Read CERT NZ's latest quarterly report

25 November 2020

Skip to main content
Return to homepage

Main navigation

  • Individuals
    • Guides
      • Guides
      • Getting started with cyber security
        • Getting started with cyber security
        • Top 11 tips for cyber security
        • How to create a good password
        • Backing up data and devices
        • Use two-factor authentication to protect your accounts
        • Keep your data safe with a password manager
        • Protecting your privacy online
        • Keep up with your updates
        • Report online
      • Stepping up your cyber security
        • Stepping up your cyber security
        • Secure your home network
        • Buying a new device
        • Cyber security and social media
        • Keeping your mobile phone safe and secure
        • Shopping online safely
        • Cryptocurrency security
        • How the cloud works
        • Ditch your older device
        • Staying secure while working from home
        • Using encryption to keep your data safe
        • Report online
      • Report online
    • Explore
      • Explore
      • Credential dumps
      • Report online
    • Alerts
      • Alerts
      • Nitro PDF users’ email addresses and hashed passwords leaked
      • Malware being spread via email attachments
      • Businesses compromised through remote access systems
      • Attackers using COVID-19 themed scams - updated alert
      • Serious issue with older Microsoft Windows systems
      • Financial sector targeted in blackmail campaign
      • Serious vulnerability in popular forum software - vBulletin
      • Christchurch tragedy-related scams and attacks
      • Google Chrome web browser security issue
      • Bomb threat emails affecting New Zealanders
      • Webcam and password blackmail scam
      • Malware targeting business customers of New Zealand banks
      • Invoice scams affecting New Zealand businesses
      • New malware found on routers
      • Misuse of Cisco devices
      • RealMe phishing emails
      • Vulnerabilities in computer processors
      • Report online
    • Report online
  • Business
    • Guides
      • Guides
      • Business basics
        • Business basics
        • Managing passwords and authentication in your business
        • Top 11 cyber security tips for your business
        • Using two-factor authentication (2FA) to secure your business
        • Backups for your business
        • Choosing an IT service provider
        • Secure your small business network
        • Using a password manager in your business
        • Report an incident
      • Secure your website
        • Secure your website
        • Trade Smart Online
          • Trade Smart Online
          • Protect it campaign
          • Report an incident
        • Benefits of using HTTPS across your website
        • Set up logs for your website
        • Accepting payments online
        • Keeping business data safe with encryption
        • Report an incident
      • Policies and processes
        • Policies and processes
        • Create a cyber security policy for your business
        • Create a password policy for your business
        • Cyber security awareness for your staff
        • Cyber security risk assessments for business
        • Enabling staff to work remotely
        • Types of remote access software
        • Software as a service
        • Preventing your email from being spoofed
        • Report an incident
      • Responding to incidents
        • Responding to incidents
        • Getting a vulnerability report
        • Creating an incident response plan
        • What to do after you’ve identified a cyber security incident
        • Communicating in a cyber security incident
        • Report an incident
      • Report an incident
    • Common threats
      • Common threats
      • Protecting your business from spear phishing and whaling
      • Phishing scams and your business
      • Business email compromise
      • Report an incident
    • Alerts
    • Report an incident
  • IT specialists
    • Guides
      • Guides
      • Legacy systems
      • Mobile device management
        • Mobile device management
        • Managing mobile devices on your network
        • Report an incident
      • How to report a vulnerability
      • Default credentials
      • Cloud-based identity providers and authentication
      • Securing access to Microsoft 365
      • Mitigating the impact of incidents in M365
      • Preparing for denial-of-service incidents
      • Mitigating denial-of-service attacks
      • Manage authentication
        • Manage authentication
        • Changing default credentials
        • Configuring central identity providers
        • Report an incident
      • Asset lifecycle management
        • Asset lifecycle management
        • Creating an asset lifecycle
        • Lifecycle management: identifying existing assets
        • Mitigating legacy systems
        • Identifying and managing legacy systems
        • Report an incident
      • Report an incident
    • Critical controls
      • Critical controls
      • Multi-factor authentication
        • Multi-factor authentication
        • Implementing multi-factor authentication
        • Report an incident
      • Patching
        • Patching
        • Implementation advice for patching
        • Creating a standard patching process
        • Report an incident
