IT specialists

Practical information on keeping systems and data safe from attack.

Advisory

Vulnerability in Pulse Connect Secure actively exploited

21 April 2021

Guide

How to report a vulnerability

If you find a vulnerability in a service or product, you should report it to the individual or organisation (the 'vendor

CERT 180420 WEB 210

News

What is a CERT, anyway?

This week marks the anniversary of the Morris Worm, the first well-known internet ‘worm’. To mark the occasion, we’re ta

6 November 2020

CERT TEC 180518 WEB 245

Critical Controls

Implement and test backups

After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and

CERT CAFE 180426 WEB 21

News

Businesses encouraged to trade smart online to avoid a nightmare before Christmas

Shoring up ecommerce website security can help businesses and their customers avoid a cyber nightmare before Christmas s

11 November 2020

Advisory

Updates released for new critical vulnerabilities in Microsoft Exchange

14 April 2021

2019 05 16 MTP 0632

Critical Controls

Application allowlisting

Application allowlisting (otherwise known as whitelisting) is a method of strictly controlling what programs can be run

Guide

Reporting a vulnerability to CERT NZ

A vulnerability is a weakness in software, hardware, or an online service. Vulnerabilities can be exploited to damage a

CERT TEC 180518 WEB 83

Critical Controls

Principle of least privilege

The principle of least privilege means only having the access you need to do your job. Restricting the level access to o

Guide

Default credentials

Change the passwords on any systems that come with default credentials before you use the systems in your environment.

2019 05 30 MTP 1674 v2

News

Stay alert to email and online shopping scams this holiday season

Christmas and the summer holidays are just around the corner, but unfortunately not everyone sees it as the season of go

6 November 2020

Advisory

Microsoft Exchange vulnerabilities being exploited with ransomware

3 March 2021

Guide

Cloud-based identity providers and authentication

Using single sign-on with a large cloud identity provider allows your users to protect fewer passwords and your IT staff

CERT TEC 180518 WEB 83 v2

Critical Controls

Centralised logging

Storing and securing your logs in a central place makes log analysis and alerting easier.

Advisory

Critical vulnerabilities in Microsoft Windows TCP/IP stack

10 February 2021

CERT TEC 180518 WEB 56

News

Complacency makes Kiwis more vulnerable to cyber attacks

The volume and sophistication of financially-motivated cyber attacks has increased over the last six months, so it is cr

19 October 2020