Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

Do the basics well

Attacks against local entities have been on the rise over the last 3 years and the TT-CSIRT has issued several advisories, alerts and guidance noting this uptick during that time. The necessary increase in digital transformation initiatives being pursued by both the public and private sector also inadvertently increases our viability as a target for …

TT-CSIRT-410.9.11.22: New Emotet Malware Campaign

Emotet is back again with a new campaign displaying many characteristics of older campaigns. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world. Emotet is a …

TT-CSIRT-409.9.11.22: Microsoft November Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software including: TT-CSIRT encourages users and administrators to review the following releases from Microsoft and apply the necessary updates:

TT-CSIRT-408.31.10.22: Phishing Alert

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from the Ministry of Foreign and CARICOM Affairs’ domain “foreign.gov.tt”. In this respect we are advising all persons not to open any emails received from the Ministry of Foreign and CARICOM Affairs with the following details: Subject: “Re: …

Identity Theft

Identity theft is a method used to carry out criminal activity, involving unauthorized use of your name and personal details to either steal from you, or commit a crime in your name. Identity theft can be carried out either online, physically using printed documents, or by a combination of the two. Identity theft today usually …

TT-CSIRT-407.07.10.22: FortiOS Critical Security Vulnerability

Updated 10/10/2022 – Fortinet has issued an official PSIRT advisory that includes workaround steps for those who cannot immediately update their assets: https://www.fortiguard.com/psirt/FG-IR-22-377 Note that updating your device continues to be the preferred recommended action by TT-CSIRT. Original Advisory: Fortinet has released security updates to address a critical vulnerability in its FortiOS (and subsequently FortiGate) …

TTCSIRT-406.30.09.22: Critical Microsoft Exchange 0-Day Vulnerability Actively Exploited

Critical Microsoft Exchange 0-Day Vulnerability Actively Exploited Description The two vulnerabilities for on-premise Microsoft Exchange have been discovered and are now being tracked as a Server-Side Request Forgery vulnerability, CVE-2022-41040, and a remote code execution vulnerability, CVE-2022-41082. The two vulnerabilities are being exploited together to remotely trigger arbitrary code execution which essentially allows threat actors …

TT-CSIRT-405.25.07.22: SonicWall Security Vulnerabilities

SonicWall has released security updates to address vulnerabilities in SonicWall Global Management System (GMS) and SonicWall Analytics On-Prem . Exploitation of these vulnerabilities could allow for an attacker to gain unauthorized access to an affected system. TT-CSIRT strongly encourages administrators to review the following releases from SonicWall and apply the necessary updates immediately: SonicWall Global …

TT-CSIRT-404.27.06.22: Cisco Email Security Vulnerabilities

Cisco has released security updates to address vulnerabilities in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager. Exploitation of this vulnerability could allow for an unauthenticated attacker to gain unauthorized access to the web-based management interface of the affected device. TT-CSIRT strongly encourages administrators to review the following releases from Cisco …

TT-CSIRT-403.01.06.22: Workaround Guidance for MSDT Vulnerability

Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. This vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the …