ngcert | Home

Thursday, Apr 22, 2021
Abuja, NG 19°C
Contact us
About us
FAQ

InfoSec NEWS FEEDS

National Cybersecurity Capacity Review for Nigeria

Event

Keynote Excerpts From the speech delivered by National Security Adviser during the recent lunching of the National Security Strategy

Article

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

Advisory

Windows BlueKeep Vulnerability

Vulnerability

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Feed

WELCOME TO NIGERIA COMPUTER EMERGENCY RESPONSE TEAM (ngCERT)

The Nigeria Computer Emergency Response Team has the mission to achieve a safe, secure and resilient cyberspace in Nigeria that provides opportunities for national prosperity. ngCERT is
established to prepare, protect, and secure the Nigerian cyberspace in anticipation of
attacks, problems, or events. ngCERT is saddled with the responsibility of
reducing the volume of future incidents.

PREPARATION

Incident Response Plan

IDENTIFICATION

What is the Incident?

CONTAINMENT

Contain the Issue immediately

INVESTIGATION

Determine the cause of the incident

ERADICATION

Get Rid of the issue

RECOVERY

Restore service as fast as possible

InfoSec Feeds

BazarLoader Malware Abuses Slack, BaseCamp Clouds

Feeds
April 16, 2021

NSA: 5 Security Bugs Under Active Nation-State Cyberattack

April 16, 2021

Mandiant Front Lines: How to Tackle Exchange Exploits

April 16, 2021

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period

April 16, 2021

iOS Kids Game Morphs into Underground Crypto Casino

Feeds
April 16, 2021

The Secret IR Insider’s Diary – from Sunburst to DarkSide

April 16, 2021

Finnish government strengthens country’s IT network security

April 16, 2021

Ireland’s DPC launches probe into Facebook leak

April 15, 2021

Microsoft is most impersonated brand in phishing attempts

Feeds
April 15, 2021

University of Hertfordshire is latest academic cyber attack victim

April 15, 2021

Biden sanctions Russia over SolarWinds cyber attacks

April 15, 2021

Dutch accuse UK of ‘damaging confidence’ by disclosing details of EncroChat police collaboration

April 15, 2021

How Windows patching leaves security exposed

Feeds
April 15, 2021

Attackers Target ProxyLogon Exploit to Install Cryptojacker

April 15, 2021

Gafgyt Botnet Lifts DDoS Tricks from Mirai

April 15, 2021

Biden Races to Shore Up Power Grid Against Hacks

April 15, 2021

Security Bug Allows Attackers to Brick Kubernetes Clusters

Feeds
April 14, 2021

FBI accesses ProxyLogon target servers to disrupt cyber criminals

April 14, 2021

NSA unearths more MS Exchange vulnerabilities

April 14, 2021

Security Think Tank: Vaccine passports must be secure by design

April 14, 2021

Security Think Tank: Vaccine passports cannot be taken lightly

Feeds
April 14, 2021

Ransomware Attack Creates Cheese Shortages in Netherlands

April 14, 2021

unified threat management (UTM)

April 13, 2021

EncroChat lawyers raise questions over use of PII secrecy orders on UK decryption capabilities

April 13, 2021

Millions of devices at risk from NAME:WRECK DNS bugs

Feeds
April 13, 2021

MP told to ditch official email over hacking fears

April 13, 2021

physical security

April 13, 2021

Covid-19 left people feeling vulnerable to cyber crime

April 13, 2021

endpoint detection and response (EDR)

Feeds
April 12, 2021

Vaccine passports and travel plans race up Covid threat charts

April 12, 2021

Why some jobseekers have turned to cyber crime during the pandemic

April 12, 2021

What has a year of home working meant for the DPO?

April 12, 2021

How to fix the top 5 cybersecurity vulnerabilities

Feeds
March 25, 2021

How to fix the top 5 cybersecurity vulnerabilities

March 25, 2021

Top 10 types of information security threats for IT teams

March 3, 2021

SolarWinds hack explained: Everything you need to know

February 9, 2021

Feeds
February 3, 2021

Azure AD Premium P1 vs. P2: Which is right for you?

December 22, 2020

December 14, 2020

Certified Information Systems Auditor (CISA)

November 21, 2020

Red team vs. blue team vs. purple team: What's the difference?

Feeds
November 4, 2020

Cybersecurity communication key to addressing risk

November 4, 2020

3 steps to secure codebase updates, prevent vulnerabilities

September 15, 2020

Site-to-site VPN security benefits and potential risks

August 28, 2020

Security issues with working remotely (and how to fix them)

Feeds
July 31, 2020

vulnerability assessment (vulnerability analysis)

July 24, 2020

Remote backup and recovery, protection changes that will stick

July 15, 2020

Identifying and troubleshooting VPN session timeout issues

June 11, 2020

How automating incident response benefits security programs

Feeds
June 3, 2020

integrated risk management (IRM)

May 20, 2020

Use and protect backup against COVID-19-related cybercrime

April 23, 2020

Create a mobile BYOD policy for the coronavirus pandemic

April 8, 2020

managed detection and response (MDR)

Feeds
April 3, 2020

quantum supremacy

November 26, 2019

Zoom vulnerability reveals privacy issues for users

July 12, 2019

What's the best way to mitigate the risk of GPU malware?

December 7, 2015

Millions left at risk as Android Stagefright fix pushed to September

Feeds
August 18, 2015

Web monitoring software helps keep employees honest

July 7, 2015

Fobber: Drive-by financial malware returns with new tricks

July 1, 2015

Samsung vulnerability affects up to 600 million Android devices

June 17, 2015

After Windows Server 2003 end of life: An emergency action plan

Feeds
June 5, 2015

IRS breach shows the importance of PII security

May 29, 2015

Is paying the ransom the only way to remove ransomware?

