Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TT-CSIRT-400.10.12.21: Apache Log4j Critical RCE Vulnerability

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. This vulnerability is …

TT-CSIRT-399.10.11.21: Critical Vulnerability in Palo Alto GlobalProtect Portal

A critical (9.8/10) memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. TT-CSIRT encourages administrators to review the following release from Palo Alto …

TT-CSIRT-398.05.10.21: TTCSIRT ADVISORY – Fortinet and Expiring Let’s Encrypt Certificates

Please be advised, with the current issue of certain sites being presented with an invalid or expires SSL Certificate when attempting to gain access, Fortinet was made aware by customers in the early hours of September 30th that TLS connections to web sites using Let’s Encrypt certificates were failing. Our first response was to validate the certificate …

TT-CSIRT-397.27.09.21: TTCSIRT ADVISORY – VMware vCenter Server Vulnerability Under Active Exploit

VMware has disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server. VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass …

TTCSIRT-396.07.01.21 TTCSIRT ADVISORY- CRITICAL WINDOWS PRINT SPOOLER VULNERABILITY

Updated – July 7, 2021 Microsoft has released out-of-band security updates to address the remote code execution (RCE) vulnerability (CVE-2021-34527) in the Windows Print spooler service. Please review the following update guide from Microsoft and apply the necessary security patches immediately: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Updated – 6 July, 2021 Please review Microsoft’s updated guidance for the Print …

TTCSIRT-395.05.14.21 TTCSIRT ADVISORY- MICROSOFT MSRC MAY 2021 SECURITY UPDATES

This release consists of security updates for the following products, features and roles. .NET Core & Visual Studio HTTP.sys Internet Explorer Microsoft Accessibility Insights for Web Microsoft Bluetooth Driver Microsoft Dynamics Finance & Operations Microsoft Edge (Chromium-based) Microsoft Exchange Server Microsoft Graphics Component Microsoft Office Microsoft Office Access Microsoft Office Excel Microsoft Office SharePoint Microsoft …

TTCSIRT-394.05.14.21 TTCSIRT ADVISORY- WORDPRESS 5.7.2 SECURITY RELEASE

WordPress 5.7.2 is now available. This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8. You can update to …

TTCSIRT-393.04.27.21 TTCSIRT ADVISORY- NSA-CISA-FBI JOINT ADVISORY ON RUSSIAN SVR TARGETING U.S. AND ALLIED NETWORKS

The Cybersecurity & Infrastructure Security Agency (CISA), National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) of the United States have released a Joint Cybersecurity Advisory (CSA) on Russian Foreign Intelligence Service (SVR) actors scanning for and exploiting vulnerabilities to compromise U.S. and allied networks, including national security and government-related systems. Specifically, SVR actors are …

TTCSIRT-392.04.15.21 TTCSIRT ADVISORY- APPLY MICROSOFT APRIL 2021 SECURITY UPDATE TO MITIGATE NEWLY DISCLOSED MICROSOFT EXCHANGE VULNERABILITIES

Microsoft’s April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the target host. The Cybersecurity & Infrastructure Security Agency (CISA) strongly urges organizations to apply Microsoft’s April 2021 Security Update to mitigate against these newly disclosed vulnerabilities. …

TTCSIRT- 391.03.17.21: TTCSIRT ADVISORY- MICROSOFT RELEASES EXCHANGE ON-PREMISES MITIGATION TOOL

Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: “[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates. The United States of America’s Cybersecurity and Infrastructure …