Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-038.090117: TT-CSIRT Advisory – PHP Security Updates

Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code: a)Fixed bug #74947 (Segfault in scanner on INF number). b) Fixed bug #74954 (null deref and segfault in zend_generator_resume()). c) Fixed bug #74725 (html_errors=1 breaks unhandled exceptions). d) Fixed bug #74125 (Fixed finding CURL on …

TTCSIRT-037.090117: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security updates stating that Adobe Flash Player is prone to the following vulnerabilities: a) A security bypass vulnerability that could lead to information disclosure. b) A type confusion vulnerability that could lead to code execution (CVE-2017-3106) Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining …

TTCSIRT-036.082917: TT-CSIRT Advisory – HP Security Updates

HP has released a security update to address a potential security vulnerability that has been identified in HPE Integrated Lights-out which could be exploited remotely to allow authentication bypass and execution of code. Further information on this vulnerability and how it can be fixed can be found on the HP Website at http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us

ITU Global Cybersecurity Index Report 2017

The Global Cybersecurity Index Report 2017 is a survey that measures the commitment of Member States to cybersecurity in order to raise awareness. This report can be obtained through the TTCSIRT Website at http://ttcsirt.gov.tt/documents/gci2017.pdf

Symantec Internet Security Threat Report 2016

Symantec’a Internet Security Threat Report 2016 examines multiple facets including targeted attacks, smartphone threats, social media scams, and Internet of Things (IoT) vulnerabilities, as well as attackers’ tactics, motivations, and behaviors. This report can be obtained through the TTCSIRT Website at http://ttcsirt.gov.tt/documents/symantec2016.pdf

PlayStation Social Media Accounts Hacked

A notorious hacking firm, probably best described as greyhats rather than white or blackhats, briefly breached the PlayStation Facebook and Twitter accounts on Sunday. OurMine, a Saudi-based security firm, specializes in breaching high-profile accounts in order to advertise its ‘prowess’ and sell its security services. Yesterday, it got into PlayStation’s Twitter and Facebook accounts, and …

Hackers Can Hijack Phones via Replacement Screens

Touchscreens and other components that are often replaced in smartphones and tablets can hide malicious chips capable of giving attackers complete control over the device, warned researchers at the Ben-Gurion University of the Negev. Researchers conducted their experiments on two Android devices: a Huawei Nexus 6P smartphone which uses a touchscreen controller from Synaptics, and …

TTCSIRT-035.081817: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released an advisory to address several vulnerabilities in Drupal 8.x: a) CVE-2017-6924 – REST API can bypass comment approval – when using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only …

TTCSIRT-034.081817: TT-CSIRT Advisory – CISCO Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products: a) Cisco Application Policy Infrastructure Controller Vulnerability – could allow an authenticated remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or …

How To Recover A Hacked LinkedIn Account

If someone has hacked into your linkedin account, that means they have your password. Immediately change this so you can regain control. For further information on what to do if your LinkedIn Account has been compromised, please read the TTCSIRT Article entitled How To Recover A Hacked LinkedIn Account