Windows BlueKeep Vulnerability
The Nigeria Computer Emergency Response Team has the mission to achieve a safe, secure and resilient cyberspace in Nigeria that provides opportunities for national prosperity. ngCERT is
established to prepare, protect, and secure the Nigerian cyberspace in anticipation of
attacks, problems, or events. ngCERT is saddled with the responsibility of
reducing the volume of future incidents.
Incident Response Plan
What is the Incident?
Contain the Issue immediately
Determine the cause of the incident
Get Rid of the issue
Restore service as fast as possible
Downstream breaches of Capita customers spreadingMay 30, 2023
Driving secure-by-design principlesMay 29, 2023
Cisco joins growing Manchester cyber security hub
Security Think Tank: Why “secure coding” is neitherMay 26, 2023
How to conduct a smart contract audit and why it's needed
Kuwait bank introduces biometric payments cardMay 24, 2023
Cohesity Turing aims AI tools at backup and ransomware
NetApp to promise ransomware warranty payout
Security Think Tank: To secure code effectively, verify at every step
Certified Cloud Security Professional (CCSP)May 9, 2023
DC Health Link breach caused by misconfigured serverApril 20, 2023
How to defend against TCP port 445 and other SMB exploits
11 cybersecurity tips for business travelersApril 17, 2023
Top 10 types of information security threats for IT teamsFebruary 7, 2023
What to keep in mind when securing virtual environmentsFebruary 6, 2023
8 cybersecurity books to read in 2023October 28, 2022
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox KeyloggerAugust 30, 2022
Tentacles of ‘0ktapus’ Threat Group Victimize 130 FirmsAugust 29, 2022
Ransomware Attacks are on the RiseAugust 26, 2022
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR VersionAugust 24, 2022
Firewall Bug Under Active Attack Triggers CISA WarningAugust 23, 2022
Fake Reservation Links Prey on Weary TravelersAugust 22, 2022
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the YearAugust 18, 2022
3 ways to help cybersecurity pros avoid burnoutJuly 26, 2022
What are the pros and cons of electronic signatures?July 22, 2022
software bill of materials (SBOM)
SolarWinds hack explained: Everything you need to knowJune 29, 2022
Do you meet all the modern authentication requirements?June 28, 2022
Learn to work with the Office 365 unified audit logMay 23, 2022
Query event logs with PowerShell to find malicious activity
How to train agents on call center fraud detectionDecember 9, 2021
Use and protect backup against COVID-19-related cybercrimeApril 23, 2020
Zoom vulnerability reveals privacy issues for users
Comparing the top SSL VPN productsApril 28, 2015
Android Smartphones Vulnerable to Fingerprint Brute Force Attacks. A new method of bypassing user authentication on smartphones running the Android, HarmonyOS, and iOS operating systems has been discovered. The method has been dubbed 'BrutePrint' by its discoverers, Tencent Labs and Zhejiang University, because it employs brute force attacks to crack modern smartphone authentication mechanisms such as fingerprints to bypass user authentication and take control of the device
Dangerous Android Malware Infiltrates Google Play Store AppsApril 19, 2023
Security Advisory on Increasing Phishing Attacks. Phishing is a type of cyberattack that employs social engineering techniques to persuade a potential victim(s) to reveal sensitive information via deceptive emails, text messages, phone calls, and/or social media. The attacker may be looking for personally identifiable information (PII), banking details, and account credentials. The goal could also be to trick the victim into downloading malware.
Cybercriminals Using YouTube to Spread MalwareMarch 23, 2023
Increasing Watering Hole Attacks in NigeriaMarch 16, 2023
New Phishing Apps Discovered on Google Play Store. Several phishing apps have recently been discovered on the Google Play Store. These apps can be games or investment services; however, they are designed to steal sensitive user information. The apps have been downloaded 450, 000 times in total.
