Service Updates

19/04/2023
Critical and High Vulnerabilities in PaperCut – Actively Exploited

Summary: As identified by Jisc, one of our trusted support partners a pair of vulnerabilities have been identified in PaperCut MF/NG print solutions. ZDI-CAN-18987 allows an attacker to bypass authentication on a vulnerable PaperCut Application… More »

Service Updates
15/03/2023
Financial BEC through M365 AiTM Attack

Summary: Our Security Partner, Jisc is currently investigating multiple incidents of business email compromise (BEC) leading to financial fraud. These incidents are targeting both high-value and lower-level user accounts with particular focus on those linked… More »

Service Updates
03/11/2022
OpenSSL vulnerabilities (CVE-2022-3602, CVE-2022-3786) could cause denial of service – Action Recommended

Summary: In late October 2022, reports emerged of an impending OpenSSL update for a critical vulnerability. On November 1, OpenSSL version 3.0.7 was released to address two high-severity buffer overflow vulnerabilities (CVE-2022-3602 and CVE-2022-3786) impacting… More »

Service Updates
30/09/2022
Exploitation of Microsoft Exchange Server vulnerabilities (CVE-2022-41040, CVE-2022-41082)

Summary: On September 29, 2022, the Microsoft Security Response Center (MSRC) confirmed attacks exploiting two reported zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) in Microsoft Exchange Server. The issues affect on-premises Microsoft Exchange Server versions 2013, 2016,… More »

Service Updates
19/05/2022
Exploitation for VMware Vulnerabilities (CVE-2022-22972 and CVE-2022-22973)

Summary: On May 18, 2022, VMware disclosed two vulnerabilities (CVE-2022-22972 and CVE-2022-22973) in VMware Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. On the same day,… More »

Service Updates
31/03/2022
Spring4Shell Vulnerability

Summary: As identified by Jisc, one of our trusted support partners a 0-day Remote Code Execution (RCE) vulnerability in Spring Core, a popular Java framework for building Java applications, has been identified. The RCE vulnerability… More »

Service Updates
03/02/2022
Proof-of-concept exploit available for critical Samba vulnerability (CVE-2021-44142)

Summary: On February 1, 2022, proof-of-concept exploit code was published for a critical Samba remote code execution vulnerability (CVE-2021-44142). Samba is used for file and print services in Windows, macOS, and Linux operating systems. It… More »

Service Updates
26/01/2022
Exploit Code Available for PwnKit Vulnerability (CVE-2021-4034)

Summary: On January 25, 2022, Qualys disclosed a PwnKit privilege escalation vulnerability (CVE-2021-4034) that affects the pkexec program installed by default on all major Linux distributions. Pkexec is a component of Polkit (formerly PolicyKit), which… More »

Service Updates
13/01/2022
Critical HTTP and Microsoft Exchange Server vulnerabilities – Remote Code Execution

Summary: On January 11, 2022, Microsoft released patches for critical and important remote code execution (RCE) vulnerabilities that could be appealing to threat actors. There are no reports of active exploitation as of this publication,… More »

Service Updates

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners