CERT VU advisories & alerts disclose current reported cyber security vulnerabilities and threats identified in Vanuatu. The advisories deliver provide a summary of the threat analysed. Descriptions of the threat reported and mitigation procedures are provided as part of the advisory on how to mitigate the threats to minimise their impacts. Finally, a Traffic Light Protocol (TLP: Colour – See guides page for more information) indicator to show the level or information security and sharing rights.

Advisory 17

TLP Rating: Clear

Apple iMessage vulnerability targeted by attackers

CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners.

The CERTVU office would like to advise users that apple has released a software update for iOS, macOS and watchOS due to vulnerabilities discovered.

 

Advisory 16

TLP Rating: Clear

On-Premises Exchange Server Vulnerabilities - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

CERT Vanuatu (CERTVU) and the Office of the Government Information Officer was alerted of these vulnerabilities by its international partners.

The CERTVU office would like to advise institutions and corporate companies with on-premises Exchange Servers. Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of MS Exchange servers in limited and targeted attacks.

Advisory 15

TLP Rating: Clear

Urgent Microsoft Exchange security update released.

CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners.

The CERTVU office would like to advise it’s constituents on possible critical vulnerabilities in Microsoft Exchange. Microsoft has released an urgent update for Exchange Server due to response to Exchange Servers being actively attacked by a sophisticated threat actor. Institutions and companies running Microsoft Exchange Servers are urged to patch these servers immediately.

Advisory 14

TLP Rating: Clear

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory by its international partners.

CERTVU office would like to advise its constituents on critical vulnerabilities identified in Microsoft Windows systems.

Advisory 13

TLP Rating: Clear

Critical vulnerabilities in Microsoft Windows TCP/IP stack

CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners.

The CERTVU office would like to advise it’s constituents on critical vulnerabilities in Microsoft Windows TCP/IP stack. Microsoft in its February 2021 monthly security update addressed several vulnerabilities in the TCP/IP stack. There are two critical vulnerabilities in particular that could allow an attacker to gain Remote Code Execution (RCE) access on vulnerable Windows devices. The vulnerabilities affects IPv4 and IPv6 respectively.

Advisory 12

TLP Rating: Clear

Misinformation Threats Alert

CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

CERT Vanuatu (CERTVU) office has received reports regarding “Misinformation” threats and attacks from Internet users in Vanuatu, specifically it’s users using Social Media platforms such as Facebook, Twitter and Instagram. This advisory with also assist anyone to understand and avoid misinformation on these platforms. This advisory will also apply on information from online platforms and news and entertainment platforms.