Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-352.09.03.20: TT-CSIRT ADVISORY – Cisco Jabber for Windows Message Handling Arbitrary Code Execution

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to …

TTCSIRT-351.09.03.20: TT-CSIRT ADVISORY – Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

A vulnerability exists in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of …

TTCSIRT-350.09.03.20: TT-CSIRT ADVISORY – Ransomware families LockBit, Maze headline ransomware

Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape over the past quarter, according to a new report. Infections involved a wide variety of malware families including LockBit and Maze, among others. Sixty-six percent of all ransomware attacks this quarter involved the red-teaming framework Cobalt Strike, suggesting that ransomware actors are increasingly relying …

TTCSIRT-349.09.03.20: TT-CSIRT ADVISORY – Emotet new delivery using a new Word lure document

The Emotet botnet continues to evolve, and now uses a Microsoft Word template to spread its malware. Known as “Red Dawn,” the new infection method involves the user downloading a Word file, and then the file prompts them to enable macros to read the document. If enabled, the macros then download Emotet onto the victim’s …

TTCSIRT-348.08.31.20: TT-CSIRT ADVISORY – Cisco’s active IOS XR zero-day exploit

Cisco warns of a new zero-day vulnerability impacting the Internetwork Operating System (IOS) that ships with its networking equipment. The vulnerability, tracked as CVE-2020-3566, impacts the Distance Vector Multicast Routing Protocol (DVMRP) feature that ships with the IOS XR version of the operating system. This version of the OS is usually installed on carrier-grade and …

TTCSIRT-347.08.28.20: TT-CSIRT ADVISORY – Atutor SQL Injection

An SQL injection vulnerability exists in ATutor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system. This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s interface where they …

TTCSIRT-346.08.28.20: TT-CSIRT ADVISORY – Cisco Critical Flaw Patched in WAN Software Solution

Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure. The flaw (CVE-2020-3446), which has a critical-severity CVSS score of 9.8 out of 10, exists because user accounts for accessing the software contain default passwords. That means an attacker …

TTCSIRT-345.08.28.20: TT-CSIRT ADVISORY -VMware ESXi, vCenter Server, and Cloud Foundation denial of services

A vulnerability was found in VMware ESXi and vCenter Server (Server Management Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects some unknown functionality of the component Authentication Service. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is …

TTCSIRT-344.08.24.20: TT-CSIRT ADVISORY – ISC Releases Security Advisories for BIND

ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following ISC advisories for more information and to apply the necessary …

TTCSIRT-342.08.24.20: TT-CSIRT ADVISORY – BLINDINGCAN Malware

On August 19, 2020, The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) publicly released a Malware Analysis Report (MAR) and associated samples labeled BLINDINGCAN. The information contained in the report is the result of analytic efforts between the Department of Homeland Security (DHS) and the FBI to provide technical …