ngcert | Home

InfoSec Feeds

Hackers Amp Up COVID-19 IP Theft Attacks

Feeds
December 28, 2020

Ransomware in 2020: A Banner Year for Extortion

December 28, 2020

Windows Zero-Day Still Circulating After Faulty Fix

December 24, 2020

Top 10 cyber security stories of 2020

December 23, 2020

Patching: Balancing technical requirements with business considerations

Feeds
December 23, 2020

Emotet Returns to Hit 100K Mailboxes Per Day

December 23, 2020

Hey Alexa, Who Am I Messaging?

December 23, 2020

Third-Party APIs: How to Prevent Enumeration Attacks

December 23, 2020

Tech Giants Lend WhatsApp Support in Spyware Case Against NSO Group

Feeds
December 22, 2020

Azure AD Premium P1 vs. P2: Which is right for you?

December 22, 2020

Joker’s Stash Carding Site Taken Down

December 22, 2020

Ministry of Justice in the dock for catalogue of serious data breaches

December 22, 2020

Holiday Puppy Swindle Has Consumers Howling

Feeds
December 22, 2020

Utility supplier People’s Energy has entire customer list stolen

December 18, 2020

SolarWinds cyber attack is ‘grave risk’ to global security

December 18, 2020

Finnish government tables laws to protect data from cyber criminals

December 18, 2020

Dodgy browser extensions put social media users at risk

Feeds
December 17, 2020

NHS Scotland taps Check Point to secure Covid-19 data

December 17, 2020

FireEye and partners release SolarWinds kill-switch

December 17, 2020

EU security strategy a ‘step up’ on cyber leadership, says Brussels

December 17, 2020

SolarWinds cyber attack: How worried should I be, and what do I do now?

Feeds
December 15, 2020

Cyber crime victims in the Netherlands not reporting offences

December 15, 2020

FireEye identifies flaw in networking monitoring software as US agencies attacked

December 14, 2020

Dridex malware

December 14, 2020

Certified Information Systems Auditor (CISA)

Feeds
November 21, 2020

Cybersecurity communication key to addressing risk

November 4, 2020

Red team vs. blue team vs. purple team: What's the difference?

November 4, 2020

3 steps to secure codebase updates, prevent vulnerabilities

September 15, 2020

Site-to-site VPN security benefits and potential risks

Feeds
August 28, 2020

Security issues with working remotely (and how to fix them)

July 31, 2020

vulnerability assessment (vulnerability analysis)

July 24, 2020

Remote backup and recovery, protection changes that will stick

July 15, 2020

Identifying and troubleshooting VPN session timeout issues

Feeds
June 11, 2020

How automating incident response benefits security programs

June 3, 2020

integrated risk management (IRM)

May 20, 2020

Use and protect backup against COVID-19-related cybercrime

April 23, 2020

Create a mobile BYOD policy for the coronavirus pandemic

Feeds
April 8, 2020

What is cybersecurity? Everything you need to know

April 3, 2020

managed detection and response (MDR)

April 3, 2020

How zero-trust authentication and architecture have evolved

March 25, 2020

4 factors that should shape a BYOD mobile policy

Feeds
January 3, 2020

quantum supremacy

November 26, 2019

Lack of U.S. cryptocurrency regulation invites risk

August 19, 2019

How to detect and defend against a TCP port 445 exploit and attacks

August 15, 2019

Zoom vulnerability reveals privacy issues for users

Feeds
July 12, 2019

Top 10 types of information security threats for IT teams

June 28, 2019

How to fix the top 5 cybersecurity vulnerabilities

June 28, 2019

What's the best way to mitigate the risk of GPU malware?

December 7, 2015

Millions left at risk as Android Stagefright fix pushed to September

Feeds
August 18, 2015

Web monitoring software helps keep employees honest

July 7, 2015

Fobber: Drive-by financial malware returns with new tricks

July 1, 2015

Samsung vulnerability affects up to 600 million Android devices

June 17, 2015

From the frontlines: Horror stories on information breach response

Feeds
June 11, 2015

After Windows Server 2003 end of life: An emergency action plan

June 5, 2015

IRS breach shows the importance of PII security

May 29, 2015

Is paying the ransom the only way to remove ransomware?

May 26, 2015

Google changes Chrome extension policy amid security concerns

Feeds
May 20, 2015

Comparing the top SSL VPN products

April 28, 2015

Insider threat programs need people, not technology

April 28, 2015

To protect privileged users, consider using least privilege principle

March 5, 2014

Web browser protection for users: Adapting to new Web security threats

Feeds
March 5, 2014

Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks

July 31, 2012

Alerts & Advisories

Update Advisory for APT Attacks on the SolarWinds Products. After conducting investigations into the Advanced Persistent Threat Compromise of Government Critical National Infrastructure, and Private Sector Organizations Infrastructures, SolarWinds have released an updated advisory for the Sunburst and the SuperNova backdoor that was discovered while investigating the recent SolarWinds Orion supply-chain attack. It was discovered that the SuperNova backdoor was likely used by a separate threat actor. Several teams of researchers have mentioned the existence of two second-stage payloads after the initial disclosure of the SolarWinds attacks.