Phishing Emails with OneNote Attachments Used to Disseminate RATsJanuary 24, 2023
Increasing Cases of Wiperware InfectionJanuary 19, 2023
Multiple Vulnerabilities in EDRs and Anti-Virus Software Exploited To Turn Them into Data Wipers. SafeBreach researchers discovered a number of zero-day vulnerabilities in various Endpoint Detection and Response (EDR) and Anti-virus solutions. These flaws can be exploited to turn millions of such solutions in use around the world into data wipers capable of deleting any file on a device and causing it to fail to boot. This wiper runs as an unprivileged user but has the ability to wipe almost any file on a system, including system files, and render a computer unbootable. It does all that without implementing code that touches the target files, making it fully undetectable.
Security Advisory on Most Commonly Used Passwords in NigeriaDecember 9, 2022
TikTok Challenge Used To Circulate Information-Stealing MalwareDecember 1, 2022
Cloud9 Botnet Hijacking Web Browsers and Compromising Windows Operating System. Two Cloud9 malware variants have been discovered in the wild, one of which is a significantly improved version of the other (with added features and bug fixes) that affects web browsers. Cloud9 is a malicious web browser extension that targets a variety of browsers. It can introduce malware into a device and functions similarly to a Remote Access Trojan (RAT), allowing the threat actor to remotely control a device.
Malware-laden Apps Discovered on Google Play StoreNovember 4, 2022
Unofficial WhatsApp Android app Stealing User’s AccountsOctober 28, 2022
Increased Cases of Accounts Takeover in NigeriaOctober 11, 2022
Hackers Using Microsoft Edge Malvertising Campaign To Target Users. A malicious advertising campaign has been unearthed on the Microsoft Edge Browser News Feed that redirects victims to fraudulent tech support websites. Cybercriminals have resorted to posting bizarre, attention-grabbing stories or advertisements on the Edge news feed in order to entice users to click on them. This is a type of malvertising – online advertisements that appear legitimate but contain malware and/or other threats.
Multiple Vendor Vulnerabilities Reported on Lenovo ProductsSeptember 22, 2022
Multiple Vulnerabilities Reported in ZoomSeptember 21, 2022
Beware of Malicious Web Browser ExtensionsSeptember 13, 2022
SharkBot Malware Infiltrates Google Play Store. A new and improved variant of the SharkBot malware has been discovered in the form of a device optimization and antivirus app on the Google Play Store. This malware is said to be targeting Android users' banking logins via apps with tens of thousands of installations.
WordPress Websites Compromised With Fake DDoS Protection PageAugust 23, 2022
Cisco Networks hacked by Yanluowang Ransomware GroupAugust 12, 2022
New HiddenAds Malware on Google Play Store UncoveredAugust 8, 2022
Messaging Apps Used To Propagate Information-Stealing Malware. Naturally, with the proliferation of messaging apps, some will have gained more traction than others. Discord and Telegram, two of the most popular messaging apps, have a burgeoning community that not only exchanges messages but also develops and shares "bots" - programs that automate a variety of tasks within each platform. Threat actors have exploited this and are now using these platforms to spread information-stealing malware.
Microsoft announced End-of-Support for Windows 8.1July 22, 2022
Malicious Facebook Messenger Chatbots Used to Compromise Facebook Accounts. As a follow-up to the May 23rd advisory on "Novel Use of Chatbots in Phishing Schemes," the use of a chatbot for phishing purposes is gradually gaining traction, particularly with the discovery of a campaign in which it is used to steal Facebook login credentials. The platform's ubiquitous messaging app, Facebook Messenger, is known to have an integrated chatbot feature. This provides threat actors with a large pool of potential victims who are not only familiar with but also believe in the feature.
New Whatsapp OTP Scam Using Call Forwarding Trick. Hackers have devised a method to gain control of a victim's WhatsApp account by exploiting an automated "call forwarding" feature that is activated when a number is busy or engaged. All telecom service providers offer this feature. This method also makes use of WhatsApp's option to send a one-time password (OTP) via phone call.
