Please be advised of the critical vulnerability CVE-2025-25257, which affects FortiWeb. This issue stems from improper handling of special characters in SQL commands, leading to a SQL Injection vulnerability (CWE-89). This vulnerability enables an attacker to execute unauthorized SQL code by sending specially crafted HTTP or HTTPS requests. Affected Versions and solutions: Version Affected Solution […]
Please be advised of the following critical alert regarding multiple vulnerabilities affecting various Fortinet products, including FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb. These vulnerabilities could allow an unauthenticated attacker in a man-in-the-middle (MITM) position to impersonate the management device. Organizations utilizing affected Fortinet versions are urged to take immediate action. Impact: Successful exploitation of […]
Please be advised that Fortinet has released a security update to address a critical vulnerability (CVE-2024-48887) found in the FortiSwitch GUI. This vulnerability could enable a remote unauthenticated attacker to alter admin passwords through a specifically designed request. Impact Affected Versions Version Affected Solution FortiSwitch 7.6 7.6.0 Upgrade to 7.6.1 or above FortiSwitch 7.4 7.4.0 […]
Fortinet has released a patch to address a critical vulnerability in their FortiManager product. This vulnerability allows threat actors to use a compromised FortiManager device to execute arbitrary code or commands via specially crafted requests against other FortiManager devices, through a missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon. Reports have […]
The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from a GovNeTT user’s compromised email “akesha.hazel@gov[.]tt’”. In this respect we are advising all persons not to engage with any emails received from the aforementioned email address with the following details: Persons who receive the email are advised […]
Regularly updating your firewall is essential for maintaining a strong security posture, protecting your network and data, and mitigating the risks associated with cyber threats. From the Trinidad and Tobago perspective, the exploitation of outdated and unpatched firewall systems is one of the most successful attack vectors executed against local organizations. This email serves as […]
The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from the Military Lead Training Academy’s (MiLAT) email “Milatacademydean@gov[.]tt’”. In this respect we are advising all persons not to engage with any emails received from the aforementioned email address with the following details: Persons who receive the email […]
The TTCSIRT wishes to inform you of a recently identified vulnerability in SonicWall SonicOS. This improper access control issue affects SonicWall SonicOS management access and SSLVPN, potentially allowing unauthorized access to resources and, under certain conditions, causing the firewall to crash. The vulnerability impacts SonicWall Gen 5 and Gen 6 devices, as well as Gen […]
A large-scale outage has occurred due to a broken CrowdStrike cybersecurity update, rendering Windows computers unable to start and affecting much of the world’s infrastructure. The problem stems from an issue with CrowdStrike’s Falcon Sensors, which encountered problems following an early Friday morning update. PLEASE BE ADVISED: Only accept information from the CrowdStrike support […]
Citrix has announced significant security updates to address vulnerabilities across multiple products. Administrators should promptly review and implement the following updates: NetScaler ADC and NetScaler Gateway: CVE-2024-5491, CVE-2024-5492 NetScaler Console, Agent, and SVM: CVE-2024-6235, CVE-2024-6236 Citrix Workspace app for HTML5: CVE-2024-6148, CVE-2024-6149 Citrix Provisioning: CVE-2024-6150 Windows Virtual Delivery Agent for CVAD and Citrix DaaS: CVE-2024-6151 […]