Advisory
January 4, 2021

APT Compromise of Orion Platforms

January 1, 2021

Security Advisory on Phishing Attacks

December 15, 2020

ADVISORY ON SQL INJECTION VULNERABILITY AND OTHER BASIC NETWORK SECURITY MEASURES

October 16, 2020

Advisory on Intended Nationwide Cyber attack. The recent Classification of Nigeria, Kenya and Egypt by Kaspersky lab as easiest Cyberattack target in Africa with about Five Hundred and seventy-seven (577) attempted malware attacks hourly, is a serious wake up call to the government and the stakeholders in the Cybersecurity industry. This was disclosed in the company’s second quarter Spam and phishing 2020 report.

Advisory
October 15, 2020

ReVoLTE Networks Vulnerability

August 27, 2020

Tecno Phones Vulnerability

August 27, 2020

RV Series Routers Command Injection Vulnerabilities

August 5, 2020

Remote Access Vulnerability. Researchers discovered that attackers can access organizations ‘networks through remote access systems to carry out ransomware attack. This is performed through the remote desktop protocol (RDP) and virtual private networks (VPN). The impact of these attacks can be severe on business operations because data are stolen and sold. Also, the recovery from this attacks is very costly to investigate and remediate the compromised network, and restore encrypted files from backup.

Advisory
July 22, 2020

Cisco Small Business Routers Vulnerabilities

July 17, 2020

New EvilQuest Ransomware for macOS Systems

July 1, 2020

Webex Desktop App Vulnerability

June 24, 2020

SaltStack FrameWork Vulnerabilities in Cisco Products. Researchers discovered numerous critical security vulnerabilities in SaltStack Salt framework – a configuration tool for cloud servers and data centers. Salt is used to monitor and update the state of servers. Each server runs an agent called a "minion" which connects to a "master", a Salt installation that collects state reports from minions and publishes update messages that minions can act on. The vulnerabilities allows attackers to bypass authentication and authorization for arbitrary code execution.

Advisory
June 19, 2020

Multiple Security Vulnerabilities for Adobe Products

June 18, 2020

Multiple Security Vulnerabilities on D-LINK Home Routers

June 17, 2020

Local Privilege Escalation Vulnerability for VMware

June 16, 2020

ngCERT Advisory on Scranos Malware. Scranos is a Trojan horse that steals information from the compromised computer. It may also download potentially malicious files. Scranos cloaks itself as cracked software or apps that pose as legitimate programs, such as ebook readers, video players, drivers, and even security products. Upon execution, a rootkit driver is installed to hide the malware.

Advisory
February 10, 2020

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

February 10, 2020

ngCERT Advisory Microsoft Exchange 2013 and Newer are vulnerable to NTLM relay attacks

February 10, 2020

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

February 10, 2020

ngCERT VMware Tools vulnerability. A vulnerability in VMware Tools is a functionality that was removed from VMware Tools 11.0.0 and it has been determined to affect VMware Tools for Windows version 10.x.y.

Advisory
January 16, 2020

ngCERT 2nd Advisory on WannaCry/WCry/WCrypt0 Ransomware Warm and Remote Desktop Protocol (RDP) & Server Message Block (SMB) Protocol Vulnerability

May 15, 2017

Vulnerabilities

Windows 10 Task Scheduler Zero-Day Vulnerability. Microsoft Windows Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The exploit "functions reliably on 32- and 64-bit Windows 10 platforms, as well as Windows Server 2016 and Windows Server 2019.

Vulnerability
February 10, 2020

Intel Chips Vulnerability

February 10, 2020

Windows BlueKeep Vulnerability

February 10, 2020

ESXi Remote Code Execution Vulnerability

February 10, 2020

Resources

Action Plan for the Implementation of the National Cybersecurity Strategy

READ MORE & DOWNLOAD

Considering the national doctrines and principles on security, and the inter-connected nature of ICT...

Cybercrimes (prohibition, Prevention etc) Act, 2015

READ MORE & DOWNLOAD

The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for...

National Cybersecurity Policy and Strategy

READ MORE & DOWNLOAD

National Cybersecurity Policy and Strategy...

Draft Data Protection Bill 2020

READ MORE & DOWNLOAD

Draft Data Protection Bill 2020 ...

ARTICLE CATEGORIES

Latest Articles

Recent Events

Contact us

WELCOME TO NIGERIA COMPUTER EMERGENCY RESPONSE TEAM (ngCERT)

PREPARATION

IDENTIFICATION

CONTAINMENT

INVESTIGATION

ERADICATION

RECOVERY

InfoSec Feeds

Alerts & Advisories

Vulnerabilities

Resources

Videos

List

Collaborations & Membership

antiphishing.ng

tunCERT

FiRST

Team Cymru