FreeBSD has released security updates to address vulnerabilities in ggatec, libfetch and openssl. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review FreeBSD Security Advisories FreeBSD-SA-21:14.ggatec, FreeBSD-SA-21:15.libfetch and FreeBSD-SA-21:16.openssl and apply necessary updates.

Advisory No: TZCERT/SA/2021/08/24

Date of First Release: 24^th August 2021

Source: Microsoft

Software Affected: 

• Microsoft Exchange Server 2019
• Microsoft Exchange Server 2016
• Microsoft Exchange Server 2013

Overview:

Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities.

Description:

Vulnerabilities exist in a way Microsoft Exchange Servers handle Uniform Resource Identifier (URI) validation, user-supplied data validation and validation of access token. An attacker can exploit the flaws to bypass ACL controls, elevate privileges and perform unauthenticated, remote code execution.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates.   

References:

1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207
2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523
6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523

Tanzania Ranks 2nd in Africa on Global Cybersecurity Index (GCI) 2020

CYBER-SECURITY remains to be one of the key requirements for safe and secure use of the vibrantly used Information Communication Technologies (ICTs), On-line Content and Social Media multiple operations that have become key driver to the Peoples, Social and Economic Development not only within the Country but also at Global Level.

Tanzania Communications Regulatory Authority(TCRA), has been entrusted with the mandate to over-see Cyber-Security and On-line Safety issues through the Tanzania Computer Emergency Response Team abbreviated as TZ-CERT, which is the trusted focal point of contact for coordinating response of cybersecurity incidents at the national level and cooperate with regional and international entities involved with the management of cybersecurity incidents.

To a great extent, the National TZ-CERT has recorded substantial achievements in coordinating response to cybersecurity incidents within and outside the country’s borders striving “To improve being be a globally trusted hub for handling Cyber Security Incidents, since its establishment under section 124 of the Electronic and Postal Communication Act (EPOCA) no 3/2010 within the organisation structure of TCRA.

The TCRA Director General (DG) Dr. Jabiri K. Bakari says achievements realised in cyber Threats Mitigation System are in-line with the Key objective of the National CERT (TZ-CERT), which is to ensure a high and effective level and develop a culture of network and information security within the country for the benefit of the entire community (government, citizens, consumers, enterprises and public sector organisations) thus contributing to a smooth and safer functioning of the on-line activities.

The TCRA DG. Dr. Jabiri named some of the National CERT’s achievements as proactively manage cyber risk by providing timely advisories, security alerts and mitigation measures to possible cyber security incidents or threats to its constituencies.

TZ-CERT has made efforts to identify, raise and support the cyber security skills and culture within different targeted groups such as youth from high schools to high learning institutions through various awareness programs and competition and within the ICT professions in public and private companies including Financial Institutions by providing hands-on expertized capacity building programs in the various cybersecurity domains.

In manifestation to TZ-CERT’s excellency in performance Tanzania has been ranked in the second place in Africa in the Global Cybersecurity Index report 2020 (GCI). GCI was first launched in 2015 to provide a framework to be used by the International Telecommunication Union (ITU) to measure the commitment of member states to cybersecurity. The framework examines efforts in the areas of legal, technical, organizational, capacity development and cooperation.

Tanzania’s exemplary performance is attributed to responsive legal and regulatory measures, existence of the well-functioning national cyber security body; the Computer Emergency Response Team (CERT) and the country’s cooperation with international and regional communications institutions in cyber security also contributed to the improvement.

Need for a safe and secure cyberspace has become more important than ever, especially as we all grow increasingly dependent on “digital lifelines”, says the International Telecommunication Union (ITU) Director, Doreen Bogdan Martin.

The ITU Chief says one of the greatest challenges of COVID 19 pandemic has been finding ways to meaningfully connect with each other, despite uncertainty, anxiety and change. Even prior to the Pandemic, cybersecurity was essential to keeping us safe online so that we could carry out critical day-to-day functions.

“I am inspired by people’s ability to adapt to this uncertain environment, and their use of technology to find creative solutions.” Says the ITU Director.

Many organisations, including the International Telecommunication Union (ITU), have grappled with remote work, from managing video call participants, to making sure that documents are shared safely. ITU has therefore, continued to work together with countries to be more efficient, more active, and deliver impact in the areas where ITU support is needed most.

When the Global Cyber Security Index was first launched in 2015, few people could have imagined the situation that is currently prevalent Worldwide. This latest iteration of the Global Cybersecurity Index will help promote further action towards secure digital ecosystems needed for recovery and growth, by measuring the types of cyber security commitments countries have made and their prevalence.

As the Country’s representative to International Organisations, Tanzania has been UN member state where ITU is one of the specialized agency TCRA has chaired some of the ITU Study Groups and has participated fully in ITU’s key decision making made through the Governing Council including allocation of the valuable Frequency Spectrum and Number Resources for ITU’s Regional Blocks.

sourced: tcra_news

Cisco has released security updates to address vulnerability affecting its multiple products. Exploitation of this vulnerability could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Cisco Security Advisory and apply necessary updates.

SUSE has released security updates to address vulnerabilities in SUSE Linux enterprise. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review SUSE advisories page and apply necessary updates.