News

03/02/2022
Proof-of-concept exploit available for critical Samba vulnerability (CVE-2021-44142)

Summary: On February 1, 2022, proof-of-concept exploit code was published for a critical Samba remote code execution vulnerability (CVE-2021-44142). Samba is used for file and print services in Windows, macOS, and Linux operating systems. It… More »

News
26/01/2022
Exploit Code Available for PwnKit Vulnerability (CVE-2021-4034)

Summary: On January 25, 2022, Qualys disclosed a PwnKit privilege escalation vulnerability (CVE-2021-4034) that affects the pkexec program installed by default on all major Linux distributions. Pkexec is a component of Polkit (formerly PolicyKit), which… More »

News
14/01/2022
ESS Contact Update

As previously shared as part of ESS’s separation from Capita, ESS (Education Software Solutions) will be migrating all of their customers out of the Capita support tool and into the ESS support tool from 24… More »

News
13/01/2022
Critical HTTP and Microsoft Exchange Server vulnerabilities – Remote Code Execution

Summary: On January 11, 2022, Microsoft released patches for critical and important remote code execution (RCE) vulnerabilities that could be appealing to threat actors. There are no reports of active exploitation as of this publication,… More »

News
12/01/2022
Maintenance to NetSweeper Web Filtering

As part of ongoing performance improvements, we will be replacing some key equipment within the NetSweeper Web filtering infrastructure. In order to achieve this customers will see a period of outage while the change over… More »

Service Updates News
20/12/2021
Further Update on Log4Shell Vulnerability (CVE-2021-44228)

Following on from the Log4j advisories sent 13/12 and 15/12, Apache has released version 2.17.0 of Log4j after discovering issues with their previous release, 2.16.   Summary:   Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from… More »

News
16/12/2021
noPac Vulnerability (CVE-2021-42287 and CVE-2021-42278 ) 

Summary Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass… More »

News
15/12/2021
Update on Log4Shell Vulnerability (CVE-2021-44228) 

As posted previously there have been a number of vulnerabilities to Log4j services based on an update to CVE-2021-44228 – Vulnerability, has now had major developments regarding the Log4j vulnerability since our last advisory. This update… More »

News
13/12/2021
Log4Shell Vulnerability (CVE-2021-44228) 

Summary In the wake of the Log4Shell vulnerability - CVE-2021-44228, our support partner JISC have been monitoring network connectivity and looking for proactive ways to prevent exploitation.   It is imperative to take into consideration the entire infrastructure when responding… More »

News

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners