CISA Flags Critical Flaws in Mitel and Oracle Systems

CISA says Oracle and Mitel have critical security flaws being exploited
Mitel’s MiCollab is a popular unified communications platform, and as such - a major target for cybercriminals. In early December this year, the company patched a three-month-old zero-day vulnerability that allowed crooks to read sensitive files.
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
CISA lists critical flaws in Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic (CVE-2020-2883).
Critical Mitel, Oracle flaws find active exploitation, CISA urges patching
CISA added the flaws to its known vulnerability catalog, recommending swift patching pursuant to Binding Operational Directive (BOD) 22-01.
CISA warns of critical Oracle, Mitel flaws exploited in attacks
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks.
CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks
CISA says two recently disclosed path traversal vulnerabilities in the Mitel MiCollab collaboration platform have been exploited in attacks.
Mitel 0-day, 5-year-old Oracle RCE bugs under active exploit
CVEs added to CISA's catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least five years.
Executive Gov51m
CISA Chief Calls for Corporate Cyber Risk Ownership
Read about Jen Easterly's perspective on the need for company leaders to own cyber risk management and the step CISA has ...
CISA says ‘no indication’ other US government agencies affected in Treasury hack
The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that there is currently ‘no indication’ that any ...
CISA says ‘no indication’ of wider government hack beyond Treasury
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a brief statement Monday that there is “no ...
federalnewsnetwork.com6d
What will 2025 bring for CISA?
There's a lot swirling around CISA heading into the Trump administration. We breakdown the outlook for the cyber agency in ...
SecurityWeek2d
CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust Incident
CISA says no federal agencies other than Treasury were impacted by the recent compromise of a BeyondTrust cloud-based service ...
CISA says hack targeting Treasury Department did not impact other federal agencies
BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched.
aasa.org1d
CISA: Virtual Training on Assessing and Responding to Anonymous Threats of Violence in the K-12 Environment
Please join the Cybersecurity and Infrastructure Security Agency (CISA) School Safety Task Force for a virtual training on ...
What’s Next for Open Source Software Security in 2025?
Hidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure ...