InfoSecBulletin Cybersecurity for mankind
CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses.
Two vulnerabilities impact Mitel MiCollab, a widely used unified communications platform for businesses.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
CVE-2024-41713 (CVSS 9.1): This vulnerability in critical path traversal lets attackers access MiCollab servers without authentication, risking sensitive information and possible administrative control.
CVE-2024-55550 (CVSS 4.4): This vulnerability requires admin privileges but lets attackers read local files on the MiCollab server. When combined with CVE-2024-41713, it increases the risk, allowing access to arbitrary files and system compromise.
Mitel urges users to upgrade to MiCollab 9.8 SP2 (9.8.2.12) or later to address vulnerabilities with released updates and patches.
The third vulnerability, CVE-2020-2883 (CVSS 9.8), affects Oracle WebLogic Server. This critical flaw enables unauthenticated attackers to take control of the server remotely, risking data breaches, service disruptions, and malware infections.
CISA has required all Federal Civilian Executive Branch agencies to fix this vulnerability by January 28, 2025, highlighting its urgency.
