Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-306.041520: TT-CSIRT ADVISORY- ADOBE RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. ColdFusion: https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html After Effects: https://helpx.adobe.com/security/products/after_effects/apsb20-21.html Digital Editions: https://helpx.adobe.com/security/products/Digital-Editions/apsb20-23.html

COVID-19 EXPLOITED BY MALICIOUS CYBER ACTORS

The United States Department of Homeland Security (DHS) Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) did a joint alert talking to the exploitation by cyber criminal and Advanced Persistent Threat (APT) groups and a list of Indicators of Compromise (IOCs) for both detection and mitigation. Both …

TTCSIRT-305.041020: TT-CSIRT ADVISORY- XSS VULNERABILITY IN THE DASHBOARD NAME PARAMETER OF FortiADC

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. Impact: Execute Unauthorized Code or Commands Affected Products: FortiADC version 5.3.4 and belowFortiADC version 5.4.0 and below Solutions: Upgrades to FortiADC versions 5.3.5 or above and FortiADC …

TTCSIRT-304.041020: TT-CSIRT ADVISORY- PALO ALTO NETWORK PRIVILEGE ASSIGNMENT VULNERABILITY.

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks GlobalProtect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1. Severity: High (7) Solution: …

TTCSIRT-303.040820: TT-CSIRT ADVISORY- MOZILLA FOUNDATION SECURITY ADVISORY

Be advised that security vulnerabilities were fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 It should be noted that under certain conditions, when running the nsDocShell destructor and ReadableStream, a race condition can cause a use-after-free. Mozilla are aware of targeted attacks in the wild abusing this flaw. The Trinidad and Tobago Cyber Security Incident …

TTCSIRT-302.040320: TT-CSIRT ADVISORY- GOOGLE CHROME RELEASES STABLE CHANNEL UPDATE FOR DESKTOP

The stable channel has been updated to 80.0.3987.162 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log which can be viewed here: https://chromium.googlesource.com/chromium/src/+log/80.0.3987.149..80.0.3987.162?pretty=fuller&n=10000. If you are interested in switching release channels or find a new issue and need to file the bug …

#WorkFromHome Cyber Safety Guidelines

Social distancing is one of the main ways to contain the spread of COVID-19 and “flatten the curve”. This means that a lot of companies and governments have started to instruct staff to work from home. However telework can create cybersecurity risks. It is with this in mind that TT-CSIRT has compiled a list of …

TTCSIRT-301.032520: TT-CSIRT ADVISORY- MICROSOFT RCE VULNERABILITIES AFFECTING WINDOWS, WINDOWS SERVER

Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the …

TTCSIRT-300.032520: TT-CSIRT ADVISORY- APPLE RELEASES SECURITY UPDATES

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Trinidad and Tobago Cyber Security Incident Response Team (CSIRT) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: …

TTCSIRT-299.032520: TT-CSIRT ADVISORY- ADOBE RELEASES SECURITY UPDATE FOR CREATIVE CLOUD DESKTOP APPLICATION

Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system. TT-CSIRT encourages users and administrators to review Adobe Security Bulletin APSB20-11 and apply the necessary update: https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html