Alerts and Tips

Incident Response Solutions – Critical Advisories

Cyber attacks against Ukraine that may have consequences on New Zealand organisations (Updated 26 February 2022)

Email Reply Chain Attacks (Updated 29 April 2021)

Apache log4j (Updated 12 December 2021)

Ransomware (Updated 23 September 2021)

SonicWall Ransomware Compromise (Updated 16 July 2021)

Kaseya VSA Supply-Chain Ransomware Attack (Updated 23 July 2021)

Microsoft Exchange Server (Updated 29 August 2021)

Government Issued Alerts

18/05/2022 – Weak security controls and practices routinely exploited for initial access

11/05/2022 – CISA – Protecting Against Cyber Threats to Managed Service Providers and their Customers

28/04/2022 – Joint Cyber Security Advisory: Top 15 Routinely Exploited Vulnerabilities Of 2021

13/04/2022 – CISA – Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability

1/03/2022 – NSA – Network Infrastructure Security Guidance

22/02/2022 – QNAP and Asustor NAS vulnerabilities exploited to deploy ransomware

19/02/2022 – CISA – Free Cybersecurity Services and Tools

9/02/2022 – January 2022 New Zealand Information Security Manual v3.5 Release

9/02/2022 – 2021 Trends Show Increased Globalized Threat of Ransomware

4/02/2022 – Indicators of Compromise Associated with LockBit 2.0 Ransomware

19/01/2022 – Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

10/12/2021 – Log4j RCE 0-day actively exploited

24/11/2021 – Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations

12/11/2021 – Palo Alto Networks Release Security Updates for PAN-OS

28/10/2021 – 2021 CWE Most Important Hardware Weaknesses

25/10/2021 – NOBELIUM Attacks on Cloud Services and other Technologies

23/09/2021 – Active scanning for VMware vCenter Vulnerability

9/09/2021 – Microsoft Releases Mitigations and Workarounds for CVE-2021-40444

4/09/2021 – CISA – Atlassian Releases Security Updates for Confluence Server and Data Center

21/08/2021 – CISA – Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities

18/08/2021 – CISA – Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches

16/07/2021 – CISA – Stop Ransomware One Stop Location

15/07/2021 – CERT NZ – SonicWall EOL Devices Targeted by Ransomware

2/07/2021 – CISA – Kaseya VSA Supply-Chain Ransomware Attack

2/07/2021 – CERT NZ – Critical vulnerabilities in Microsoft Windows Print Spooler service

24/06/2021 – CISA – Bad Practices

16/06/2021 – OPC – OPC sends warnings to organisations to get it right next time

4/06/2021 – CISA – Unpatched VMware vCenter Software

31/05/2021 – NCSC – Ransomware: Your organisation should be both protected and prepared

16/05/2021 – Ransomware Attack on Health Sector

14/05/2021 – CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise

2/04/2021 – FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

8/03/2021 – CISA – Remediating Microsoft Exchange Vulnerabilities

3/03/2021 – CERT NZ – Urgent Microsoft Exchange security update released

26/02/2021 – NSA – Embracing a Zero Trust Security Model

28/01/2021 – CISA guidance: reducing the risk of ransomware

6/01/2021 – Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance v3

24/12/2020 – CISA Releases Free Detection Tool for Azure/M365 Environment

17/12/2020 – Advanced Persistent Threat Compromise – SolarWinds

14/12/2020 – SolarWinds Orion Cyber Security Alert

1/12/2020 – Vulnerability in Fortinet firewalls being exploited

20/11/2020 – Nitro PDF users’ email addresses and hashed passwords leaked

16/10/2020 – Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

1/10/2020 – U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) Ransomware Advisory

20/09/2020 – CISA and MS-ISAC Release Ransomware Guide

17/09/2020 – Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol

7/09/2020 – Malware being spread via email attachments

4/09/2020 – DoS and DDoS Attacks against Multiple Sectors

1/09/2020 – Technical Approaches to Uncovering and Remediating Malicious Activity

