Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TT-CSIRT – 432.10.09.24. SonicOS Improper Access Control Vulnerability

The TTCSIRT wishes to inform you of a recently identified vulnerability in SonicWall SonicOS. This improper access control issue affects SonicWall SonicOS management access and SSLVPN, potentially allowing unauthorized access to resources and, under certain conditions, causing the firewall to crash. The vulnerability impacts SonicWall Gen 5 and Gen 6 devices, as well as Gen …

TT-CSIRT – 431 02.08.24. Phishing campaign targets Ministries, Divisions and Agencies

The TTCSIRT has received reports from multiple Ministries, Divisions and Agencies of the occurrence of the following phishing campaign. Phishing emails are being received from the “virginmedia[.]com” domain and are impersonating the head of the respective MDA. The phishing email is targeting both personal and corporate email accounts. The emails try to coerce the victim into …

TTCSIRT 430.19.07.24: Global Outage Triggered by Faulty CrowdStrike Cybersecurity Update

A large-scale outage has occurred due to a broken CrowdStrike cybersecurity update, rendering Windows computers unable to start and affecting much of the world’s infrastructure. The problem stems from an issue with CrowdStrike’s Falcon Sensors, which encountered problems following an early Friday morning update.   PLEASE BE ADVISED: Only accept information from the CrowdStrike support …

TT-CSIRT-408.31.10.22: Phishing Alert

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from the Ministry of Foreign and CARICOM Affairs’ domain “foreign.gov.tt”. In this respect we are advising all persons not to open any emails received from the Ministry of Foreign and CARICOM Affairs with the following details: Subject: “Re: …

TTCSIRT-406.30.09.22: Critical Microsoft Exchange 0-Day Vulnerability Actively Exploited

Critical Microsoft Exchange 0-Day Vulnerability Actively Exploited Description The two vulnerabilities for on-premise Microsoft Exchange have been discovered and are now being tracked as a Server-Side Request Forgery vulnerability, CVE-2022-41040, and a remote code execution vulnerability, CVE-2022-41082. The two vulnerabilities are being exploited together to remotely trigger arbitrary code execution which essentially allows threat actors …

Increased Cyber Activity in Trinidad and Tobago and the Region

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has observed a sharp increase in malicious cyber activity targeting local and regional entities over the past two (2) months. The TT-CSIRT is urging all entities (public and private) to adopt a heightened state of awareness and be guided by the following: Top Threats to …

THREAT ALERT: WhatsApp Account Takeover Attack

WhatsApp Account Takeover Attack Advice TT-CSIRT urges the public to continue reporting these cyber-crime incidents to TTPS Cyber-crime and Social Media Unit via the information at the following link: https://ttcsirt.gov.tt/ttps-cyber-crime-unit/ About stolen WhatsApp accounts You should never share your WhatsApp SMS verification code with others, not even friends or family. If you’re tricked into sharing …

TTCSIRT-THREAT ALERT: Social Engineering Tactics Targeting Trinidad and Tobago Citizens

Over the past couple weeks, numerous reports have been made by citizens of Trinidad and Tobago regarding cyber-crime incidents which include: • Phishing – Phishing involves sending emails, texts or making calls to persons aimed at creating a sense of urgency, curiosity or fear in victims which results in them revealing sensitive information (address, credentials, …

TTCSIRT-THREAT ALERT: Supplemental Guidance for Emergency Directive on SolarWinds Orion Compromise

Please be advised, for situational awareness, the Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 21-01 – Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance Version 2, which provides additional guidance that supplements Emergency Directive (ED) 21-01 and Supplemental Guidance v1 issued on December 18, 2020. Can be accessed here: https://cyber.dhs.gov/ed/21-01/#supplemental-guidance. This guidance requires …

TTCSIRT-THREAT ALERT: Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

Please be advised, Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems via a Command Injection Vulnerability in the administrative configurator. VMware has evaluated this issue to be of ‘Important‘ …