TTCSIRT – 435.26.09.24: Phishing Alert

TTCSIRT – 435.26.09.24: Phishing Alert

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from a GovNeTT user’s compromised email “akesha.hazel@gov[.]tt’”. In this respect we are advising all persons not to engage with any emails received from the aforementioned email address with the following details: Persons who receive the email are advised […]

TTCSIRT 434.25.09.24: Keep Your Firewall Up to Date

Regularly updating your firewall is essential for maintaining a strong security posture, protecting your network and data, and mitigating the risks associated with cyber threats. From the Trinidad and Tobago perspective, the exploitation of outdated and unpatched firewall systems is one of the most successful attack vectors executed against local organizations. This email serves as […]

TTCSIRT – 433.23.09.24: Phishing Alert

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from the Military Lead Training Academy’s (MiLAT) email “Milatacademydean@gov[.]tt’”. In this respect we are advising all persons not to engage with any emails received from the aforementioned email address with the following details: Persons who receive the email […]

TTCSIRT 430.19.07.24: Global Outage Triggered by Faulty CrowdStrike Cybersecurity Update

A large-scale outage has occurred due to a broken CrowdStrike cybersecurity update, rendering Windows computers unable to start and affecting much of the world’s infrastructure. The problem stems from an issue with CrowdStrike’s Falcon Sensors, which encountered problems following an early Friday morning update.   PLEASE BE ADVISED: Only accept information from the CrowdStrike support […]

TTCSIRT 428.16.04.24: Importance of Keeping Your VPN System Up to Date

Remote-access VPN systems allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by threat actors. From the Trinidad and Tobago perspective, the exploitation of outdated remote-access VPN systems is one of the most successful attack vectors executed against local organizations. This email serves as a critical reminder about the […]

TT-CSIRT 427.12.04.24: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. The severity of the vulnerability is critical and it carries a CVSS4.0 score of 10. Fixes for PAN-OS […]

TT-CSIRT-426.14.02.24: Critical Patches Issued for Microsoft Products

Microsoft has released security updates to address vulnerabilities in multiple products; the most severe of which could allow for remote code execution. Additionally, two (2) zero day vulnerabilities related to Microsoft products have been identified that are CVE-2024-21351 – Windows SmartScreen Security Feature Bypass Vulnerability and CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass Vulnerability.Affected […]

TT-CSIRT 425 09.02.24: FortiOS Security Updates

Fortinet has released security updates to address two (2) critical vulnerabilities in FortiOS. TT-CSIRT encourages administrators to review the following releases and take the necessary actions immediately: CVE-2024-21762 – https://www.fortiguard.com/psirt/FG-IR-24-015 CVE-2024-23113 – https://www.fortiguard.com/psirt/FG-IR-24-029 Fortinet has noted that CVE-2024-21762 is potentially being exploited in the wild. If you have any queries, comments or require assistance, please […]

TT-CSIRT – 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 and CVE-2022-22274

Severity: Critical Overview: SonicWall Firewalls CVE-2022-22274 and CVE-2023-0656 have CVSS score of 9.4 and 7.5 respectively. A proof-of-concept has been published therefore the vulnerabilities are more susceptible to exploitation. Affected Systems: Various SonicWall devices, including TZ series, NSa models, NSsp series, and NSv models, are susceptible to the mentioned vulnerabilities. Description: Over 178,000 SonicWall firewalls […]

TT-CSIRT – 423 02.01.24: Terrapin CVE-2023-48795 vulnerability in Secure Shell (SSH) cryptographic network protocol

Severity: Medium Overview: Terrapin (CVE-2023-48795, CVSS score: 5.9) allows remote attackers to bypass integrity checks such that some packets are omitted causing security features to be downgraded or disabled within a client and server connection (a Terrapin Attack). This allows attackers to exploit the SSH protocol, potentially gaining unauthorized access to sensitive information or compromising network […]