      • Implement and test backups
        • Implement and test backups
        • Backing up your data
        • Report an incident
      • Application allowlisting
        • Application allowlisting
        • Implementing application allowlisting
        • Report an incident
      • Centralised logging
        • Centralised logging
        • Configuring centralised logging
        • Report an incident
      • Network segmentation and separation
        • Network segmentation and separation
        • Architecting network segmentation
        • Report an incident
      • Securing internet-exposed services
        • Securing internet-exposed services
        • Implementation advice for securing internet-exposed services
        • Report an incident
      • Secure defaults for macros
        • Secure defaults for macros
        • Configuring secure defaults for macros
        • Report an incident
      • Report an incident
    • Advisories
      • Advisories
      • Oracle WebLogic Server vulnerability being exploited
      • Increase in Ryuk ransomware attacks
      • Critical Windows Authentication Vulnerability in Netlogon
      • Emotet Malware being spread via email
      • Critical vulnerability in Microsoft Windows Server
      • Active ransomware campaign leveraging remote access technologies
      • Targeted attacks exploiting vulnerabilities in Microsoft Windows
      • Critical remote unauthenticated vulnerability in SMBv3
      • Vulnerability in Exchange Server actively exploited
      • Updated: Exploitation of critical Citrix vulnerability
      • Critical vulnerabilities in Microsoft Windows
      • Critical vulnerability in Microsoft remote desktop services
      • DDoS extortion campaign targeting financial sector
      • Virtual private network (VPN) vulnerabilities being exploited
      • Vulnerability and zero-day exploit targeting vBulletin forum software
      • 'Urgent 11' vulnerabilities in VxWorks operating systems
      • Oracle WebLogic vulnerability being exploited
      • Exim mail transfer agent (MTA) vulnerability being exploited
      • Microsoft SharePoint vulnerability being exploited
      • Google Chrome web browser vulnerability
      • UPnProxy and 'EternalSilence' being used to exploit routers
      • Banking malware targeting business customers of New Zealand banks
      • VPNFilter malware
      • S/MIME and OpenPGP email client vulnerability
      • Cisco Smart Install misuse
      • MikroTik RouterOS vulnerability
      • Memcached reflection denial-of-service
      • Meltdown and Spectre CPU vulnerabilities
      • Report an incident
    • Report an incident
  • About
    • About us
    • Quarterly reports
      • Quarterly reports
      • Quarter Three Report 2020
      • Quarter One and Two Report 2020
      • 2020 half year summary
      • 2019 Report Summary
      • Quarter Four Report 2019
      • Quarter Three Report 2019
      • Quarter Two Report 2019
      • Quarter One Report 2019
      • 2018 Report Summary
      • Quarter Four Report 2018
      • Quarter Three Report 2018
      • Quarter Two Report 2018
      • Quarter One Report 2018
      • Quarter Four Report 2017
      • Quarter Three Report 2017
      • Quarter Two Report 2017
    • Our partners
    • Contact us
    • News
      • News
      • Email-related attacks cost New Zealanders close to one million dollars
      • Businesses encouraged to trade smart online to avoid a nightmare before Christmas
      • What is a CERT, anyway?
      • Stay alert to email and online shopping scams this holiday season
      • Complacency makes Kiwis more vulnerable to cyber attacks
      • COVID-19: operating your business under Alert Levels 1 and 2
      • Online recruitment scams
      • COVID-19: operating your business at all alert levels
      • Using Zoom safely
      • Preparing your business for Alert Level 3
      • COVID-19: CERT NZ availability through levels 3 and 4
      • COVID-19: supporting people to work from home
      • Safer Internet Day – help kids stay safe online
      • Buying devices for back to school
Subscribe to updates
Twitter updates
Facebook page

Alerts

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

20 Nov 2020

Nitro PDF users’ email addresses and hashed passwords leaked

Nitro PDF data breach includes New Zealander user’s email addresses and hashed passwords.

 07 Sep 2020

Malware being spread via email attachments

Malware called “Emotet” is being spread via email containing infected links and attachments.

 16 Jun 2020

Businesses compromised through remote access systems

Sensitive data is being stolen through the systems used to enable remote access to business networks.

 26 Mar 2020

Attackers using COVID-19 themed scams - updated alert

Criminals take advantage of the global COVID-19 pandemic

05 Nov 2019

Serious issue with older Microsoft Windows systems

An issue was discovered in older Windows systems, which allows attackers to remotely connect to and access user’s accounts. Software updates are available to resolve the issue.

 01 Nov 2019

Financial sector targeted in blackmail campaign

Criminals threaten denial-of-service attack against financial companies unless ransom is paid.
Show More

Footer

  • About us
  • Contact us
  • Traffic light protocol

  • © 2020 CERTNZ

  • Copyright
  • Disclaimer
  • Privacy and information statement
New Zealand Government

>Glossary Term

Please tick the box to prove you're a human and help us stop spam.