ngcert | Home

Friday, Sep 17, 2021
Abuja, NG 19°C
Contact us
About us
FAQ

InfoSec NEWS FEEDS

National Cybersecurity Capacity Review for Nigeria

Event

Keynote Excerpts From the speech delivered by National Security Adviser during the recent lunching of the National Security Strategy

Article

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

Advisory

Windows BlueKeep Vulnerability

Vulnerability

Cisco Issues Critical Fixes for High-End Nexus Gear

Feed

WELCOME TO NIGERIA COMPUTER EMERGENCY RESPONSE TEAM (ngCERT)

The Nigeria Computer Emergency Response Team has the mission to achieve a safe, secure and resilient cyberspace in Nigeria that provides opportunities for national prosperity. ngCERT is
established to prepare, protect, and secure the Nigerian cyberspace in anticipation of
attacks, problems, or events. ngCERT is saddled with the responsibility of
reducing the volume of future incidents.

PREPARATION

Incident Response Plan

IDENTIFICATION

What is the Incident?

CONTAINMENT

Contain the Issue immediately

INVESTIGATION

Determine the cause of the incident

ERADICATION

Get Rid of the issue

RECOVERY

Restore service as fast as possible

InfoSec Feeds

Cisco Issues Critical Fixes for High-End Nexus Gear

Feeds
August 25, 2021

UK loses £1.3bn to fraud and cyber crime so far this year

August 25, 2021

Calling the cops for ransomware attacks doesn’t help, say cyber pros

August 25, 2021

Win10 Admin Rights Tossed Off by Yet Another Plug-In

August 25, 2021

California Man Hacked iCloud Accounts to Steal Nude Photos

Feeds
August 25, 2021

US Media, Retailers Targeted by New SparklingGoblin APT

August 25, 2021

Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day

August 24, 2021

Custom WhatsApp Build Delivers Triada Malware

August 24, 2021

Effective Threat-Hunting Queries in a Redacted World

Feeds
August 24, 2021

Poly Network Recoups $610M Stolen from DeFi Platform

August 24, 2021

13 million malware attacks on Linux seen in wild

August 24, 2021

Half of MS Exchange servers at risk in ProxyShell debacle

August 24, 2021

The ransomware debate – to pay or not to pay?

Feeds
August 24, 2021

Over a million opt out of NHS data-sharing

August 24, 2021

Campaign groups claim police have bypassed Parliament with plans for live facial-recognition tech

August 24, 2021

August 23, 2021

Considerations when deciding on a new SIEM or SOAR tool

Feeds
August 23, 2021

August 23, 2021

ProxyShell Attacks Pummel Unpatched Exchange Servers

August 23, 2021

Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs

August 23, 2021

Swedish IT industry braced for China’s response to Huawei 5G ban

Feeds
August 20, 2021

Security Think Tank: Data privacy not in isolation, but on a spectrum

August 20, 2021

Pub apps harvesting swathes of customer data unnecessarily

August 19, 2021

IT leaders fear ‘trickle-down’ of nation-state cyber attacks

August 19, 2021

MoD seeks security tech to harden military systems

Feeds
August 18, 2021

Global VPN downloads soar in first half of 2021

August 18, 2021

Security Think Tank: Data privacy and ethics in a post-Covid world

August 18, 2021

Educational publisher Pearson fined for data breach cover-up

August 17, 2021

Security Think Tank: Building privacy-preserving apps and platforms

Feeds
August 17, 2021

Nearly half of retailers hit by ransomware in 2020

August 16, 2021

When is SIEM the right choice over SOAR?

August 16, 2021

The differences between open XDR vs. native XDR

August 11, 2021

Is bitcoin safe? How to secure your bitcoin wallet

Feeds
August 6, 2021

How to defend against TCP port 445 and other SMB exploits

August 3, 2021

What is cybersecurity?

August 2, 2021

DOS (disk operating system)

July 30, 2021

Recent surge in ransomware attacks threatens national security

Feeds
July 30, 2021

ransomware as a service (RaaS)

July 29, 2021

Use a decentralized identity framework to reduce enterprise risk

July 27, 2021

What is integrated risk management (IRM)?

July 20, 2021

Malware vs. ransomware: What's the difference?

Feeds
July 13, 2021

Colonial Pipeline hack explained: Everything you need to know

July 7, 2021

SolarWinds hack explained: Everything you need to know

June 16, 2021

What are cloud security frameworks and how are they useful?