Dangerous Malware Targets Android DevicesJune 2, 2022
Novel Use of Chatbots in Phishing SchemesMay 23, 2022
Malicious Actors Planting Fileless Malware on target machines using Event Logs. Unknown bad actors have developed a novel method of deploying fileless malware by injecting shellcode directly into Windows event logs. This novel method of payload storage has never been attempted before, emphasizing the importance of remaining vigilant in the face of threats. Fileless malware is a type of malicious activity that executes a cyber attack by utilizing native, legitimate tools built into a system.
FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide. The U.S. Federal Bureau of Investigation (FBI) has raised the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide as of March 2022 since its emergence last November. The FBI disseminated known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with ransomware variants identified through FBI investigations. BlackCat is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing. BlackCat-affiliated threat actors typically request ransom payments of several million dollars in Bitcoin and Monero. Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations.
New Browser-In-The Browser (BITB) Phishing AttacksMarch 29, 2022
New Zero-Day Chrome Web Browser Vulnerability. The Chrome web browser has eight security flaws that have been discovered and reported, including a high-severity flaw that is actively being exploited in real-world attacks. Google, on the other hand, has released fixes for the Chrome web browser's security flaws, marking the internet giant's first zero-day patch in 2022.
New Variant of BRATA Banking Trojan Infecting Android DevicesJanuary 28, 2022
Wordpress Themes and Plugins VulnerabilitiesJanuary 25, 2022
SMS-Based Malware Infecting Mobile DevicesJanuary 20, 2022
Ransomware Attack Warning. Security experts have uncovered a new year scheme employed by a cybercrime group to deliver ransomware to targeted organizations. The group has been mailing out USB thumb drives to many organizations in the hope that recipients will plug them into their PCs and install ransomware on their networks. While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.
Apache Log4j Remote Code Execution Vulnerability.December 20, 2021
New Windows Installer Zero-Day VulnerabilityNovember 25, 2021
Iranian Hacking Group targets Telecos, ISPs and Ministry of foreign Affairs (MFA) with Upgraded Malware. An Iranian threat group known as Lyceum (aka Hexane, Siamesekitten, or Spirlin) has been reported to be targeting Telcoms, ISPs and Ministry of Foreign Affairs (MFA) in Africa in a recent politically motivated attacks with an active focus on cyberespionage. This group is known to be focused on infiltrating the networks of telecoms companies and internet service providers (ISPs). Between July and October, Lyceum was spotted in attacks against ISPs and telecoms organizations across Israel, Morocco, Tunisia, and Saudi Arabia. The advanced persistent threat (APT) group has been linked to campaigns striking Middle Eastern oil and gas companies in the past and now appears to have expanded its focus to include the technology sector. In addition, the APT is responsible for a campaign against an unnamed African ministry of foreign affairs.
Google Warn Users of Government-Sponsored AttacksOctober 16, 2021
OpenOffice and LibreOffice Digital Signature Spoofing Vulnerabilities. Three flaws has been uncovered in OpenOffice and LibreOffice that if successfully exploited could permit an attacker to manipulate the timestamp of signed ODF documents, and worse, alter the contents of a document or self-sign a document with an untrusted signature, which is then tweaked to change the signature algorithm to an invalid or unknown algorithm.
Facebook, Instagram and WhatsApp global outageOctober 4, 2021
Browser’s DNS Rebinding AttacksSeptember 22, 2021
Fortinet Leaked VPN Account CredentialsSeptember 10, 2021
COVID-19 RELATED SCAMS. Several fake portals requesting beneficiaries' account details to get the Federal Government’s 2021 Survival Fund, check the N-Power Batch-C eligibility, and apply for CBN The COVID-19 Loan has been discovered to be circulating on the social media and through email messages to unsuspecting members of the public. These fraudsters parade themselves as operators of the Federal Government’s schemes.
Russian GRU Global Brute Force AttacksJuly 2, 2021
Microsoft Edge Browser VulnerabilitiesJuly 1, 2021
Apple Zero-Day Vulnerabilities. Apple has reported a zero-day vulnerability affecting its iOS, macOS and watchOS operating system being exploited by attackers in the wild to craft malicious web content, which may lead to remote code execution. Apple has therefore, released security patches for the zero-day bugs under active attacks.
