Skip to main content
Cert logo Created with Sketch. Return to homepage

Main navigation

  • Individuals
    • Guides
      • Guides
      • Getting started with cyber security
        • Getting started with cyber security
        • Top 11 tips for cyber security
        • How to create a good password
        • Backing up data and devices
        • Use two-factor authentication to protect your accounts
        • Keep your data safe with a password manager
        • Protecting your privacy online
        • Keep up with your updates
        • Report online
      • Stepping up your cyber security
        • Stepping up your cyber security
        • Secure your home network
        • Buying a new device
        • Cyber security and social media
        • Keeping your mobile phone safe and secure
        • Shopping online safely
        • Cryptocurrency security
        • How the cloud works
        • Ditch your older device
        • Report online
      • Report online
    • Explore
      • Explore
      • Credential dumps
      • Report online
    • Alerts
      • Alerts
      • Financial sector targeted in blackmail campaign
      • Serious vulnerability in popular forum software - vBulletin
      • Serious issue with older Microsoft Windows systems
      • Christchurch tragedy-related scams and attacks
      • Google Chrome web browser security issue
      • Bomb threat emails affecting New Zealanders
      • Webcam and password blackmail scam
      • Malware targeting business customers of New Zealand banks
      • Invoice scams affecting New Zealand businesses
      • New malware found on routers
      • Misuse of Cisco devices
      • RealMe phishing emails
      • Vulnerabilities in computer processors
      • Report online
    • Report online
  • Business
    • Guides
      • Guides
      • Business basics
        • Business basics
        • Password management for business
        • Top 11 cyber security tips for your business
        • Using two-factor authentication (2FA) to secure your business
        • Backups for your business
        • Choosing an IT service provider
        • Secure your small business network
        • Report an incident
      • Secure your website
        • Secure your website
        • Protect your website
        • Benefits of making your website use HTTPS
        • Set up logs for your website
        • Report an incident
      • Policies and processes
        • Policies and processes
        • Create a cyber security policy for your business
        • Create a password policy for your business
        • Cyber security awareness for your staff
        • Cyber security risk assessments for business
        • Report an incident
      • Responding to incidents
        • Responding to incidents
        • Getting a vulnerability report
        • Creating an incident response plan
        • What to do after you’ve identified a cyber security incident
        • Report an incident
      • Report an incident
    • Common threats
      • Common threats
      • Protecting your business from spear phishing and whaling
      • Phishing scams and your business
      • Business email compromise
      • Report an incident
    • Alerts
    • Report an incident
  • IT specialists
    • Guides
      • Guides
      • Legacy systems
        • Legacy systems
        • Identifying and managing legacy systems
        • Mitigating legacy systems
        • Report an incident
      • Mobile device management
        • Mobile device management
        • Managing mobile devices on your network
        • Report an incident
      • How to report a vulnerability
      • Multi-factor authentication
        • Multi-factor authentication
        • Implementing multi-factor authentication
        • Report an incident
      • Default credentials
        • Default credentials
        • Changing default credentials
        • Report an incident
      • Cloud-based identity providers and authentication
        • Cloud-based identity providers and authentication
        • Configuring central identity providers
        • Report an incident
      • Report an incident
    • Critical controls
      • Critical controls
      • Patching
        • Patching
        • Implementation advice for patching
        • Creating a standard patching process
        • Report an incident
      • Implement and test backups
        • Implement and test backups
        • Backing up your data
        • Report an incident
      • Application whitelisting
        • Application whitelisting
        • Implementing application whitelisting
        • Report an incident
      • Centralised logging
        • Centralised logging
        • Configuring centralised logging
        • Report an incident
      • Network segmentation and separation
        • Network segmentation and separation
        • Architecting network segmentation
        • Report an incident
      • Secure defaults for macros
        • Secure defaults for macros
        • Configuring secure defaults for macros
        • Report an incident
      • Report an incident
    • Advisories
      • Advisories
      • Critical vulnerabilities in Microsoft Windows
      • Updated: Exploitation of critical Citrix vulnerability
      • DDoS extortion campaign targeting financial sector
      • Virtual private network (VPN) vulnerabilities being exploited
      • Vulnerability and zero-day exploit targeting vBulletin forum software
      • 'Urgent 11' vulnerabilities in VxWorks operating systems
      • Oracle WebLogic vulnerability being exploited
      • Exim mail transfer agent (MTA) vulnerability being exploited
      • Critical vulnerability in Microsoft remote desktop services
      • Microsoft SharePoint vulnerability being exploited
      • Google Chrome web browser vulnerability
      • UPnProxy and 'EternalSilence' being used to exploit routers
      • Banking malware targeting business customers of New Zealand banks
      • VPNFilter malware
      • S/MIME and OpenPGP email client vulnerability
      • Cisco Smart Install misuse
      • MikroTik RouterOS vulnerability
      • Memcached reflection denial-of-service
      • Meltdown and Spectre CPU vulnerabilities
      • Report an incident
    • Report an incident
  • About
    • About us
    • Quarterly reports
      • Quarterly reports
      • Quarter Three Report 2019
      • Quarter Two Report 2019
      • Quarter One Report 2019
      • 2018 Report Summary
      • Quarter Four Report 2018
      • Quarter Three Report 2018
      • Quarter Two Report 2018
      • Quarter One Report 2018
      • Quarter Four Report 2017
      • Quarter Three Report 2017
      • Quarter Two Report 2017
    • Our partners
    • Contact us
    • News
      • News
      • Safer Internet Day – help kids stay safe online
      • Stay alert to email and online shopping scams this holiday season
      • Buying devices for back to school
Subscribe to updates Group 18 Copy 6 Created with Sketch.
Twitter updates Fill 1 Copy 4 Created with Sketch.

Advisories

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates above to be notified as soon as we publish an advisory.

21 Jan 2020

Updated: Exploitation of critical Citrix vulnerability

Citrix ADC, Gateway, and certain versions of SD-WAN WANOP appliances are vulnerable to a critical remote execution exploit, which is being actively targeted.

 15 Jan 2020

Critical vulnerabilities in Microsoft Windows

Microsoft has patched several critical flaws in Windows – the RDP service is vulnerable to unauthenticated remote execution, and the CryptoAPI allows for the spoofing of valid X.509 certificate chains.

 05 Nov 2019

Critical vulnerability in Microsoft remote desktop services

Microsoft has published patches for a critical vulnerability in remote desktop services. The vulnerability affects older versions of Windows.

 01 Nov 2019

DDoS extortion campaign targeting financial sector

Attackers claiming to be from ‘Fancy Bear / Cozy Bear’ group threaten DDoS attack unless ransom is paid.

 18 Oct 2019

Vulnerabilities in virtual private networks (VPN) being exploited

Vulnerabilities affecting three virtual private network (VPN) products are being exploited.

 26 Sep 2019

Vulnerability and zero-day exploit targeting vBulletin forum software

An exploit has been released publicly for a pre-authentication remote code vulnerability in the popular forum software vBulletin Connect. vBulletin has released a patch to mitigate this issue.
Show More

Footer

  • About us
  • Contact us
  • Traffic light protocol

  • © 2020 CERTNZ

  • Copyright
  • Disclaimer
  • Privacy and information statement
NZ coat of arms logo New Zealand Government NZ govt logo Created with Sketch.

>Glossary Term