PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

December 6, 2024 at 01:07AM A zero-day file read vulnerability in Mitel MiCollab can be exploited with a previously patched bug, allowing unauthorized access to sensitive files. Despite reporting the issue to Mitel over 100 days ago, it remains unpatched. The vulnerability is particularly concerning given the platform’s widespread use. **Meeting Takeaways:** 1. **Vulnerability Overview**: … Read more

‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

October 2, 2024 at 06:59AM Infosec researchers advise patching Zimbra mail servers immediately due to the mass exploitation of a critical remote code execution vulnerability (CVE-2024-45519). Attackers have been adding bogus CC addresses to spoofed Gmail emails, potentially leading to unauthorized access and system compromise. The National Vulnerability Database’s backlog of vulnerabilities remains a concern, … Read more

Millions of Kia Cars Were Vulnerable to Remote Hacking: Researchers

September 27, 2024 at 07:03AM Security researcher Sam Curry discovered vulnerabilities in a Kia owners’ website that could have enabled attackers to remotely control millions of cars. The issues allowed for harvesting personal information and creating a second user account without the owner’s knowledge. Kia acknowledged the flaws in June 2024 and implemented a fix … Read more

Doomsday 9.9 RCE bug could hit every Linux system – and more

September 26, 2024 at 01:40PM Bug hunter Simone Margaritelli has disclosed a critical, 9.9-rated unauthenticated RCE affecting GNU/Linux systems, with a possible release of technical details and exploit on September 30. Security teams have time to prepare, but details about the flaw are limited. The severity has been confirmed by Canonical and RedHat, raising concerns … Read more

Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover

September 20, 2024 at 02:30PM A zero-click vulnerability in MediaTek Wi-Fi chipsets and driver bundles used in routers and smartphones, including those from Ubiquiti, Xiaomi, and Netgear, poses a critical risk, enabling remote code execution without user interaction. A public proof-of-concept exploit is available, so affected users should apply available MediaTek patches promptly. The vulnerability … Read more

8 Degrees of Secure Access Service Edge      

May 30, 2024 at 07:54AM The shift from traditional WAN to agile architectures like SASE demands a thorough migration plan to ensure successful implementation. Eight key steps include assembling a diverse team, defining objectives and requirements, future-proofing the deployment, selecting a provider, planning gradual deployment, building a business case, and conducting Proof of Concept before … Read more

Patch Now: Critical Fortinet RCE Bug Under Active Attack

March 26, 2024 at 11:15AM A recent proof-of-concept exploit has led to attacks on a critical vulnerability, prompting CISA to prioritize urgent patching. Based on the meeting notes, the urgent action required is to prioritize patching the identified vulnerability due to the exploitation and subsequent attacks. The CISA has flagged it as a critical issue … Read more

Critical Apache OFBiz Vulnerability in Attacker Crosshairs

December 29, 2023 at 06:12AM Shadowserver Foundation reports in-the-wild exploitation attempts targeting a critical vulnerability in Apache OFBiz ERP system, leading to attempted server-side request forgery and exposure to sensitive information. SonicWall uncovered a related incomplete patch vulnerability, CVE-2023-51467, prompting a release of version 18.12.11 to fix the issue. Organizational system patching is strongly recommended. … Read more