December 6, 2024 at 06:38AM WatchTowr warned of an unpatched vulnerability in the Mitel MiCollab platform, allowing attackers to access restricted resources. Over 16,000 instances are affected, with an arbitrary file read flaw requiring admin authentication to exploit. Mitel has released patches for related vulnerabilities and recommends users update to the latest version. **Meeting Takeaways:** … Read more
December 5, 2024 at 04:31PM Two vulnerabilities in Mitel’s MiCollab platform expose enterprise data risks. CVE-2024-35286 and CVE-2024-41713 enable unauthorized access and file reading. Attackers can exploit these flaws, especially with public MiCollab devices, posing serious threats to organizational communication and data integrity. Mitel has patched some issues, but one remains unaddressed. ### Meeting Takeaways: … Read more
December 5, 2024 at 10:41AM A zero-day vulnerability in Mitel MiCollab allows unauthorized file access on servers. Discovered by watchTowr, it remains unpatched after 90 days. Users are urged to implement security measures and monitor for suspicious activity until a fix is available, as Mitel plans to address the issue in December 2024. **Meeting Takeaways:** … Read more
December 5, 2024 at 10:27AM Cybersecurity researchers revealed a proof-of-concept exploit for a critical vulnerability (CVE-2024-41713) in Mitel MiCollab, enabling unauthorized file access via a path traversal attack. The flaw has been patched in versions 9.8 SP2 and later. Additionally, several vulnerabilities were found in Lorex security cameras, allowing remote code execution. ### Meeting Takeaways … Read more
October 9, 2024 at 03:06PM Ivanti has alerted customers to three new vulnerabilities in its Cloud Services Appliance (CVA) that are currently being exploited, alongside a previously disclosed zero-day vulnerability. The company advises users to review administrative access and EDR alerts, and recommends migrating to CSA version 5.0 if compromised. ### Meeting Takeaways: 1. **New … Read more
September 20, 2024 at 11:37AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added the latest Ivanti weakness, a path traversal flaw, to its Known Exploited Vulnerability catalog. This came after a string of high-profile path traversal bugs affecting IT vendors. Ivanti has released a fix for the critical severity bug affecting its Cloud … Read more
September 20, 2024 at 01:33AM Ivanti disclosed active exploitation of a critical security flaw in Cloud Service Appliance (CSA), with remote unauthenticated attacker access. The vulnerability, CVE-2024-8963, carries a CVSS score of 9.4 and can be combined with CVE-2024-8190 for arbitrary command execution. CSA 4.6 Patch 519 and CSA 5.0 address the issue. CISA has … Read more
August 6, 2024 at 12:36AM A critical pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, with a CVSS score of 9.8. It allows unauthenticated access to critical endpoints, potentially leading to remote code execution. This follows a patch bypass for a previous vulnerability (CVE-2024-36104) and comes amid active exploitation … Read more
May 3, 2024 at 09:10AM CISA and the FBI issued a Secure by Design Alert about path traversal software vulnerabilities targeting critical infrastructure. These flaws enable unauthorized access to application files and directories, allowing threat actors to compromise systems. Urging organizations to eliminate these defects, the agencies emphasize a secure software development lifecycle and suggest … Read more
May 2, 2024 at 03:44PM CISA and the FBI warn software companies about path traversal vulnerabilities in recent alert due to security risks like file manipulation, data access, and system takedown. They urge implementing preventive measures, and they recall previous exploits in essential sectors. Similarly, the agencies previously addressed SQL injection vulnerabilities and emphasized the … Read more