Updated 10/10/2022 – Fortinet has issued an official PSIRT advisory that includes workaround steps for those who cannot immediately update their assets: https://www.fortiguard.com/psirt/FG-IR-22-377 Note that updating your device continues to be the preferred recommended action by TT-CSIRT. Original Advisory: Fortinet has released security updates to address a critical vulnerability in its FortiOS (and subsequently FortiGate) …
Critical Microsoft Exchange 0-Day Vulnerability Actively Exploited Description The two vulnerabilities for on-premise Microsoft Exchange have been discovered and are now being tracked as a Server-Side Request Forgery vulnerability, CVE-2022-41040, and a remote code execution vulnerability, CVE-2022-41082. The two vulnerabilities are being exploited together to remotely trigger arbitrary code execution which essentially allows threat actors …
SonicWall has released security updates to address vulnerabilities in SonicWall Global Management System (GMS) and SonicWall Analytics On-Prem . Exploitation of these vulnerabilities could allow for an attacker to gain unauthorized access to an affected system. TT-CSIRT strongly encourages administrators to review the following releases from SonicWall and apply the necessary updates immediately: SonicWall Global …
Cisco has released security updates to address vulnerabilities in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager. Exploitation of this vulnerability could allow for an unauthenticated attacker to gain unauthorized access to the web-based management interface of the affected device. TT-CSIRT strongly encourages administrators to review the following releases from Cisco …
Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. This vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the …
This is a joint cyber security advisory from the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT), Trinidad and Tobago Police Service Cyber and Social Media Unit (TTPS CSMU) and the National Information and Communication Technology Company Limited (iGovTT). This advisory serves to warn all entities within Trinidad and Tobago about increased ransomware attacks …
The following information is taken from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Should your organization be a victim of ransomware, TT-CSIRT strongly recommends responding by using the following checklist. Be sure to move through the first three steps in sequence. Detection and Analysis Determine which systems were impacted, and immediately isolate them. If …
The following information is taken from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Be Prepared Refer to the best practices and references below to help manage the risk posed by ransomware and support your organization’s coordinated and efficient response to a ransomware incident. Apply these practices to the greatest extent possible based on availability …
The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has observed a sharp increase in malicious cyber activity targeting local and regional entities over the past two (2) months. The TT-CSIRT is urging all entities (public and private) to adopt a heightened state of awareness and be guided by the following: Top Threats to …
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. The list of updates addresses several critical vulnerabilities, one of which is being actively exploited in the wild by threat actors. The TT-CSIRT strongly encourages users and administrators to …