We’re aware of a global issue affecting Microsoft SharePoint services, which could allow a remote unauthenticated attacker to access your server. Systems impacted: Microsoft SharePoint Enterprise Server 2016 - 16.0.0 to 16.0.5535.1001 Microsoft SharePoint Server 2019...
We’re aware of the AirSnitch vulnerabilities present in wireless networking equipment from multiple vendors, including RUCKUS. To exploit the vulnerability, an attacker needs a connection to the wireless network they’re targeting. This would require the attacker to be...
The National Cyber Security Centre (NCSC) is advising organisations to be increasingly vigilant, following an increase in denial of service (DoS) and brute forcing activities in relation to the situation in Iran. Denial of service is an attempt to make an online...
We're aware that Lumma Stealer malware has affected some New Zealanders’ online accounts, as reported by the NCSC. We are monitoring the situation and will contact you directly if we see anything suspicious. Find out more and their recommendations via the NCSC alert -...
We’re aware of a vulnerability impacting Windows users. CVE-2024-4577 is a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows. Successful exploitation enables unauthenticated attackers to execute arbitrary code and can lead to complete...
We’re aware of a Cleartext Storage of Sensitive Information vulnerability impacting FortiClient, a remote access solution used by some schools. The vulnerability impacts users on Windows and Linux devices that have updated FortiClient to version 7 (full list of...
We’re aware of a phishing scam circulating via email in some schools. You can see an example of what this email looks like below. The phishing email is crafted to appear legitimate, being sent from legitimate email addresses of schools and other New Zealand...
We’re aware of an authentication bypass vulnerability affecting ForitOS and FortiProxy. Attackers are exploiting this vulnerability by sending a specially crafted request to the administrative interface of firewalls. All N4L-managed firewall administrative interfaces...
We’re aware of a critical vulnerability in Apache Struts 2, which is an open-source model-view-controller (MVC) framework for creating Java web applications. This is an 'Unrestricted Upload of File with Dangerous Type' vulnerability (CVSSv4 score of 9.5) that exists...
N4L is aware that Windows 10, Windows 11 and Windows servers are currently being impacted by a critical vulnerability. This vulnerability affects IPv6 and devices which have IPv6 enabled on them.The vulnerability could allow an unauthenticated malicious actor to send...