CISA Flags Critical Flaws in Mitel and Oracle Systems

CISA says Oracle and Mitel have critical security flaws being exploited
Mitel’s MiCollab is a popular unified communications platform, and as such - a major target for cybercriminals. In early December this year, the company patched a three-month-old zero-day vulnerability that allowed crooks to read sensitive files.
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
CVEs added to CISA's catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least five years.
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
CISA lists critical flaws in Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic (CVE-2020-2883).
Critical Mitel, Oracle flaws find active exploitation, CISA urges patching
CISA added the flaws to its known vulnerability catalog, recommending swift patching pursuant to Binding Operational Directive (BOD) 22-01.
CISA warns of critical Oracle, Mitel flaws exploited in attacks
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks.
CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks
CISA says two recently disclosed path traversal vulnerabilities in the Mitel MiCollab collaboration platform have been exploited in attacks.
CISA says ‘no indication’ other US government agencies affected in Treasury hack
The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that there is currently ‘no indication’ that any ...
CISA says ‘no indication’ of wider government hack beyond Treasury
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a brief statement Monday that there is “no ...
federalnewsnetwork.com6d
What will 2025 bring for CISA?
There's a lot swirling around CISA heading into the Trump administration. We breakdown the outlook for the cyber agency in ...
SecurityWeek2d
CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust Incident
CISA says no federal agencies other than Treasury were impacted by the recent compromise of a BeyondTrust cloud-based service ...
aasa.org23h
CISA: Virtual Training on Assessing and Responding to Anonymous Threats of Violence in the K-12 Environment
Please join the Cybersecurity and Infrastructure Security Agency (CISA) School Safety Task Force for a virtual training on ...
JD Supra9m
AI versus MFA
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical ...
federalnewsnetwork.com2d
White House new cyber EO would give CISA more authorities
The White House is prepping a new cybersecurity executive order that would address cloud security, give CISA new authorities to do threat hunting and more.
devdiscourse2d
CISA Stands Firm Amid U.S. Treasury Breach
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported no evidence of a widespread federal impact ...