Ransomware attacks are becoming increasingly common and sophisticated. This is how CERT NZ’s critical controls can help.
Understanding why RDP is necessary and who needs access are important when hardening the RDP server. For example, if sta
There are multiple ways to manage a denial-of-service (DoS) incident and the way you respond depends on the controls yo
Denial-of-service (DoS) attacks aim to exhaust your resources and take your operations offline. They can have a signific
CERT NZ has seen a lot of phishing attacks on Microsoft 365, due to it being a commonly used cloud platform. A percentag
We see a large number of Microsoft 365 (formally known as Office 365) branded phishing attacks, due to it being such a c
Using a combination of authentication security controls can protect your organisation from a wide range of unauthorised
While macros have a valid business function, they are often used by attackers too. Using secure default configurations w
Using single sign-on with a large cloud identity provider allows your users to protect fewer passwords and your IT staff
If you find a vulnerability in a service or product, you should report it to the individual or organisation (the 'vendor
A mobile device is any portable device that can access and hold organisational data. It's important to secure these devi
Change the passwords on any systems that come with default credentials before you use the systems in your environment.
Unused or older services and protocols often have their own vulnerabilities. Proactively scan your network for any that
Legacy systems are systems that are no longer supported by the vendor, or systems that an organisation no longer maintai
A vulnerability is a weakness in software, hardware, or an online service. Vulnerabilities can be exploited to damage a
The traffic light protocol (TLP) is a set of designations used to ensure that sensitive information is shared with the c