Fortinet have released details surrounding a recently disclosed vulnerability affecting various FortiManager products. This has been given a “Critical” severity rating of 9.8/10.0 on the CVSSv3 scale, under CVE-2024-47575. To...
Mitel has issued a critical vulnerability affecting their MiCollab and “MiVB SVI” products. Mitel Product Security Advisory CVE ID Security Impact Rating CVSS Base Score Mitel Product...
July 24, Mitel Product Security Advisory 24-0021
Mitel has become aware of two vulnerabilities affecting their MiCollab product. Both vulnerabilities have been given a ‘Critical’ severity rating. Mitel Product Security Advisory CVE ID Security Impact...
May 24, MiCollab vulnerabilities
Cisco have recently released details of three vulnerabilities, two of which have been identified in active use within an ongoing exploitation campaign dubbed ArcaneDoor. The three vulnerabilities vary in severity;...
April 24, Attacks Against Cisco Firewall Platforms
Summary Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file...
CVE-2024-3094 – XZ malicious code injection
Summary “An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform...
CVE-2023-50164-Struts – File Upload Remote Code Execution
Daisy will be implementing a number of Change Freezes to ensure stability across Daisy networks and infrastructure.
Change Freeze Notification 2024-2025
ServiceNow – Potential Public List Widget Misconfiguration Daisy would like to reassure our customers and partners that we have carried out a thorough assessment as per ServiceNow’s guidance and...
ServiceNow – Potential Public List Widget Misconfiguration
The TTB Call Recording products became End of Life on the 30 June 2023 and will have the access for stored call recordings turned off on 26 November 2023. Any...
Opal/TTB Call Recording Storage – End of Life Notification
Multiple memory corruption vulnerabilities in VMware vCenter Server were privately reported to VMware. The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the...
VMSA-2023-0014 – vCenter Server multiple memory corruption vulnerabilities
The disclosed vulnerability has a critical CVSS score of 9.2 which affects FortiOS and FortiProxy components of Fortinet devices that are configured to use SSL. Fortinet recommends that the affected...
Fortinet – FortiOS & FortiProxy – SSLVPN vulnerability – CVE-2023-27997
Daisy is not directly impacted by the recently disclosed MOVEit incident which is currently prevalent in the news. Furthermore, Daisy has no known affected dependents, including Zellis. The mass exploitation...
MOVEit Transfer Critical Vulnerability – CVE-2023-34362
PaperCut MF and PaperCut NG applications are affected by two recently disclosed vulnerabilities. The most serious of these (CVE-2023–27351) is rated as “Critical” severity with a CVSS score of 9.8/10....
PaperCut MF/NG vulnerability CVE-2023–27350/CVE-2023–27351
National test of the UK Emergency Alerts Service On Sunday 23 April 2023, at 3pm, there will be a national test of the UK Emergency Alerts service. This is in...
Mobile – National test of the UK Emergency Alerts Service
Microsoft have recently addressed a critical security vulnerability in Microsoft Outlook for Windows which has been exploited in targeted attacks. As this vulnerability is easy to exploit it is expected...
Microsoft Outlook Vulnerability CVE-2023-23397
Daisy will be implementing a number of Change Freezes to ensure stability across Daisy networks and infrastructure.
Change Freeze Notification 2023-2024
As part of our drive to increase overall availability, Daisy will endeavour to align Major Changes that are expected to cause service impact to pre-scheduled Maintenance Weekends. During the Maintenance...
Change Maintenance Weekends 2023
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys...
OpenSSL Critical Vulnerability – CVE-2022-2274
Response to CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server Daisy are responding to two zero-day vulnerabilities in on-premise Microsoft Exchange Servers. Exchange online is not affected. Microsoft...
Microsoft Exchange RCE CVE-2022-41040 and CVE-2022-41082
Daisy’s statement on the possibility of power outages due to the Government implementing emergency measures. Daisy’s data centres are designed, operated and have strong business continuity management in place, to...