Service Updates

20/12/2021
Further Update on Log4Shell Vulnerability (CVE-2021-44228)

Following on from the Log4j advisories sent 13/12 and 15/12, Apache has released version 2.17.0 of Log4j after discovering issues with their previous release, 2.16.   Summary:   Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from… More »

Service Updates
16/12/2021
noPac Vulnerability (CVE-2021-42287 and CVE-2021-42278 ) 

Summary Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass… More »

Service Updates
15/12/2021
Update on Log4Shell Vulnerability (CVE-2021-44228) 

As posted previously there have been a number of vulnerabilities to Log4j services based on an update to CVE-2021-44228 – Vulnerability, has now had major developments regarding the Log4j vulnerability since our last advisory. This update… More »

Service Updates
03/12/2021
Zoho managengine ServiceDesk Plus Vulnerability – CVE-2021-44077

Summary This is an authentication bypass vulnerability in some specific application URLs that allows an attacker to gain access to an organisation’s data on the ServiceDesk Plus application. By manipulating one of these URLs from… More »

Service Updates
24/11/2021
Windows Installer Elevation of Privilege Vulnerability (CVE-2021-41379) 

Summary  On 22/11, security researcher Abdelhamid Naceri publicly disclosed a new zero-day vulnerability for “Windows Installer Elevation of Privilege”, which Microsoft had attempted to patch in November 2021, under CVE-2021-41379. The patch released by Microsoft… More »

Service Updates
24/11/2021
Microsoft Vulnerability - Remote Code Execution (CVE-2021-42321) 

update from our previous post – Microsoft vulnerability - Remote Code Execution (CVE-2021-40444) Summary  On 21/11, two weeks after the patch for CVE-2021-42321 was released in MS Patch Tuesday, open-source reporting disclosed that a proof-of-concept exploit… More »

Service Updates
12/11/2021
Reported Vulnerabilities – SNMP Port 161

Through emPSN’s registrations with various security partners we receive information around the IP addresses on the emPSN network, including potential vulnerabilities. Third Party vulnerability data is taken from public reference sources, supplied on an as… More »

Service Updates
12/11/2021
Reported Vulnerabilities – HTTPS Port 443

Through emPSN’s registrations with various security partners we receive information around the IP addresses on the emPSN network, including potential vulnerabilities. Third Party vulnerability data is taken from public reference sources, supplied on an as… More »

Service Updates
01/11/2021
SSH Service – Vulnerability Alert

Our Security Partner, Jisc has seen a rise in compromised hosts and networks via globally exposed SSH services. In particular, a trend has been spotted with attacks on Linux servers by leveraging misconfigured SSH, which… More »

Service Updates

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners