ngcert | Home

Tuesday, Aug 03, 2021
Abuja, NG 19°C
Contact us
About us
FAQ

InfoSec NEWS FEEDS

National Cybersecurity Capacity Review for Nigeria

Event

Keynote Excerpts From the speech delivered by National Security Adviser during the recent lunching of the National Security Strategy

Article

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

Advisory

Windows BlueKeep Vulnerability

Vulnerability

MacOS Targeted in WildPressure APT Malware Campaign

Feed

WELCOME TO NIGERIA COMPUTER EMERGENCY RESPONSE TEAM (ngCERT)

The Nigeria Computer Emergency Response Team has the mission to achieve a safe, secure and resilient cyberspace in Nigeria that provides opportunities for national prosperity. ngCERT is
established to prepare, protect, and secure the Nigerian cyberspace in anticipation of
attacks, problems, or events. ngCERT is saddled with the responsibility of
reducing the volume of future incidents.

PREPARATION

Incident Response Plan

IDENTIFICATION

What is the Incident?

CONTAINMENT

Contain the Issue immediately

INVESTIGATION

Determine the cause of the incident

ERADICATION

Get Rid of the issue

RECOVERY

Restore service as fast as possible

InfoSec Feeds

How software developers can create mobile apps securely and quickly

Feeds
July 12, 2021

Cyber Polygon 2021: Towards Secure Development of Digital Ecosystems

July 10, 2021

Choose the right ITSM tool for digital era success

July 9, 2021

Are you betting your future on the worst gambling odds in the world?

July 9, 2021

Met Police should release information on British WikiLeaks journalists passed to US, tribunal told

Feeds
July 9, 2021

Ransomware gangs seek people skills for negotiations

July 9, 2021

Professionals need protection from the Computer Misuse Act

July 9, 2021

Microsoft Office Users Warned on New Malware-Protection Bypass

July 9, 2021

Lazarus Targets Job-Seeking Engineers with Malicious Documents

Feeds
July 9, 2021

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

July 9, 2021

PrintNightmare haunts Microsoft as patch may miss mark

July 8, 2021

How Fake Accounts and Sneaker-Bots Took Over the Internet

July 8, 2021

Coursera Flunks API Security Test in Researchers’ Exam

Feeds
July 8, 2021

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign

July 8, 2021

Kaseya apologises for extended downtime after ransom attack

July 8, 2021

Why identity is the central problem for the future of the internet

July 8, 2021

Security Think Tank: Reopening is an opportunity to reassess wider security posture

Feeds
July 8, 2021

Colonial Pipeline hack explained: Everything you need to know

July 7, 2021

Security Think Tank: As offices reopen, address patching and ‘build drift’

July 7, 2021

Opportunists seen targeting Kaseya REvil victims

July 7, 2021

MacOS Targeted in WildPressure APT Malware Campaign

Feeds
July 7, 2021

How the UK Cyber Security Council plans to professionalise security

July 7, 2021

US government given permission to appeal UK’s decision to not extradite Julian Assange

July 7, 2021

Critical Sage X3 RCE Bug Allows Full System Takeovers

July 7, 2021

ICO to probe Hancock over private email use

Feeds
July 7, 2021

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

July 7, 2021

About 60 Kaseya customers hit by REvil

July 6, 2021

Klarna under investigation by Swedish finance watchdog

July 6, 2021

Cyber insurance costs up by a third

Feeds
July 6, 2021

BA reaches settlement in data breach group action

July 6, 2021

Security Think Tank: Returning workers to the office: Is your security posture up to date?

July 6, 2021

SolarWinds hack explained: Everything you need to know

June 16, 2021

What are cloud security frameworks and how are they useful?

Feeds
June 15, 2021

June 1, 2021

National Security Agency (NSA)

May 27, 2021

May 24, 2021

What's the difference between sandboxes vs. containers?

Feeds
May 13, 2021

May 7, 2021

supply chain security

April 30, 2021

April 29, 2021

Feeds
April 21, 2021

unified threat management (UTM)

April 13, 2021

physical security

April 13, 2021

How to fix the top 5 cybersecurity vulnerabilities

March 25, 2021

How to fix the top 5 cybersecurity vulnerabilities

Feeds
March 25, 2021

Top 10 types of information security threats for IT teams

March 3, 2021

February 3, 2021

Azure AD Premium P1 vs. P2: Which is right for you?

December 22, 2020

Feeds
December 14, 2020

Certified Information Systems Auditor (CISA)

November 21, 2020

Red team vs. blue team vs. purple team: What's the difference?

