Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams.
The vulnerability, which has no CVE identifier at time of publish, is a “path traversal” vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to gain unauthorised access to provisioning information and perform unauthorised administrative actions on the MiCollab server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Newly-Discovered Vulnerabilities Could Allow for Bypass of Spectre Mitigations in Linux
March 29, 2021
Two new vulnerabilities have been patched in the Linux kernel which, if exploited, could bypass existing mitigations for the Spectre vulnerabilities. The vulnerabilities were discovered by Piotr Krysiuk, a researcher on Symantec’s Threat Hunter team, who reported them to the Linux kernel security team. If left unpatched, the vulnerabilities mean that existing Spectre protections will ...
- Critical netmask networking bug impacts thousands of applications
March 28, 2021
Popular npm library netmask has a critical networking vulnerability. Netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime. Further, about 278,000 GitHub repositories depend ...
- Apple releases emergency update for iPhones, iPads, and Apple Watch
March 27, 2021
Apple has released an emergency update to patch a serious vulnerability (https://support.apple.com/en-us/HT212258) found in iOS, iPadOS, and watchOS. The patches are iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, respectively. The vulnerability, discovered by Google’s Threat Analysis Group, affects Apple’s WebKit browser engine, and what makes this an urgent update is the fact that the Apple claims that ...
- The security dilemma of smart factories [Part 1] Specificity of the programming languages used to move industrial robots
March 26, 2021
Industrial robots are the core of the automation of manufacturing processes in smart factories, and are the most important components as they support the manufacture of all kinds of products such as automobiles, aircraft, processed foods, and pharmaceuticals. In addition, as equipment that realizes unmanned manufacturing in the post-COVID-19 world where minimal or no contact ...
- Microsoft Exchange servers now targeted by Black Kingdom ransomware
March 22, 2021
Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware. Based on the logs from his honeypots, Hutchins states that the threat actor ...
- Hacking group used 11 zero-days to attack Windows, iOS, Android users
March 20, 2021
Project Zero, Google’s zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020. This month’s report showcases the use of seven zero-days ...