May 26, 2015

Google changes Chrome extension policy amid security concerns

May 20, 2015

Comparing the top SSL VPN products

Feeds
April 28, 2015

Insider threat programs need people, not technology

April 28, 2015

To protect privileged users, consider using least privilege principle

March 5, 2014

Web browser protection for users: Adapting to new Web security threats

March 5, 2014

Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks

Feeds
July 31, 2012

Social engineering penetration testing: Four effective techniques

July 18, 2012

Alerts & Advisories

Fake LinkedIn Job Offer Malware. A new spear-phishing campaign has been discovered to be targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated and dangerous backdoor trojan called "more_eggs." According to researchers, the threat actors are using zip files to trick LinkedIn users into executing the More_eggs backdoor.

Advisory
April 12, 2021

Phishing Attack Using Fake Google reCAPTCHA to Steal Credential from Microsoft Users

March 16, 2021

Microsoft Exchange Servers Zero-Day Vulnerability

March 8, 2021

Advisory on Windows Vulnerabilities

February 25, 2021

Security Advisory on Apple Chips Malware. A new malware has been discovered to be crafting multi-architecture applications so that their code will run natively on Apple’s M1 Silicon chips. This is an attempt by malicious actors to target the company’s latest generation of Macs powered by its own processors. The malware is in the form of a Safari adware extension originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family.

Advisory
February 23, 2021

Update Advisory for APT Attacks on the SolarWinds Products

January 4, 2021

APT Compromise of Orion Platforms

January 1, 2021

Security Advisory on Phishing Attacks

December 15, 2020

ADVISORY ON SQL INJECTION VULNERABILITY AND OTHER BASIC NETWORK SECURITY MEASURES. An SQL injection is a technique that attackers apply to insert SQL query into input fields to then be processed by the underlying SQL database. These weaknesses are then able to be abused when entry forms allow user-generated SQL statements to query the database directly. The attack results in the unauthorized viewing of user lists, the deletion of database entries and stealing of data.

Advisory
October 16, 2020

Advisory on Intended Nationwide Cyber attack

October 15, 2020

ReVoLTE Networks Vulnerability

August 27, 2020

Tecno Phones Vulnerability

August 27, 2020

RV Series Routers Command Injection Vulnerabilities. Researchers discovered multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers. This vulnerabilities could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.

Advisory
August 5, 2020

Remote Access Vulnerability

July 22, 2020

Cisco Small Business Routers Vulnerabilities

July 17, 2020

New EvilQuest Ransomware for macOS Systems

July 1, 2020

Webex Desktop App Vulnerability. A critical vulnerability was discovered in Cisco Webex Meetings Desktop App which might allow a malicious remote attacker to execute programs on affected end-user system. This vulnerability is caused by improper validation of input that is supplied to application URLs. Also, the attacker could exploit this vulnerability by persuading a user to follow a malicious URL.

Advisory
June 24, 2020

SaltStack FrameWork Vulnerabilities in Cisco Products

June 19, 2020

Multiple Security Vulnerabilities for Adobe Products

June 18, 2020

Multiple Security Vulnerabilities on D-LINK Home Routers

June 17, 2020

Local Privilege Escalation Vulnerability for VMware. VMware Fusion, VMRC, and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOC/TOU) issue in the service opener. Furthermore, another local privilege escalation was discovered, which allows the application to blindly executes files from an untrusted location. Both vulnerabilities result in arbitrary code execution as root.

Advisory
June 16, 2020

ngCERT Advisory on Scranos Malware

February 10, 2020

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

February 10, 2020

ngCERT Advisory Microsoft Exchange 2013 and Newer are vulnerable to NTLM relay attacks

February 10, 2020

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability. A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) releases prior to 3.0.2 could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system.

Advisory
February 10, 2020

ngCERT VMware Tools vulnerability

January 16, 2020

ngCERT 2nd Advisory on WannaCry/WCry/WCrypt0 Ransomware Warm and Remote Desktop Protocol (RDP) & Server Message Block (SMB) Protocol Vulnerability

May 15, 2017

Vulnerabilities

Windows 10 Task Scheduler Zero-Day Vulnerability. Microsoft Windows Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The exploit "functions reliably on 32- and 64-bit Windows 10 platforms, as well as Windows Server 2016 and Windows Server 2019.

Vulnerability
February 10, 2020

Intel Chips Vulnerability

February 10, 2020

Windows BlueKeep Vulnerability

February 10, 2020

ESXi Remote Code Execution Vulnerability

February 10, 2020

Resources

National Cybersecurity Policy and Strategy 2021

READ MORE & DOWNLOAD

National Cybersecurity Policy and Strategy 2021...

Cybercrimes (prohibition, Prevention etc) Act, 2015

READ MORE & DOWNLOAD

The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for...

Draft Data Protection Bill 2020

READ MORE & DOWNLOAD

Draft Data Protection Bill 2020 ...

Videos

List

Collaborations & Membership

antiphishing.ng

"Antiphishing.ng Project is a collaborative effort to create a community driven public repository about phishing that works to build additional tools to benefit the security community at large."

tunCERT

"tunCERT is the National CERT of the Tunisian government under the National Agency for Computer Security. tunCERT is one of the CERT that graciously partook in pioneering ngCERT"

FiRST

"FIRST is a recognized global leader in incident response that brings together a variety of computer security incident response teams from government, commercial, and educational organizations."

Team Cymru

"Team Cymru was formed in 1998 to learn the "who and why" of malicious Internet activity. This focus on attribution resulted in the uncovering of the "what, when, where, and how" of online malevolence"