The Cybersecurity and Infrastructure Security Agency (CISA) on Jan. 7 added three bugs to its Known Exploited Vulnerabilities (KEV) catalog, two that affected the Mitel MiCollab communications and collaboration platform, and an Oracle WebLogic Server bug from 2020. Of the two Mitel MiCollab bugs, the most serious of the two — CVE-2024-41713 — was assigned … Read more
Nov 26, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) on Nov. 7 warned that attackers are exploiting a Palo Alto Expedition missing authentication vulnerability that lets threat actors with network access takeover an Expedition admin account and access configuration secrets and credentials. Expedition is a Palo Alto migration tool that lets security teams convert firewall configurations from … Read more
Iran state-sponsored hackers collaborated with ransomware gangs to breach and extort U.S.-based organizations, a Cybersecurity and Infrastructure Safety Company (CISA) advisory revealed Wednesday. Pioneer Kitten, a menace actor related to the federal government of Iran (GOI), labored with associates of the NoEscape, Ransomhouse and the now-defunct ALPHV/BlackCat in change for a portion of proceeds gained … Read more
