Skip to main content
Cert logo Created with Sketch. Return to homepage

Main navigation

  • Individuals
    • Guides
      • Guides
      • Getting started with cyber security
        • Getting started with cyber security
        • Top 11 tips for cyber security
        • How to create a good password
        • Backing up data and devices
        • Use two-factor authentication to protect your accounts
        • Keep your data safe with a password manager
        • Report an issue
      • Stepping up your cyber security
        • Stepping up your cyber security
        • Secure your home network
        • Buying a new device
        • Cyber security and social media
        • Keeping your mobile phone safe and secure
        • Shopping online safely
        • Cryptocurrency security
        • How the cloud works
        • Ditch your older device
        • Report an issue
      • Report an issue
    • Explore
      • Explore
      • Credential dumps
      • Report an issue
    • Alerts
      • Alerts
      • Google Chrome web browser security issue
      • Bomb threat emails affecting New Zealanders
      • Webcam and password blackmail scam
      • Malware targeting business customers of New Zealand banks
      • Invoice scams affecting New Zealand businesses
      • New malware found on routers
      • Misuse of Cisco devices
      • RealMe phishing emails
      • Vulnerabilities in computer processors
      • Ransomware, called Bad Rabbit, affecting international systems
      • KRACK attack: Security weaknesses affecting wi-fi enabled devices
      • Kovter malware being distributed on adult websites
      • BlueBorne: Security vulnerabilities affecting Bluetooth devices
      • Onliner Spambot release of 711 million credentials
      • MPI phishing scam
      • Email compromise and invoice scam
      • Webcam blackmail scam
      • NotPetya ransomware campaign targeting Microsoft Windows computers
      • Phone scammers claiming to provide WannaCry ransomware support
      • WannaCry Ransomware used in large scale international attacks
      • 1 billion username and password credentials released
      • Google Docs phishing attack
      • Phone scammers claiming to be from CERT NZ
      • Phone scam affecting businesses and government organisations
      • Office 365 phishing and credential harvesting campaign
      • Christchurch tragedy-related scams and attacks
      • Serious issue with older Microsoft Windows systems
      • Report an issue
    • Report an issue
  • Business
    • Guides
      • Guides
      • Business basics
        • Business basics
        • Top 11 cyber security tips for your business
        • Using two-factor authentication (2FA) to secure your business
        • Backups for your business
        • Choosing an IT service provider
        • Secure your small business network
        • Report an incident
      • Secure your website
        • Secure your website
        • Protect your website
        • Benefits of making your website use HTTPS
        • Set up logs for your website
        • Report an incident
      • Policies and processes
        • Policies and processes
        • Create a cyber security policy for your business
        • Create a password policy for your business
        • Cyber security awareness for your staff
        • Cyber security risk assessments for business
        • Report an incident
      • Responding to incidents
        • Responding to incidents
        • Getting a vulnerability report
        • Incident response: planning for when things go wrong
        • Report an incident
      • Report an incident
    • Common threats
      • Common threats
      • Protecting your business from spear phishing and whaling
      • Phishing scams and your business
      • Report an incident
    • Alerts
    • Report an incident
  • IT specialists
    • Guides
      • Guides
      • Legacy systems
        • Legacy systems
        • Identifying and managing legacy systems
        • Mitigating legacy systems
        • Report an incident
      • Mobile device management
        • Mobile device management
        • Managing mobile devices on your network
        • Report an incident
      • How to report a vulnerability
      • Report an incident
    • Critical controls
      • Critical controls
      • Multi-factor authentication
        • Multi-factor authentication
        • Implementing multi-factor authentication
        • Report an incident
      • Patching
        • Patching
        • Implementation advice for patching
        • Creating a standard patching process
        • Report an incident
      • Default credentials
        • Default credentials
        • Changing default credentials
        • Report an incident
      • Application whitelisting
        • Application whitelisting
        • Implementing application whitelisting
        • Report an incident
      • Implement and test backups
        • Implement and test backups
        • Backing up your data
        • Report an incident
      • Centralised logging
        • Centralised logging
        • Configuring centralised logging
        • Report an incident
      • Report an incident
    • Advisories
      • Advisories
      • Critical vulnerability in Microsoft remote desktop services
      • Microsoft SharePoint vulnerability being exploited
      • Google Chrome web browser vulnerability
      • UPnProxy and 'EternalSilence' being used to exploit routers
      • Banking malware targeting business customers of New Zealand banks
      • VPNFilter malware
      • S/MIME and OpenPGP email client vulnerability
      • Cisco Smart Install misuse
      • MikroTik RouterOS vulnerability
      • Memcached reflection denial-of-service
      • Meltdown and Spectre CPU vulnerabilities
      • Certain TLS-RSA implementations susceptible to ROBOT attack
      • Bad Rabbit Ransomware affecting Eastern European networks
      • ROCA: Major security flaw in crypto keys discovered
      • KRACK attack: security vulnerabilities in WPA1+2
      • BlueBorne: Bluetooth security vulnerabilities
      • Onliner Spambot release of 711 million credentials
      • MPI phishing scam
      • New ransomware campaign known as NotPetya
      • Shadow Brokers release of software vulnerabilities
      • Anti Public and Exploit.in release of credentials
      • WannaCry Ransomware used in large scale international attacks
      • Global campaign targeting multi-national IT service providers
      • Exim Mail Transfer Agent (MTA) vulnerability being exploited
      • Oracle WebLogic vulnerability being exploited
      • Report an incident
    • Report an incident
  • About
    • About us
    • Quarterly reports
      • Quarterly reports
      • 2018 Report Summary
      • Quarter Four Report 2018
      • Quarter Three Report 2018
      • Quarter Two Report 2018
      • Quarter One Report 2018
      • Quarter Four Report 2017
      • Quarter Three Report 2017
      • Quarter Two Report 2017
    • Our partners
    • Contact us
Subscribe to updates Group 18 Copy 6 Created with Sketch.
Twitter updates Fill 1 Copy 4 Created with Sketch.

Advisories

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates above to be notified as soon as we publish an advisory.

20 Jun 2019

Oracle WebLogic vulnerability being exploited

Researchers have discovered a critical vulnerability in the web services component of Oracle WebLogic Server which is being actively exploited by attackers.

Oracle has released a patch to mitigate this issue.

17 Jun 2019

Exim Mail Transfer Agent (MTA) vulnerability being exploited

Unpatched mail servers using Exim Mail Transfer Agent (MTA) are being compromised by multiple groups to run their own code on the compromised system.

 15 May 2019

Critical vulnerability in Microsoft remote desktop services

Microsoft has published patches for a critical vulnerability in remote desktop services. The vulnerability affects older versions of Windows.

 13 May 2019

Microsoft SharePoint vulnerability being exploited

Unpatched Microsoft SharePoint servers are being compromised by attackers, where they are gaining access to corporate networks.

07 Mar 2019

Google Chrome web browser vulnerability

Google have released patch for vulnerability CVE-2019-5786, with known exploits.

 30 Nov 2018

UPnProxy and 'EternalSilence' being used to exploit routers

Universal Plug and Play exploitation ‘UPnProxy’ and injection ‘EternalSilence’ being used to compromise devices behind a router.
Show More

Footer

  • About us
  • Contact us
  • Traffic light protocol

  • © 2019 CERTNZ

  • Copyright
  • Disclaimer
  • Privacy and information statement
NZ coat of arms logo New Zealand Government NZ govt logo Created with Sketch.

>Glossary Term

Subscription options