InfoSecBulletin Cybersecurity for mankind
CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses.
Two vulnerabilities impact Mitel MiCollab, a widely used unified communications platform for businesses.
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
CVE-2024-41713 (CVSS 9.1): This vulnerability in critical path traversal lets attackers access MiCollab servers without authentication, risking sensitive information and possible administrative control.
CVE-2024-55550 (CVSS 4.4): This vulnerability requires admin privileges but lets attackers read local files on the MiCollab server. When combined with CVE-2024-41713, it increases the risk, allowing access to arbitrary files and system compromise.
Mitel urges users to upgrade to MiCollab 9.8 SP2 (9.8.2.12) or later to address vulnerabilities with released updates and patches.
The third vulnerability, CVE-2020-2883 (CVSS 9.8), affects Oracle WebLogic Server. This critical flaw enables unauthenticated attackers to take control of the server remotely, risking data breaches, service disruptions, and malware infections.
CISA has required all Federal Civilian Executive Branch agencies to fix this vulnerability by January 28, 2025, highlighting its urgency.
