Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

New Malware Lays P2P Network on Top of IPFS

by ttcsirtadmin | 13th June 2019

A newly discovered piece of malware uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network, Anomali’s security researchers report. Discovered in May 2019 and dubbed IPStorm, the malware is written in the Go (Golang) programming language and targets Windows machines. Once it has infected a system, the malicious program allows […]

Read More

XSS Vulnerability Exposed Google Employees to Attacks

by ttcsirtadmin | 13th June 2019

A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to invoices and other sensitive information. Thomas Orlita, a 16-year-old bug bounty hunter from the Czech Republic, analyzed the Google Invoice Submission Portal hosted on gist-uploadmyinvoice.appspot.com, where vendors […]

Read More

Microsoft Patches Critical Vulnerabilities in NTLM

by ttcsirtadmin | 13th June 2019

Microsoft on Tuesday released security patches for nearly 90 vulnerabilities, including two Critical bugs impacting the proprietary authentication protocol NTLM. Tracked as CVE-2019-1040 and CVE-2019-1019, the two security issues consist of three logical flaws in NTLM that allow the bypass of all major NTLM protection mechanisms, Preempt’s security researchers reveal. The flaws impact all Windows […]

Read More

New Class of Vulnerabilities Leak Data From Intel Chips

by ttcsirtadmin | 14th May 2019

Millions of computers powered by Intel processors are affected by vulnerabilities that can be exploited by malicious actors to obtain potentially sensitive information. Intel and other tech giants have already released patches and mitigations. The side-channel attack methods, named ZombieLoad, RIDL (Rogue In-Flight Data Load), and Fallout, are similar to the notorious Meltdown and Spectre, […]

Read More

Remote Code Execution Vulnerability Impacts SQLite

by ttcsirtadmin | 14th May 2019

A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. Tracked as CVE-2019-5018 and featuring a CVSS score of 8.1, the vulnerability resides in the window function functionality of Sqlite3 3.26.0 and 3.27.0. To trigger the flaw, an attacker would […]

Read More

Apple Patches 21 Vulnerabilities in WebKit

by ttcsirtadmin | 14th May 2019

Security updates Apple released this week for iOS, macOS, Safari, tvOS and watchOS include patches for 21 vulnerabilities that affect open source web browser engine WebKit. These bugs include 20 memory corruption issues that could lead to arbitrary code execution during the processing of maliciously crafted web content. Apple says it addressed the flaws with […]

Read More

Cost of Data Breach in UK Increases More Than 41% in Two Years

by ttcsirtadmin | 8th April 2019

The UK government, in the form of the Department for Digital, Culture, Media and Sport (DCMS) has published its fourth annual breaches survey: the Cyber Security Breaches Survey 2019. It was carried out by Ipsos Mori in partnership with the Institute for Criminal Justice Studies at the university of Portsmouth. The survey queried more than […]

Read More

Ongoing DNS Hijacking Campaign Targets Gmail, PayPal, Netflix Users

by ttcsirtadmin | 8th April 2019

A DNS hijacking campaign that has been ongoing for the past three months is targeting the users of popular online services, including Gmail, PayPal, and Netflix. As part of the campaign, the attackers compromised consumer routers to modify their DNS settings and redirect users to rogue websites to steal their login credentials. Bad Packets security […]

Read More

Unofficial Patch Released for Java Flaws Found by Google Researcher

by ttcsirtadmin | 8th April 2019

Unofficial patches have been released for two unfixed Oracle Java Runtime Environment (RE) vulnerabilities discovered by Google Project Zero researcher Mateusz Jurczyk. On February 18, Google Project Zero made public the details of four Java RE vulnerabilities caused by heap-based out-of-bounds read bugs. The security holes were discovered during fuzz testing aimed at the processing […]

Read More

Chrome, Firefox Get Windows Defender Application Guard Extensions

by ttcsirtadmin | 18th March 2019

Microsoft is extending the protection capabilities of Windows Defender Application Guard with the release of browser extensions for Chrome and Firefox. The new extensions were designed to automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge. The extensions check site URLs against a list of trusted domains (defined by enterprise admins) and […]

Read More

Page 1 of 912345...Last »