IT specialists

Practical information on keeping systems and data safe from attack.

Guide

Traffic light protocol

The traffic light protocol (TLP) is a set of designations used to ensure that sensitive information is shared with the c

Guide

How to report a vulnerability

If you find a vulnerability in a service or product, you should report it to the individual or organisation (the 'vendor

CERT TEC 180518 WEB 245

Critical Controls

Implement and test backups

After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and

Advisory

Vulnerabilities in SonicWall Email Security actively exploited

21 April 2021

2019 05 09 MTP 0595

News

CERT NZ’s threat feed saves New Zealanders a costly tax year

CERT NZ’s timely actions have saved some New Zealanders a costly end to the tax year. With the help of CERT NZ’s threat

22 March 2021

Advisory

Vulnerability in Pulse Connect Secure actively exploited

21 April 2021

2019 05 16 MTP 0632

Critical Controls

Application allowlisting

Application allowlisting (otherwise known as whitelisting) is a method of strictly controlling what programs can be run

CERT TEC 180518 WEB 83 v2

News

Email-related attacks cost New Zealanders close to one million dollars

CERT NZ’s latest quarterly report shows cyber attacks circulated by email posed the greatest threat to New Zealanders’ c

25 November 2020

Guide

Reporting a vulnerability to CERT NZ

A vulnerability is a weakness in software, hardware, or an online service. Vulnerabilities can be exploited to damage a

Advisory

Updates released for new critical vulnerabilities in Microsoft Exchange

14 April 2021

CERT 180420 WEB 210

News

What is a CERT, anyway?

This week marks the anniversary of the Morris Worm, the first well-known internet ‘worm’. To mark the occasion, we’re ta

6 November 2020

Guide

Default credentials

Change the passwords on any systems that come with default credentials before you use the systems in your environment.

CERT TEC 180518 WEB 83

Critical Controls

Principle of least privilege

The principle of least privilege means only having the access you need to do your job. Restricting the level access to o

Guide

Cloud-based identity providers and authentication

Using single sign-on with a large cloud identity provider allows your users to protect fewer passwords and your IT staff

Advisory

Microsoft Exchange vulnerabilities being exploited with ransomware

3 March 2021

CERT TEC 180518 WEB 83 v2

Critical Controls

Centralised logging

Storing and securing your logs in a central place makes log analysis and alerting easier.