Cellebrite Forensic Software Security VulnerabilitiesApril 28, 2021
Fake LinkedIn Job Offer Malware. A new spear-phishing campaign has been discovered to be targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated and dangerous backdoor trojan called "more_eggs." According to researchers, the threat actors are using zip files to trick LinkedIn users into executing the More_eggs backdoor.
Microsoft Exchange Servers Zero-Day VulnerabilityMarch 8, 2021
Advisory on Windows VulnerabilitiesFebruary 25, 2021
Security Advisory on Apple Chips Malware. A new malware has been discovered to be crafting multi-architecture applications so that their code will run natively on Apple’s M1 Silicon chips. This is an attempt by malicious actors to target the company’s latest generation of Macs powered by its own processors. The malware is in the form of a Safari adware extension originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family.
Update Advisory for APT Attacks on the SolarWinds ProductsJanuary 4, 2021
APT Compromise of Orion PlatformsJanuary 1, 2021
Security Advisory on Phishing AttacksDecember 15, 2020
ADVISORY ON SQL INJECTION VULNERABILITY AND OTHER BASIC NETWORK SECURITY MEASURES. An SQL injection is a technique that attackers apply to insert SQL query into input fields to then be processed by the underlying SQL database. These weaknesses are then able to be abused when entry forms allow user-generated SQL statements to query the database directly. The attack results in the unauthorized viewing of user lists, the deletion of database entries and stealing of data.
Advisory on Intended Nationwide Cyber attackOctober 15, 2020
ReVoLTE Networks VulnerabilityAugust 27, 2020
RV Series Routers Command Injection Vulnerabilities. Researchers discovered multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers. This vulnerabilities could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.
Cisco Small Business Routers VulnerabilitiesJuly 17, 2020
New EvilQuest Ransomware for macOS SystemsJuly 1, 2020
Webex Desktop App Vulnerability. A critical vulnerability was discovered in Cisco Webex Meetings Desktop App which might allow a malicious remote attacker to execute programs on affected end-user system. This vulnerability is caused by improper validation of input that is supplied to application URLs. Also, the attacker could exploit this vulnerability by persuading a user to follow a malicious URL.
SaltStack FrameWork Vulnerabilities in Cisco ProductsJune 19, 2020
Multiple Security Vulnerabilities for Adobe ProductsJune 18, 2020
Multiple Security Vulnerabilities on D-LINK Home RoutersJune 17, 2020
Local Privilege Escalation Vulnerability for VMware. VMware Fusion, VMRC, and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOC/TOU) issue in the service opener. Furthermore, another local privilege escalation was discovered, which allows the application to blindly executes files from an untrusted location. Both vulnerabilities result in arbitrary code execution as root.
ngCERT Advisory on Scranos MalwareFebruary 10, 2020
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability. A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) releases prior to 3.0.2 could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system.
ngCERT VMware Tools vulnerabilityJanuary 16, 2020
Windows 10 Task Scheduler Zero-Day Vulnerability. Microsoft Windows Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The exploit "functions reliably on 32- and 64-bit Windows 10 platforms, as well as Windows Server 2016 and Windows Server 2019.
Windows BlueKeep VulnerabilityFebruary 10, 2020
ESXi Remote Code Execution VulnerabilityFebruary 10, 2020
National Cybersecurity Policy and Strategy 2021...
The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for...
Draft Data Protection Bill 2020 ...
"Antiphishing.ng Project is a collaborative effort to create a community driven public repository about phishing that works to build additional tools to benefit the security community at large."
"tunCERT is the National CERT of the Tunisian government under the National Agency for Computer Security. tunCERT is one of the CERT that graciously partook in pioneering ngCERT"
"FIRST is a recognized global leader in incident response that brings together a variety of computer security incident response teams from government, commercial, and educational organizations."
"Team Cymru was formed in 1998 to learn the "who and why" of malicious Internet activity. This focus on attribution resulted in the uncovering of the "what, when, where, and how" of online malevolence"