We have been made aware that the website kidsartworks.com has been compromised, as a result we have blocked access to the site on our network. We have informed the site owners and once the malicious code has been removed we will restore access. We will continue to...
Ruckus Cloudpath urgent upgrade – 1 October
We apologise for the late notice. An incident occurred on Cloudpath yesterday and as we treat network performance as a top priority we’ve made the decision to conduct an urgent upgrade, together with the vendor, for the impacted schools. The upgrade will be carried...
School holiday network maintenance – Saturday 20 to Sunday 28 September
We’ll be conducting backend maintenance for our core infrastructure in our data centres between Saturday 20 September at 8am and Sunday 28 September at 5pm to help ensure everything runs smoothly for schools. While internet connectivity should not be affected,...
Update: Web Filtering not impacted by Encrypted Client Hello
Updated 6 June 2025, 2pm: We’ve disabled Encrypted Client Hello on our network. This means that N4L’s Web Filtering should work as expected for all websites accessed on school networks, allowing or blocking websites according to each school’s Web Filtering settings....
N4L is now managing the Education Service Desk
The Education Service Desk, who manage enquiries for a range of applications used by schools and the wider education sector (such as Education Sector Logon and e-asTTle), has transferred from the Ministry of Education to N4L. There’s no disruption or change to the...
Advisory: vulnerability affecting PHP on Windows (CVE-2024-4577)
We’re aware of a vulnerability impacting Windows users. CVE-2024-4577 is a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows. Successful exploitation enables unauthenticated attackers to execute arbitrary code and can lead to complete...
Phishing email scam circulating in some schools
We’re aware of a phishing scam circulating via email in some schools. You can see an example of what this email looks like below. The phishing email is crafted to appear legitimate, being sent from legitimate email addresses of schools and other New Zealand...
FortiClient Remote Access vulnerability
We’re aware of a Cleartext Storage of Sensitive Information vulnerability impacting FortiClient, a remote access solution used by some schools. The vulnerability impacts users on Windows and Linux devices that have updated FortiClient to version 7 (full list of...
Authentication bypass vulnerability impacting FortiOS and FortiProxy (CVE-2024-55591)
We’re aware of an authentication bypass vulnerability affecting ForitOS and FortiProxy. Attackers are exploiting this vulnerability by sending a specially crafted request to the administrative interface of firewalls. All N4L-managed firewall administrative interfaces...
Apache Struts critical vulnerability (CVE-2024-53677)
We’re aware of a critical vulnerability in Apache Struts 2, which is an open-source model-view-controller (MVC) framework for creating Java web applications. This is an 'Unrestricted Upload of File with Dangerous Type' vulnerability (CVSSv4 score of 9.5) that exists...