IT specialists

Practical information on keeping systems and data safe from attack.

Guide

Traffic light protocol

The traffic light protocol (TLP) is a set of designations used to ensure that sensitive information is shared with the c

CERT TEC 180518 WEB 245

Critical Controls

Implement and test backups

After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and

Michael Wallmannsberger

News

Don’t blame the IT crowd - cyber security is everyone’s concern

Cyber security incidents caused nearly $17m losses last year, but most organisations still see it as an 'IT problem'.

22 July 2021

Advisory

Microsoft Exchange Autodiscover exposing credentials

24 September 2021

2019 05 16 MTP 0632

Critical Controls

Implement application control

Application allowlisting (otherwise known as whitelisting) is a method of strictly controlling what programs can be run

Guide

How to report a vulnerability

If you find a vulnerability in a service or product, you should report it to the individual or organisation (the 'vendor

Advisory

Active scanning for VMware vCenter Vulnerability

23 September 2021

Guide

Reporting a vulnerability to CERT NZ

A vulnerability is a weakness in software, hardware, or an online service. Vulnerabilities can be exploited to damage a

CERT TEC 180518 WEB 83

Critical Controls

Principle of least privilege

The principle of least privilege means only having the access you need to do your job. Restricting the level access to o

q1 2021 quarterly report card

News

Cyber security incidents continue to rise

CERT NZ’s latest report shows Kiwis reported more than 1,400 cyber security incidents from 1 January to 31 March.

3 June 2021

Advisory

Apple iMessage vulnerability being exploited

14 September 2021

Guide

Default credentials

Change the passwords on any systems that come with default credentials before you use the systems in your environment.

CERT TEC 180518 WEB 83 v2

Critical Controls

Centralised logging

Storing and securing your logs in a central place makes log analysis and alerting easier.

samoa cert

News

Cyber security strengthens in the Pacific with the launch of SamCERT

A partnership between New Zealand and Samoa has strengthened cyber security resilience in the Pacific with the establish

27 May 2021

Advisory

Active scanning for Microsoft Exchange Proxyshell vulnerability

8 August 2021

Guide

Cloud-based identity providers and authentication

Using single sign-on with a large cloud identity provider allows your users to protect fewer passwords and your IT staff