June 15, 2021

Feeds
June 1, 2021

National Security Agency (NSA)

May 27, 2021

May 24, 2021

What's the difference between sandboxes vs. containers?

May 13, 2021

Feeds
May 7, 2021

supply chain security

April 30, 2021

How to fix the top 5 cybersecurity vulnerabilities

March 25, 2021

Top 10 types of information security threats for IT teams

March 3, 2021

Use and protect backup against COVID-19-related cybercrime

Feeds
April 23, 2020

quantum supremacy

November 26, 2019

Zoom vulnerability reveals privacy issues for users

July 12, 2019

What's the best way to mitigate the risk of GPU malware?

December 7, 2015

Millions left at risk as Android Stagefright fix pushed to September

Feeds
August 18, 2015

Web monitoring software helps keep employees honest

July 7, 2015

Fobber: Drive-by financial malware returns with new tricks

July 1, 2015

Samsung vulnerability affects up to 600 million Android devices

June 17, 2015

After Windows Server 2003 end of life: An emergency action plan

Feeds
June 5, 2015

IRS breach shows the importance of PII security

May 29, 2015

Is paying the ransom the only way to remove ransomware?

May 26, 2015

Google changes Chrome extension policy amid security concerns

May 20, 2015

Comparing the top SSL VPN products

Feeds
April 28, 2015

Insider threat programs need people, not technology

April 28, 2015

To protect privileged users, consider using least privilege principle

March 5, 2014

Web browser protection for users: Adapting to new Web security threats

March 5, 2014

Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks

Feeds
July 31, 2012

Social engineering penetration testing: Four effective techniques

July 18, 2012

Alerts & Advisories

Fortinet Leaked VPN Account Credentials. A malicious actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. These credentials were reported to be obtained from systems that remained unpatched against FG-IR-18-384 / CVE-2018-13379 at the time of the actor's scan.

Advisory
September 10, 2021

COVID-19 RELATED SCAMS

August 25, 2021

Ransomware Attacks

July 7, 2021

Russian GRU Global Brute Force Attacks

July 2, 2021

Microsoft Edge Browser Vulnerabilities. A Microsoft Edge vulnerability that could allow hackers steal secrets from any website was discovered and thereby prompting Microsoft to release updates for the Edge browser, including a fix. This bypass vulnerability could allow a remote attacker to bypass implemented security restrictions to inject and execute arbitrary code on any website just by sending a message.

Advisory
July 1, 2021

Apple Zero-Day Vulnerabilities

May 18, 2021

Best Practices for Preventing Business Disruption from Ransomware Attacks

May 15, 2021

Cellebrite Forensic Software Security Vulnerabilities

April 28, 2021

Cybercriminals Using Telegram messaging service to Distribute ToxicEye Malware. Researchers discovered that Telegram instant messaging service is being used by malicious actors to manage a remote access trojan (RAT) called ToxicEye. These cyber criminals are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. More than 130 attacks involving the ToxicEye RAT has been discovered recently, and warning that even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app.

Advisory
April 28, 2021

Fake LinkedIn Job Offer Malware

April 12, 2021

Phishing Attack Using Fake Google reCAPTCHA to Steal Credential from Microsoft Users

March 16, 2021

Microsoft Exchange Servers Zero-Day Vulnerability

March 8, 2021

Advisory on Windows Vulnerabilities. Cybercriminals are actively taking advantage of weaknesses in Windows and deploying malware for nefarious purposes. Windows has been a direct target of attacks by malware, more than 80% of malware detected are from windows according to latest discovery. This amongst others includes two updated versions of LodaRAT malware, TrickBot malware and the Zerologon flaws.

Advisory
February 25, 2021

Security Advisory on Apple Chips Malware

February 23, 2021

Update Advisory for APT Attacks on the SolarWinds Products

January 4, 2021

APT Compromise of Orion Platforms

January 1, 2021

Security Advisory on Phishing Attacks. Phishing attacks are the most common and effective cyber security threat to individuals, businesses and organizations. Phishing is the delivery mechanism of choice for ransomware and other malware and it is a critical problem that every organization must address through a variety of means. Most phishing messages indicate immediate action is needed to avoid an unwanted time-sensitive consequence. It is important to be suspicious of all requests, and review messages carefully to determine if the message may be a phishing scam.

