The year 2024 saw a surge in cyberattacks on US critical infrastructure, with attacks targeted at disrupting network devices and compromising SaaS systems. Some key attacks included the mass exploitation of Ivanti VPNs, a ransomware attack on UnitedHealth-owned Change Healthcare, and a series of attacks targeting Snowflake customers. The year also saw the targeting of network security devices and an increase in data theft and extortion threats. Nation-state threat actors, particularly from China, also increased their activities.
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities catalog. The