News

Traficante que escapou de atentado é preso com armas e blindados – Interior

Após nove anos de caçada, Mai Suárez foi detido com arsenal e veículos de luxo no Paraguai Arsenal de armas e munições encontrados com narcotraficante. (Foto: Reprodução/Última Hora) Apontado como um dos principais narcotraficantes da fronteira com Mato Grosso do Sul, Eugenio Suárez Valiente, o “Mai Suárez”, foi preso nesta sexta-feira (25) em Capitán Bado,...

Home

Homem é expulso de evento de Lula com empurrões

Um homem foi expulso de um evento em Osasco/SP onde o presidente Luiz Inácio Lula da Silva (PT) discursava nesta sexta-feira (25). Em dado momento, Lula dizia que as pessoas pobres votam em prefeitos ricos porque acreditam que, por já terem dinheiro, eles não irão roubá-las. Contudo, afirmou que esses políticos “só são ricos porque...

Technology

GMKtec NucBox G10 mini PC review

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test. GMKtec NucBox G10: 30-second review I’m beginning to conclude that Intel’s leaving the NUC market was probably the best thing that could have happened...

Technology

Mitel warns critical security flaw could let hackers completely bypass logins

americalatinanews.com17 hours ago04 mins

A bug in MiVoice MX-ONE granted admin access
A vulnerability in MiCollab allows arbitrary command execution
Patches were released for both, so users should update now

Mitel Networks has patched two important vulnerabilities in its products that could be abused to gain admin access and deploy malicious code on compromised endpoints.

In a security advisory, Mitel said it discovered a critical-severity authentication bypass flaw in MiVoice MX-ONE, its enterprise-grade Unified Communications & Collaboration (UCC) platform. MX-ONE is designed to scale from hundreds to over 100,000 users in a single distributed or centralized SIP-based system, and supports both on‑premises and private/public cloud deployments.

An improper access control weakness was discovered in the Provisioning Manager component, which could allow threat actors to gain admin access without victim interaction.

Patches released

At press time, the bug has not yet been assigned a CVE, but it was given a 9.4/10 (critical) severity score.

It affects versions 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14), and was addressed in versions 7.8 (MXO-15711_78SP0) and 7.8 SP1 (MXO-15711_78SP1).

“Do not expose the MX-ONE services directly to the public internet. Ensure that the MX-ONE system is deployed within a trusted network. The risk may be mitigated by restricting access to the Provisioning Manager service,” Mitel said in the advisory.

The second flaw it fixed is a high-severity SQL injection vulnerability found in MiCollab, the company’s collaboration platform. It is tracked as CVE-2025-52914, and allows threat actors to execute arbitrary SQL database commands.

The good news is that there is still no evidence that these two flaws have been abused in the wild, so it’s safe to assume no threat actors found it yet.

However, many cybercriminals simply wait for the news of a vulnerability to break, betting that many organizations fail to patch their systems on time.

While this somewhat reduces the number of potential victims, it makes compromising the remaining ones a lot easier, and that number is often still high enough to give the threat actors incentive.

Via BleepingComputer

Source link

Leave a Reply Cancel reply

Related News