Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TT-CSIRT-404.27.06.22: Cisco Email Security Vulnerabilities

Cisco has released security updates to address vulnerabilities in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager. Exploitation of this vulnerability could allow for an unauthenticated attacker to gain unauthorized access to the web-based management interface of the affected device. TT-CSIRT strongly encourages administrators to review the following releases from Cisco …

TT-CSIRT-403.01.06.22: Workaround Guidance for MSDT Vulnerability

Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. This vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the …

Ransomware Joint Advisory

This is a joint cyber security advisory from the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT), Trinidad and Tobago Police Service Cyber and Social Media Unit (TTPS CSMU) and the National Information and Communication Technology Company Limited (iGovTT). This advisory serves to warn all entities within Trinidad and Tobago about increased ransomware attacks …

Ransomware Response Checklist

The following information is taken from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Should your organization be a victim of ransomware, TT-CSIRT strongly recommends responding by using the following checklist. Be sure to move through the first three steps in sequence. Detection and Analysis Determine which systems were impacted, and immediately isolate them. If …

Ransomware Prevention

The following information is taken from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Be Prepared Refer to the best practices and references below to help manage the risk posed by ransomware and support your organization’s coordinated and efficient response to a ransomware incident. Apply these practices to the greatest extent possible based on availability …

TT-CSIRT-402.13.04.22: Microsoft Security Updates April 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. The list of updates addresses several critical vulnerabilities, one of which is being actively exploited in the wild by threat actors. The TT-CSIRT strongly encourages users and administrators to …

TT-CSIRT-401.11.04.22: FortiClient Vulnerabilities

Fortinet has released security updates to address multiple vulnerabilities in FortiClient for Windows and Linux. An attacker could exploit some of these vulnerabilities to take control of an affected system or access sensitive information. TT-CSIRT encourages users/administrators to review the following releases from Fortinet and apply the necessary updates: FortiClient (Windows) – Privilege Escalation FortiClient …

TT-CSIRT-400.10.12.21: Apache Log4j Critical RCE Vulnerability

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. This vulnerability is …

TT-CSIRT-399.10.11.21: Critical Vulnerability in Palo Alto GlobalProtect Portal

A critical (9.8/10) memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. TT-CSIRT encourages administrators to review the following release from Palo Alto …

TT-CSIRT-398.05.10.21: TTCSIRT ADVISORY – Fortinet and Expiring Let’s Encrypt Certificates

Please be advised, with the current issue of certain sites being presented with an invalid or expires SSL Certificate when attempting to gain access, Fortinet was made aware by customers in the early hours of September 30th that TLS connections to web sites using Let’s Encrypt certificates were failing. Our first response was to validate the certificate …