27/08/2020 – Cisco Releases Security Updates

14/08/2020 – Phishing Emails Used to Deploy KONNI Malware

23/07/2020 – Reduce Exposure Across Operational Technologies and Control Systems

15/07/2020 – Critical vulnerability in Microsoft Windows Server

30/06/2020 – EINSTEIN Data Trends – 30-day Lookback

22/06/2020 – ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises

16/06/2020 – Active ransomware campaign leveraging remote access technologies

05/06/2020 – Cyber Alerts & Tips – CISA Unpatched Microsoft Systems Vulnerable to CVE 2020 0796

20/05/2020 – Summary of Tradecraft Trends for 2019-20 (ACSC)

12/05/2020 – Top 10 Routinely Exploited Vulnerabilities

05/05/2020 – APT Groups Target Healthcare and Essential Services

08/04/2020 – COVID-19 Exploited by Malicious Cyber Actors

19/03/2020 – SIM swapping attacks

13/03/2020 – Enterprise VPN Security

10/03/2020 – Vulnerability in Exchange Server actively exploited

06/03/2020 – Defending Against COVID-19 Cyber Scams

05/03/2020 – National ‘Slam the Scam’ Day

15/02/2020 – North Korean Malicious Cyber Activity

11/02/2020 – Safer Internet Day

07/02/2020 – ACSC Mailto Ransomware Incidents

26/01/2020 – Microsoft Office 365 Security Observations

24/01/2020 – NSA Releases Guidance on Mitigating Cloud Vulnerabilities

22/01/2020 – IC3 Issues Alert on Employment Scams

14/01/2020 – Critical Vulnerabilities in Microsoft Windows Operating Systems

04/01/2020 – Summary of Terrorism Threat

01/01/2020 – Secure New Internet Connected Devices

04/12/2019 – GCSB encourages leaders to connect with cyber security governance

11/12/2019 – Apple Releases Multiple Security Updates

27/11/2019 – Black Friday Shopping Protect Your Identity

19/11/2019 – Safeguarding Data Before Upgrading Mobile Phones

01/11/2019 – Financial sector targeted in blackmail campaign

24/10/2019 – UK NCSC 2019 Report

16/10/2019 – WordPress Releases Security Update

04/10/2019 – Ransomware

17/06/2019 – BlueKeep Vulnerability

13/05/2019 – Microsoft Office 365 Security Observations

24/01/2019 – DNS Infrastructure Hijacking Campaign

11/10/2018 – Publicly Available Tools Seen in Cyber Incidents Worldwide

20/07/2018 – Emotet Malware

25/05/2018 – Home and Office Routers and Networked Devices

27/03/2018 – Brute Force Attacks

New Zealand Government Issued Warnings and Alerts for Scams and associated Misconduct

Financial Markets Authority – Warnings and alerts

Ministry if Business Innovation and Employment – Types of Scams

Department of Internal Affairs – Online Scams

Netsafe – Scams

CERT NZ – Scams

Australian Competition & Consumer Commission

Tips

Refer to our Linkedin Feed

About

The alerts and tips published by Incident Response Solutions are intended to be a high-level summary containing some of the most important information that has been published on Forensic and Cyber Security matters as it comes to hand.

We occasionally publish these alerts and tips to our YouTube Channel and this webpage. Subscribe to our alerts here. We’ll give you a brief summary of each alert or tip, and a link to more information. Why do we publish these alerts and tips? Because we want to keep you up to date with the latest Forensic and Cyber Security information, so that you aren’t caught by surprise – and you’ll know about risks and changes before they become problems.

For readers wishing to receive additional Forensic and Cyber Security information, we recommend subscribing to the NZ Incident Response Bulletin.

Please contact us at support@incidentresponse.co.nz for further information.

Traffic light protocol

The traffic light protocol (TLP) is a set of designations used to ensure that sensitive information is shared with the correct audience.

All alerts on this page are considered ‘White’, i.e. the information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.