• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets

  • Our Mission

    To provide IA & Cyber Security support to Agencies & Critical Infrastructure operators in order to secure networks and provide monitoring, analysis & response capability to combat APT

Patches available for critical vulnerability affecting Linux, UNIX and Mac OS X

A critical vulnerability has been discovered within ‘bash’, a core component of most Linux and UNIX distributions, including Mac OS X and embedded systems. Administrators are urged to patch immediately.

This vulnerability allows attackers to compromise systems remotely, including systems used as web servers. The flaw allows an attacker to remotely attach a malicious variable that is executed when ‘bash’ is invoked.

The full NCSC advisory is available here

read more

Notification of Bash Bug Advisory

A newly discovered vulnerability (CVE-2014-6271) in the Bash command-line interpreter poses a critical security risk to Unix and Linux systems including Apple OSX.

The NZITF have produced a good write-up which is available at http://www.nzitf.org.nz/news.html

Mitigation:  There are patches coming out for a number of Linux/BSD operating systems.  Check with your vendor regularly to see if there is one for your system(s).

read more

Spearphishing campaign targeting multiple government departments

Spearphishing campaign targeting multiple government departments

The NCSC is aware of a current spearphishing campaign targeting a wide number of government sector employees. To the recipient, the spearphishing email appears to be sent from a legitimate but spoofed (i.e. using a forged sender address) email address.  The NCSC recommends all government IT Security Managers advise employees not to follow the hyperlink contained in the body of the spearphishing email.


NCSC Security Advisory – NCSC-C-2014-17 

read more

Connect Smart

Connect Smart

Connect Smart is a Government led initiative to raise awareness of the importance of online security.  Connect Smart week runs from Monday 16 June to Friday20 June, and has been organised by the National Cyber Policy Office. 

The National Cyber Security Centre (NCSC) is a supporting partner of Connect Smart Week.

The NCSC encourages home and small to medium enterprise computer users to participate in these Connect Smart events and activities, and to ensure they are adopting the best possible information security practices.

Details of Connect Smart events and activities can be found at www.connectsmart.govt.nz



read more

Reporting an Incident

If you are a New Zealand government institution or a Critical National Infrastructure (CNI) organisation and you have encountered or suspect the presence of a cyber threat, please complete and return an Incident Reporting Form. If required, you can speak with us directly on (04) 498-7654. All incident reports provided to the NCSC are treated in the strictest of confidence.

Some Interesting Stats

Some interesting stats

In its third year of operation, the NCSC saw an increase in the number of cyber security incidents reported, from a total of 134 in 2012, to a total of 219 in 2013. Scam and spam related incidents were the largest category of reported incidents at 30%. Denial of Service (DoS) attacks and Botnet/Malware activity were the second largest categories, making up 22% and 12% of incidents respectively.

The median number of days a cyber threat was present in victims system before being detected was 299 according to Mandiant’s 2013 MTrends report.  The report says 67 percent of victims were notified of the threat by an external entity. The report is available here.  

Security software provider McAfee log 200 new cyber threats every minute according to their by security software provide McAffee according to their 4th quarter, 2013 threats report. The report is available here.