No recent events yet!
ngCERT is aware of the global IT outage affecting various services and platforms resulting in widespread system crashes and the "blue screen of death" (BSOD). This outage resulted from the release of a software update by CrowdStrike Falcon agent for Windows clients and servers. No impact was recorded for Mac and Linux users. The outage, estimated to have affected about 8.5 million users, disrupted many businesses and the daily routines of many individuals. Malicious actors are currently exploiting this vulnerability to launch various attacks against CrowdStrike customers. Consequently, users are strongly advised to implement the latest security updates from CrowdStrike and Microsoft to address this critical issue.
ngCERT has become aware of multiple high severity vulnerabilities in some Ivanti products that affect the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities can be exploited by unauthenticated attackers to send specially crafted requests that can crash the vulnerable systems and services, resulting in a denial-of-service (DoS) condition. In some cases, the attackers may also be able to execute arbitrary code or access sensitive information on the compromised systems. ngCERT urges individuals and organizations using the affected products to apply the available patches from Ivanti as soon as possible to prevent potential attacks by cyber criminals.
ngCERT is aware of a critical security flaw in several versions of Fortinet Operating System (FortiOS). The vulnerability dubbed (CVE-2024-21762) with a CVSS score of 9.6, is an out-of-bounds write vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or command on Fortinet SSL VPNs via specially crafted HTTP requests. It is pertinent to note that other recent Fortinet SSL VPN vulnerabilities identified as (CVE-2022-42475, CVE-2022-41328, and CVE-2023-27997) have been exploited by cybercriminals as both zero-day and n-day following public disclosure. Consequently, ngCERT advises individuals and organizations to take immediate steps to protect their systems from exploitation by threat actors.
ngCERT has identified a new version of the Anatsa banking trojan that targets Android devices and steals banking credentials and financial information from users. The trojan masquerades as a PDF and QR code reader and uses advanced remote-control and evasion techniques to bypass security measures and display fake login screens. The trojan has been distributed through various apps on the Google Play Store and has infected over 70,000 devices. ngCERT urges Android users to exercise caution when downloading apps and to follow the recommendations below to protect their devices and accounts.
ngCERT has detected an increase in ransomware attacks by the Phobos ransomware group, specifically targeting critical cloud service providers within our national cyberspace. We are actively collaborating with vulnerable and affected organizations to swiftly resolve these incidents and prevent further escalation. The most at-risk entities include providers of information technology and telecommunication services, such as managed cloud services, whose clients include critical government agencies, financial institutions, telecommunications, education, healthcare, service providers, and NGOs in Nigeria. It is essential for organizations to proactively implement the mitigation strategies outlined in this document to help prevent the spread of the malware.