November 4, 2020

Cybersecurity communication key to addressing risk

November 4, 2020

Use and protect backup against COVID-19-related cybercrime

Feeds
April 23, 2020

quantum supremacy

November 26, 2019

Zoom vulnerability reveals privacy issues for users

July 12, 2019

What's the best way to mitigate the risk of GPU malware?

December 7, 2015

Millions left at risk as Android Stagefright fix pushed to September

Feeds
August 18, 2015

Web monitoring software helps keep employees honest

July 7, 2015

Fobber: Drive-by financial malware returns with new tricks

July 1, 2015

Samsung vulnerability affects up to 600 million Android devices

June 17, 2015

After Windows Server 2003 end of life: An emergency action plan

Feeds
June 5, 2015

IRS breach shows the importance of PII security

May 29, 2015

Is paying the ransom the only way to remove ransomware?

May 26, 2015

Google changes Chrome extension policy amid security concerns

May 20, 2015

Comparing the top SSL VPN products

Feeds
April 28, 2015

Insider threat programs need people, not technology

April 28, 2015

To protect privileged users, consider using least privilege principle

March 5, 2014

Web browser protection for users: Adapting to new Web security threats

March 5, 2014

Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks

Feeds
July 31, 2012

Social engineering penetration testing: Four effective techniques

July 18, 2012

Alerts & Advisories

Ransomware Attacks. There has been an increase in ransomware attacks targeting government and private networks globally with the latest on the Kaseya VSA products, hence it is necessary to disseminate this security advisory to all Stakeholders and Ministries Departments and Agencies in Nigeria in order to take adequate preventive measures against ransomware attacks. It is noteworthy to know that all the recent ransomware attack on the Solarwinds, McDonald’s, Microsoft exchange server, JBS, US colonial Pipeline Company, etc has been estimated that the number of the ransomware attacks in 2021 may end up to be as high as 100,000 attacks with each one costing an average of $170,000. The ransom paid by Colonial and JBS combined was about $15 million against FBI advice. Therefore, the growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries.

Advisory
July 7, 2021

Russian GRU Global Brute Force Attacks

July 2, 2021

Microsoft Edge Browser Vulnerabilities

July 1, 2021

Apple Zero-Day Vulnerabilities

May 18, 2021

Best Practices for Preventing Business Disruption from Ransomware Attacks. Malicious cyber actors has consistently deployed ransomware against government and private companies with recently trending attack on the US pipeline company’s information technology (IT) network, and the Japanese Conglomerate Toshiba unit by the DarkSide ransomware group. Critical Information asset owners and operators in Nigeria are therefore advised to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Advisory, including implementing robust network segmentation between IT (Information technology) and OT (Operational Technology) networks; regularly testing manual controls; and ensuring that backups are implemented, regularly tested, and isolated from network connections. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.

Advisory
May 15, 2021

Cellebrite Forensic Software Security Vulnerabilities

April 28, 2021

Cybercriminals Using Telegram messaging service to Distribute ToxicEye Malware

April 28, 2021

Fake LinkedIn Job Offer Malware

April 12, 2021

Phishing Attack Using Fake Google reCAPTCHA to Steal Credential from Microsoft Users. A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations. At least 2,500 such emails have been sent to senior-level employees, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. Once victims “pass” the reCAPTCHA test, they are then redirected to a phishing landing page, which asks for their Office 365 credentials. After filling out the fake reCAPTCHA system, victims are then directed to what appears to be a Microsoft login screen.

Advisory
March 16, 2021

Microsoft Exchange Servers Zero-Day Vulnerability

March 8, 2021

Advisory on Windows Vulnerabilities

February 25, 2021

Security Advisory on Apple Chips Malware

February 23, 2021

Update Advisory for APT Attacks on the SolarWinds Products. After conducting investigations into the Advanced Persistent Threat Compromise of Government Critical National Infrastructure, and Private Sector Organizations Infrastructures, SolarWinds have released an updated advisory for the Sunburst and the SuperNova backdoor that was discovered while investigating the recent SolarWinds Orion supply-chain attack. It was discovered that the SuperNova backdoor was likely used by a separate threat actor. Several teams of researchers have mentioned the existence of two second-stage payloads after the initial disclosure of the SolarWinds attacks.

