Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TT-CSIRT-426.14.02.24: Critical Patches Issued for Microsoft Products

Microsoft has released security updates to address vulnerabilities in multiple products; the most severe of which could allow for remote code execution. Additionally, two (2) zero day vulnerabilities related to Microsoft products have been identified that are CVE-2024-21351 – Windows SmartScreen Security Feature Bypass Vulnerability and CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass Vulnerability.Affected …

TT-CSIRT 425 09.02.24: FortiOS Security Updates

Fortinet has released security updates to address two (2) critical vulnerabilities in FortiOS. TT-CSIRT encourages administrators to review the following releases and take the necessary actions immediately: CVE-2024-21762 – https://www.fortiguard.com/psirt/FG-IR-24-015 CVE-2024-23113 – https://www.fortiguard.com/psirt/FG-IR-24-029 Fortinet has noted that CVE-2024-21762 is potentially being exploited in the wild. If you have any queries, comments or require assistance, please …

TT-CSIRT – 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 and CVE-2022-22274

Severity: Critical Overview: SonicWall Firewalls CVE-2022-22274 and CVE-2023-0656 have CVSS score of 9.4 and 7.5 respectively. A proof-of-concept has been published therefore the vulnerabilities are more susceptible to exploitation. Affected Systems: Various SonicWall devices, including TZ series, NSa models, NSsp series, and NSv models, are susceptible to the mentioned vulnerabilities. Description: Over 178,000 SonicWall firewalls …

IN MEMORY OF ANGUS SMITH

  It is with great sadness that we announce the passing of Mr. Angus Smith, a remarkable individual and the dedicated leader of the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT). Angus was not just a colleague but a beacon of strength, compassion, and expertise in the cybersecurity community. Angus exemplified unwavering commitment, …

TT-CSIRT – 423 02.01.24: Terrapin CVE-2023-48795 vulnerability in Secure Shell (SSH) cryptographic network protocol

Severity: Medium Overview: Terrapin (CVE-2023-48795, CVSS score: 5.9) allows remote attackers to bypass integrity checks such that some packets are omitted causing security features to be downgraded or disabled within a client and server connection (a Terrapin Attack). This allows attackers to exploit the SSH protocol, potentially gaining unauthorized access to sensitive information or compromising network …

Webinar: Web Application Security

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) of the Ministry of National Security hosted a webinar on Web Application Security during cyber security awareness month providing an insightful webinar on Application Security Strategies, the OWASP Top 10, Application Security Verification and Application Testing guidance. TLP:CLEAR  

TT-CSIRT-422.18.10.23: Cisco Security Vulnerability

Cisco has released a security advisory concerning a critical Privilege Escalation Vulnerability in their IOS XE software. Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks. This affects both physical and virtual …

Webinar: Trinidad and Tobago Cyber Threat Landscape Update 2023

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) of the Ministry of National Security will be hosting a webinar entitled “Trinidad and Tobago Cyber Threat Landscape Update 2023” during cyber security awareness month. TT-CSIRT will provide updates on cyber threats impacting local organizations from the national perspective. The capabilities and capacity of the …

TT-CSIRT-421.13.7.23: Fortinet Security Vulnerability

Fortinet has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy. TT-CSIRT encourages administrators to review the following release from Fortinet and take the necessary actions immediately: https://www.fortiguard.com/psirt/FG-IR-23-183

TT-CSIRT-420.11.7.23: Microsoft Windows and Office Zero Day Vulnerability

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the …