Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-359.09.15.20: TT-CSIRT ADVISORY – Netlogon Remote Protocol Vulnerability

There is a publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access. For further information and support, please visit the following link:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 …

TTCSIRT-358.09.09.20: TT-CSIRT ADVISORY – Google Releases Security Updates for Chrome

Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. For further information and support, please visit the following link:https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT …

TTCSIRT-357.09.09.20: TT-CSIRT ADVISORY – Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These updates addresses multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.  For more information and support, please visit the following appropriate link: …

TTCSIRT-356.09.09.20: TT-CSIRT ADVISORY – Microsoft Releases September 2020 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The security updates released concerns Microsoft Windows, Microsoft Edge (EdgeHTML-based & Chromium-based), Microsoft ChakraCore, Internet Explorer, SQL Server, Microsoft JET Database Engine, Microsoft Office and Microsoft Office Services and Web Apps, …

TTCSIRT-355.09.07.20: TT-CSIRT ADVISORY – WordPress File Manager Plugin Vulnerability

Security researchers have identified a high severity vulnerability in the WordPress File Manager plugin. This vulnerability allows unauthenticated users to execute commands and upload malicious files on a target site. All WordPress versions running the File Manager plug-in before version 6.9 are vulnerable. The File Manager plugin is designed to help WordPress administrators manage files on their sites. …

TTCSIRT-354.09.03.20: TT-CSIRT ADVISORY – Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST …

TTCSIRT-353.09.03.20: TT-CSIRT ADVISORY – Cisco Jabber for Windows Protocol Handler Command Injection

The application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other …

TTCSIRT-352.09.03.20: TT-CSIRT ADVISORY – Cisco Jabber for Windows Message Handling Arbitrary Code Execution

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to …

TTCSIRT-351.09.03.20: TT-CSIRT ADVISORY – Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

A vulnerability exists in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of …

TTCSIRT-350.09.03.20: TT-CSIRT ADVISORY – Ransomware families LockBit, Maze headline ransomware

Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape over the past quarter, according to a new report. Infections involved a wide variety of malware families including LockBit and Maze, among others. Sixty-six percent of all ransomware attacks this quarter involved the red-teaming framework Cobalt Strike, suggesting that ransomware actors are increasingly relying …