Advisory
January 4, 2021

APT Compromise of Orion Platforms

January 1, 2021

Security Advisory on Phishing Attacks

December 15, 2020

ADVISORY ON SQL INJECTION VULNERABILITY AND OTHER BASIC NETWORK SECURITY MEASURES

October 16, 2020

Advisory on Intended Nationwide Cyber attack. The recent Classification of Nigeria, Kenya and Egypt by Kaspersky lab as easiest Cyberattack target in Africa with about Five Hundred and seventy-seven (577) attempted malware attacks hourly, is a serious wake up call to the government and the stakeholders in the Cybersecurity industry. This was disclosed in the company’s second quarter Spam and phishing 2020 report.

Advisory
October 15, 2020

ReVoLTE Networks Vulnerability

August 27, 2020

Tecno Phones Vulnerability

August 27, 2020

RV Series Routers Command Injection Vulnerabilities

August 5, 2020

Remote Access Vulnerability. Researchers discovered that attackers can access organizations ‘networks through remote access systems to carry out ransomware attack. This is performed through the remote desktop protocol (RDP) and virtual private networks (VPN). The impact of these attacks can be severe on business operations because data are stolen and sold. Also, the recovery from this attacks is very costly to investigate and remediate the compromised network, and restore encrypted files from backup.

Advisory
July 22, 2020

Cisco Small Business Routers Vulnerabilities

July 17, 2020

New EvilQuest Ransomware for macOS Systems

July 1, 2020

Webex Desktop App Vulnerability

June 24, 2020

SaltStack FrameWork Vulnerabilities in Cisco Products. Researchers discovered numerous critical security vulnerabilities in SaltStack Salt framework – a configuration tool for cloud servers and data centers. Salt is used to monitor and update the state of servers. Each server runs an agent called a "minion" which connects to a "master", a Salt installation that collects state reports from minions and publishes update messages that minions can act on. The vulnerabilities allows attackers to bypass authentication and authorization for arbitrary code execution.

Advisory
June 19, 2020

Multiple Security Vulnerabilities for Adobe Products

June 18, 2020

Multiple Security Vulnerabilities on D-LINK Home Routers

June 17, 2020

Local Privilege Escalation Vulnerability for VMware

June 16, 2020

ngCERT Advisory on Scranos Malware. Scranos is a Trojan horse that steals information from the compromised computer. It may also download potentially malicious files. Scranos cloaks itself as cracked software or apps that pose as legitimate programs, such as ebook readers, video players, drivers, and even security products. Upon execution, a rootkit driver is installed to hide the malware.

Advisory
February 10, 2020

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

February 10, 2020

ngCERT Advisory Microsoft Exchange 2013 and Newer are vulnerable to NTLM relay attacks

February 10, 2020

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

February 10, 2020

ngCERT VMware Tools vulnerability. A vulnerability in VMware Tools is a functionality that was removed from VMware Tools 11.0.0 and it has been determined to affect VMware Tools for Windows version 10.x.y.

Advisory
January 16, 2020

ngCERT 2nd Advisory on WannaCry/WCry/WCrypt0 Ransomware Warm and Remote Desktop Protocol (RDP) & Server Message Block (SMB) Protocol Vulnerability

May 15, 2017

Vulnerabilities

Windows 10 Task Scheduler Zero-Day Vulnerability. Microsoft Windows Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The exploit "functions reliably on 32- and 64-bit Windows 10 platforms, as well as Windows Server 2016 and Windows Server 2019.

Vulnerability
February 10, 2020

Intel Chips Vulnerability

February 10, 2020

Windows BlueKeep Vulnerability

February 10, 2020

ESXi Remote Code Execution Vulnerability

February 10, 2020

Resources

National Cybersecurity Policy and Strategy 2021

READ MORE & DOWNLOAD

National Cybersecurity Policy and Strategy 2021...

Cybercrimes (prohibition, Prevention etc) Act, 2015

READ MORE & DOWNLOAD

The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for...

Draft Data Protection Bill 2020

READ MORE & DOWNLOAD

Draft Data Protection Bill 2020 ...

Videos

List

Collaborations & Membership

antiphishing.ng

"Antiphishing.ng Project is a collaborative effort to create a community driven public repository about phishing that works to build additional tools to benefit the security community at large."

tunCERT

"tunCERT is the National CERT of the Tunisian government under the National Agency for Computer Security. tunCERT is one of the CERT that graciously partook in pioneering ngCERT"

FiRST

"FIRST is a recognized global leader in incident response that brings together a variety of computer security incident response teams from government, commercial, and educational organizations."

Team Cymru

"Team Cymru was formed in 1998 to learn the "who and why" of malicious Internet activity. This focus on attribution resulted in the uncovering of the "what, when, where, and how" of online malevolence"