Advisory
December 15, 2020

ADVISORY ON SQL INJECTION VULNERABILITY AND OTHER BASIC NETWORK SECURITY MEASURES

October 16, 2020

Advisory on Intended Nationwide Cyber attack

October 15, 2020

ReVoLTE Networks Vulnerability

August 27, 2020

Tecno Phones Vulnerability. Researchers has discovered critical security risk with Tecno Android phones which has a pre-installed malware called Triada. Malware which signed users up to subscription services without their permission was discovered on thousands of Tecno mobile phones sold in Africa. Anti-fraud firm Upstream found the malicious code on Tecno handsets sold in Ethiopia, Cameroon, Egypt, Ghana and South Africa.

Advisory
August 27, 2020

RV Series Routers Command Injection Vulnerabilities

August 5, 2020

Remote Access Vulnerability

July 22, 2020

Cisco Small Business Routers Vulnerabilities

July 17, 2020

New EvilQuest Ransomware for macOS Systems. A new ransomware known as EvilQuest has been discovered by security researchers. This ransomware was first spotted to be impersonating the Google Software Update program, and on torrent sites, injected in installers wrapping pirated versions of popular macOS software such as Little Snitch, Ableton Live, and Mixed in key. EvilQuest ransomware is discovered to encrypt macOS systems, installs a keylogger and a reverse shell for full control over infected host, and exfiltrates files that contain valuable information (keys to cryptocurrency wallets, code-signing certificates, and many more) with a variety of extensions (eg .pdf, .doc, .jpg, .txt, .pages, .wallet, .zip, etc).

Advisory
July 1, 2020

Webex Desktop App Vulnerability

June 24, 2020

SaltStack FrameWork Vulnerabilities in Cisco Products

June 19, 2020

Multiple Security Vulnerabilities for Adobe Products

June 18, 2020

Multiple Security Vulnerabilities on D-LINK Home Routers. Researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware. The reported vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. There are also likelihood that some of these vulnerabilities are present in newer models of the router because of the similiarities in codebase.

Advisory
June 17, 2020

Local Privilege Escalation Vulnerability for VMware

June 16, 2020

ngCERT Advisory on Scranos Malware

February 10, 2020

ngCERT Advisory 19-years-old WinRAR vulnerability leads to over 100 malware exploits

February 10, 2020

ngCERT Advisory Microsoft Exchange 2013 and Newer are vulnerable to NTLM relay attacks. ngCERT Advisory Microsoft Exchange 2013 and Newer are vulnerable to NTLM relay attacks

Advisory
February 10, 2020

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

February 10, 2020

ngCERT VMware Tools vulnerability

January 16, 2020

ngCERT 2nd Advisory on WannaCry/WCry/WCrypt0 Ransomware Warm and Remote Desktop Protocol (RDP) & Server Message Block (SMB) Protocol Vulnerability

May 15, 2017

Vulnerabilities

Windows 10 Task Scheduler Zero-Day Vulnerability. Microsoft Windows Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The exploit "functions reliably on 32- and 64-bit Windows 10 platforms, as well as Windows Server 2016 and Windows Server 2019.

Vulnerability
February 10, 2020

Intel Chips Vulnerability

February 10, 2020

Windows BlueKeep Vulnerability

February 10, 2020

ESXi Remote Code Execution Vulnerability

February 10, 2020

Resources

National Cybersecurity Policy and Strategy 2021

READ MORE & DOWNLOAD

National Cybersecurity Policy and Strategy 2021...

Cybercrimes (prohibition, Prevention etc) Act, 2015

READ MORE & DOWNLOAD

The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for...

Draft Data Protection Bill 2020

READ MORE & DOWNLOAD

Draft Data Protection Bill 2020 ...

Videos

List

Collaborations & Membership

antiphishing.ng

"Antiphishing.ng Project is a collaborative effort to create a community driven public repository about phishing that works to build additional tools to benefit the security community at large."

tunCERT

"tunCERT is the National CERT of the Tunisian government under the National Agency for Computer Security. tunCERT is one of the CERT that graciously partook in pioneering ngCERT"

FiRST

"FIRST is a recognized global leader in incident response that brings together a variety of computer security incident response teams from government, commercial, and educational organizations."

Team Cymru

"Team Cymru was formed in 1998 to learn the "who and why" of malicious Internet activity. This focus on attribution resulted in the uncovering of the "what, when, where, and how" of online malevolence"