes1mon
271 New Critical Security Warnings—From Android To Zyxel
Here’s what you need to know. Providing a helpful summary of the security vulnerabilities that have dropped covering a single weekly period, the CISA vulnerability bulletin is both a quick ...
Nextgov24d
CISA orders federal agencies to secure their cloud environments
Cloud CISA Cyber Defense The Cybersecurity and Infrastructure Security Agency invoked a binding directive Tuesday that requires federal agencies to retune their cloud security posture to a set of ...