Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-302.040320: TT-CSIRT ADVISORY- GOOGLE CHROME RELEASES STABLE CHANNEL UPDATE FOR DESKTOP

The stable channel has been updated to 80.0.3987.162 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log which can be viewed here: https://chromium.googlesource.com/chromium/src/+log/80.0.3987.149..80.0.3987.162?pretty=fuller&n=10000. If you are interested in switching release channels or find a new issue and need to file the bug …

#WorkFromHome Cyber Safety Guidelines

Social distancing is one of the main ways to contain the spread of COVID-19 and “flatten the curve”. This means that a lot of companies and governments have started to instruct staff to work from home. However telework can create cybersecurity risks. It is with this in mind that TT-CSIRT has compiled a list of …

TTCSIRT-301.032520: TT-CSIRT ADVISORY- MICROSOFT RCE VULNERABILITIES AFFECTING WINDOWS, WINDOWS SERVER

Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the …

TTCSIRT-300.032520: TT-CSIRT ADVISORY- APPLE RELEASES SECURITY UPDATES

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Trinidad and Tobago Cyber Security Incident Response Team (CSIRT) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: …

TTCSIRT-299.032520: TT-CSIRT ADVISORY- ADOBE RELEASES SECURITY UPDATE FOR CREATIVE CLOUD DESKTOP APPLICATION

Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system. TT-CSIRT encourages users and administrators to review Adobe Security Bulletin APSB20-11 and apply the necessary update: https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html

Ransomware Attacks Targeting Critical Infrastructure and Hospitals Amid COVID-19 Global Pandemic

TT-CSIRT’s international partners have detected attempts to compromise and execute ransomware against key organizations and infrastructure required to assist in the global response to COVID-19. Attack Vectors Ransomware attacks can be initiated through multiple attack vectors. The prominent ones are: – Compromising system user credentials– Malicious emails with infected attachments– Exploiting a system vulnerability or …

TTCSIRT-298.032420: TT-CSIRT ADVISORY- TYPE 1 FONT PARSING REMOTE CODE EXECUTION VULNERABILITY

Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted …

TTCSIRT-297.032020: TT-CSIRT ADVISORY- CISCO SD-WAN SOLUTION COMMAND INJECTION VULNERABILITY

A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be …

TTCSIRT-296.032020: TT-CSIRT ADVISORY- CISCO WEBEX NETWORK RECORDING PLAYER AND CISCO WEBEX PLAYER ARBITRARY CODE EXECUTION VULNERABILITIES

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or …

TTCSIRT-295.180320: TT-CSIRT ADVISORY- ADOBE SECURITY UPDATE FOR ADOBE ACROBAT AND READER

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user Adobe recommends users update their software installations to the latest versions by following the instructions below.     The latest product versions are available to end users …