23rd June, 2023 Multiple memory corruption vulnerabilities in VMware vCenter Server were privately reported to VMware. The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized...
The disclosed vulnerability has a critical CVSS score of 9.2 which affects FortiOS and FortiProxy components of Fortinet devices that are configured to use SSL. Fortinet recommends that the affected...
Fortinet – FortiOS & FortiProxy – SSLVPN vulnerability – CVE-2023-27997
Daisy is not directly impacted by the recently disclosed MOVEit incident which is currently prevalent in the news. Furthermore, Daisy has no known affected dependents, including Zellis. The mass exploitation...
MOVEit Transfer Critical Vulnerability – CVE-2023-34362
PaperCut MF and PaperCut NG applications are affected by two recently disclosed vulnerabilities. The most serious of these (CVE-2023–27351) is rated as “Critical” severity with a CVSS score of 9.8/10....
PaperCut MF/NG vulnerability CVE-2023–27350/CVE-2023–27351
National test of the UK Emergency Alerts Service On Sunday 23 April 2023, at 3pm, there will be a national test of the UK Emergency Alerts service. This is in...
Mobile – National test of the UK Emergency Alerts Service
Microsoft have recently addressed a critical security vulnerability in Microsoft Outlook for Windows which has been exploited in targeted attacks. As this vulnerability is easy to exploit it is expected...
Microsoft Outlook Vulnerability CVE-2023-23397
Daisy will be implementing a number of Change Freezes to ensure stability across Daisy networks and infrastructure.
Change Freeze Notification 2023-2024
As part of our drive to increase overall availability, Daisy will endeavour to align Major Changes that are expected to cause service impact to pre-scheduled Maintenance Weekends. During the Maintenance...
Change Maintenance Weekends 2023
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys...
OpenSSL Critical Vulnerability – CVE-2022-2274
Response to CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server Daisy are responding to two zero-day vulnerabilities in on-premise Microsoft Exchange Servers. Exchange online is not affected. Microsoft...
Microsoft Exchange RCE CVE-2022-41040 and CVE-2022-41082
Daisy’s statement on the possibility of power outages due to the Government implementing emergency measures. Daisy’s data centres are designed, operated and have strong business continuity management in place, to...
Power Outages Customer Statement
MBORC (Matters beyond our reasonable control) declaration for repair services. This MBORC declaration notification is issued as a special message to all Openreach customers. As a result of the impacts...
Openreach Declare MBORC Repair Services
Latest on pay review negotiations between BT / Openreach and the communication workers union (CWU) who represent BT and Openreach employees…
CWU industrial action and impact on Openreach – Update
Due to the current extreme weather conditions being experienced across the UK we have taken additional steps to carefully review and manage any potential impacts on infrastructure. This includes, but...
Extreme Weather Risk Notification
In early June Mitel released details of a vulnerability under security bulletin 22-0005-001. This has been assigned CVE-2022-31784, with a critical rating of 9.8 out of 10.0, Mitel state...
Mitel Vulnerability – CVE-2022-31784
Brief On May 30th, 2022 Microsoft released guidance relating to a Zero-Day vulnerability which affects the Microsoft Support Diagnostic Tool (msdt) in Windows which allows a form of Remote Code...
Follina – CVE-2022-30190
Please be advised the NCSC in conjunction with U.S., Australian, Canadian, and New Zealand cyber authorities have released a joint Cybersecurity Alert (CSA). This provides an overview of specific threat...
Current heightened cyber threat – April 2022
Atlassian has released security fixes for multiple vulnerabilities Atlassian Jira software, Confluence Data Center, and Bitbucket Data Center 1, Atlassian Jira Software Atlassian has released updates for Jira and Jira...
Atlassian – CVE-2022-0540, CVE-2016-10750, CVE-2022-26133
A report was made to VMWare recently, detailing an exploit in Spring MVC and Spring WebFlux application running on JDK 9+, dubbed “Spring4Shell”. These applications may be vulnerable to remote...
Spring4Shell – CVE-2022-22965
Microsoft have recently released some detail surrounding a critical vulnerability assigned CVE-2022-26809. This is an unauthenticated remote code execution affecting Remote Procedure Call (RPC) protocol, designated 9.8/10.0 on the Common...