Copy

The Digital Download

Welcome to the Digital Download – it’s your source of ICT-specific information from the Ministry of Education.

N4L’s cyber security services - what this new superpower means for you
With cyber security incidents on the rise and security threats becoming more sophisticated, there’s a new superpower on your side - N4L’s cybersecurity services. The Ministry of Education has joined forces with N4L to help improve the cyber security of schools and kura. 
While both the Ministry and N4L are here to support you, it’s super important that you’re part of the team too. There are actions that you can take now to make sure that your school has appropriate security measures in place.

 
Learn more about what these services mean for you

Microsoft webinars for schools available


Microsoft will be hosting a series of live webinars focused on the core pillars of cybersecurity and how Microsoft 365 with A5 can raise the base security configuration and cyber resilience of our schools and kura.
Webinars will be recorded and made available via this newsletter.

Register for the first two webinars

Learn the Fundamentals of A5 Licensing 10.00am - 11.00am Thursday 14 April

Learn about the capabilities included in Microsoft's A5 licence for staff and students, as of the Ministry of Education's Schools' Agreement with Microsoft.
Register to join
Zero Trust & Microsoft  10.00am - 11.00am Tuesday 10 May

Understand why you can embark on a modern, future-focused cyber security journey leveraging your Microsoft 365 capabilities and the principles of 'zero trust'.
Register to join

Vulnerabilities in Java Spring Cloud and Spring Core

CERT NZ have issued an advisory about newly identified Java vulnerabilities in Spring Cloud and Spring Core that could lead to remote code execution (RCE).
Read the technical advisory here

What does this mean for me and my school?

Spring Cloud and Spring Core are Java components, similar to Log4j which you may remember from just before Christmas. Because they're part of Java, it might not be clear if the software you use in your school contains these components - it's one of the challenges of these supply chain attacks.

What should I do?

If you have Java-based software that's exposed to the internet, be ready to update and apply patches when they become available to you. If you're not sure about a specific piece of software, contact the supplier in the first instance. 

Is any school-specific software affected?

We're not currently aware of any school-specific software that's affected, but it's early days. If we are alerted to any well-known or widely used school-software that is affected, we'll update you here (and likely other places too depending how widely used it is). If you're aware of any software that's affected, you can share it on this thread, or reach out to the Cyber Security in Schools team at cyber.security@education.govt.nz

What is remote code execution?

Remote code execution is when an attacker can take control of a target device or system. In this instance it can be done by using a vulnerability in Java software.

Spread the news

If you know someone else who would be interested in this newsletter, use the share buttons below or send them our subscription link 
Subscribe
Share Share
Tweet Tweet
Forward Forward
Copyright © 2022 Cyber Security in Schools | Ministry of Education, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.