IT specialists

Practical information on keeping systems and data safe from attack.

Guide

Reporting a vulnerability to CERT NZ

A vulnerability is a weakness in software, hardware, or an online service. Vulnerabilities can be exploited to damage a

CERT TEC 180518 WEB 83 v2

Critical Controls

Centralised logging

Storing and securing your logs in a central place makes log analysis and alerting easier.

Advisory

Vulnerabilities in Apple operating systems reportedly being actively exploited

4 May 2021

CERT STREET 180621 WEB 1

News

Concerns over security increase as more people hit the online shops

Research shows that as more people are transacting online, concerns about the security of online shopping are on the min

29 April 2021

Guide

Default credentials

Change the passwords on any systems that come with default credentials before you use the systems in your environment.

2019 05 09 MTP 0595

News

CERT NZ’s threat feed saves New Zealanders a costly tax year

CERT NZ’s timely actions have saved some New Zealanders a costly end to the tax year. With the help of CERT NZ’s threat

22 March 2021

CERT TEC 180518 WEB 265

Critical Controls

Network segmentation and separation

When paired together, segmentation and separation can add an additional level of access control and security to your net

Guide

Cloud-based identity providers and authentication

Using single sign-on with a large cloud identity provider allows your users to protect fewer passwords and your IT staff

Advisory

Vulnerabilities in SonicWall Email Security actively exploited

21 April 2021

2019 05 30 MTP 1674 v2

Critical Controls

Securing internet-exposed services

Limiting and securing your internet-exposed services will help you prevent unauthorised access.

CERT TEC 180518 WEB 83 v2

News

Email-related attacks cost New Zealanders close to one million dollars

CERT NZ’s latest quarterly report shows cyber attacks circulated by email posed the greatest threat to New Zealanders’ c

25 November 2020

Guide

Securing access to Microsoft 365

We see a large number of Microsoft 365 (formally known as Office 365) branded phishing attacks, due to it being such a c

Advisory

Vulnerability in Pulse Connect Secure actively exploited

21 April 2021

2019 05 30 MTP 1664 v2

Critical Controls

Secure defaults for macros

While macros have a valid business function, they are often used by attackers too. Using secure default configurations w

Advisory

Updates released for new critical vulnerabilities in Microsoft Exchange

14 April 2021

CERT 180420 WEB 210

News

What is a CERT, anyway?

This week marks the anniversary of the Morris Worm, the first well-known internet ‘worm’. To mark the occasion, we’re ta

6 November 2020