Online Advisories & Alerts

CERT VU advisories & alerts disclose current reported cyber security vulnerabilities and threats identified in Vanuatu. The advisories deliver provide a summary of the threat analysed. Descriptions of the threat reported and mitigation procedures are provided as part of the advisory on how to mitigate the threats to minimise their impacts. Finally, a Traffic Light Protocol (TLP: Colour – See guides page for more information) indicator to show the level or information security and sharing rights.

Advisory 20

TLP Rating: White

Vulnerability in the Microsoft Support Diagnostic Tool (MSDT).

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

On the 31st May 2022, Microsoft disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). CERT Vanuatu has received an advisory from its collaborating partners the Australia Cyber Security Centre (ACSC) and the United Stated Cybersecurity Infrastructure Security Agency (CISA) of this threat.

CERTVU would like to advise its constituents using Microsoft Products to swiftly act on addressing this threat. Since it is a ‘Zero Day’ threat, there is no patch available to-date however, it is important to take note of the mitigation Process below.

Read more: Advisory 20

Advisory 19

TLP Rating: White

Text Message Scam.

CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

 CERT Vanuatu (CERTVU) office has received reports from Digicel Limited in regarding the above-mentioned attacks on its constituents using Digicel Mobile Network. Therefore, CERTVU is putting out this advisory for all it’s constituents using Digicel Network who could become victims to this attack.

Read more: Advisory 19

Advisory 18

TLP Rating: White

Critical vulnerabilities identified in Microsoft Office (Excel _CVE-2021-42292).

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory by its international partners. CERTVU office would like to advise it’s constituents on critical vulnerabilities identified in locally installed versions of Microsoft Excel which allows a cyber-actor to bypass a key security control.

 

Read more: Advisory 18

Advisory 17

TLP Rating: White

Apple iMessage vulnerability targeted by attackers

CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners. The CERTVU office would like to advise users that apple has released a software update for iOS, macOS and watchOS due to vulnerabilities discovered.

 

Read more: Advisory 17

Advisory 16

TLP Rating: White

On-Premises Exchange Server Vulnerabilities - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

CERT Vanuatu (CERTVU) and the Office of the Government Information Officer was alerted of these vulnerabilities by its international partners.

The CERTVU office would like to advise institutions and corporate companies with on-premises Exchange Servers. Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of MS Exchange servers in limited and targeted attacks.

Read more: Advisory 16

Advisory 15

TLP Rating: White

Urgent Microsoft Exchange security update released.

CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners.

The CERTVU office would like to advise it’s constituents on possible critical vulnerabilities in Microsoft Exchange. Microsoft has released an urgent update for Exchange Server due to response to Exchange Servers being actively attacked by a sophisticated threat actor. Institutions and companies running Microsoft Exchange Servers are urged to patch these servers immediately.

Read more: Advisory 15