Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

Guidelines for Enterprise VPN Security

As more organizations move towards telecommuting (work from home) in an attempt to curtail the spread of COVID-19, the U.S. Cyber and Infrastructure Security Agency (CISA) has issued guidelines for securing enterprise VPN systems. TT-CSIRT encourages all organizations to review the CISA Alert (AA20-073A) and take the necessary actions.

TTCSIRT-293.031120: TT-CSIRT ADVISORY- MICROSOFT SMBv3 VULNERABILITY

Microsoft has published an advisory for a critical remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). This vulnerability affects both SMB servers and SMB clients. .This vulnerability evokes memories of EternalBlue, an RCE vulnerability in Microsoft SMBv1 that was used as part of the WannaCry ransomware attacks in 2017. (Satnam Narang, …

TTCSIRT – 292-030620: TT-CSIRTADVISORY – UPDATE CISCO EMAIL SECURITY APPLIANCES: UNCONTROLLED RESOURCE EXHAUTION VULNERABILITY

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending …

TTCSIRT-291.030620: TT-CSIRT ADVISORY- TOMCAT RELEASES SECURITY UPDATES

Tomcat has released security updates to address vulnerabilities affecting multiple products. This update for tomcat to version 9.0.31 fixes the following three (3) issues: CVE-2019-17569, CVE-2020-1935 and CVE-2020-1938. TT-CSIRT encourages users and administrators to review and apply the necessary updates: https://www.suse.com/support/update/announcement/2020/suse-su-20200598-1

TTCSIRT-290.030520:TT-CSIRT ADVISORY LET’S ENCRYPT REVOKING 3 MILLION TLS CERTIFICATES ISSUED INCORRECTLY DUE TO A BUG

The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within …