No recent events yet!
ngCERT’s attention has been drawn to a sophisticated android malware campaign tagged Tria Stealer. The trojan exploits android devices to harvest SMS data, as well as hijack WhatsApp and Telegram accounts. Reportedly, Tria Stealer is spread by luring unsuspecting persons into downloading a malicious Android Package Kit (APK), through fake wedding or event invitations sent on mobile messaging apps. Once installed, the trojan is capable of stealing sensitive data, and exploits the same for account hijacking as well as financial fraud. Consequently, android users and are advised to take proactive steps to safeguard their systems against Tria Stealer infiltration.
Lumma Stealer (also known as LummaC2) is a potent and widely distributed information-stealing malware targeting Windows systems. Operated as Malware-as-a-Service (MaaS) via illicit cybercrime markets, it was recently disrupted by Microsoft in response to its escalating threat profile. Lumma Stealer poses a high risk due to its commercial availability, sophisticated evasion, broad data theft capabilities, and network propagation. Its recent disruption highlights active law enforcement attention, but residual infections and potential re-emergence remain concerns. ngCERT urges organizations to reassess their security measures and implement strategies to mitigate infection risks.
ngCERT is aware of Cisco’s declaration of product End-of-Life (EoL) and End-of-Support (EoS) for Cisco Catalyst 1900, 2900, and 3900 series routers. This implies that Cisco no longer sells or supports the affected devices; hence, software/firmware updates, security patches, and bug fixes will cease. Additionally, technical support and warranty services are discontinued, while hardware replacement/services may become unavailable. The continued use of these devices is liable to introduce significant operational and security risks as well as compliance violations to enterprise and government networks. This advisory therefore, highlights the security risks and consequences associated with the continued use of Cisco Catalyst 1900, 2900, and 3900 Series Routers and provides mitigation strategies for organizations and individuals
ngCERT has discovered a Hypertext Transfer Protocol (HTTP) redirect vulnerability during its routine monitoring of the Nation’s cyberspace. HTTP redirect vulnerabilities, if exploited, can allow attackers to manipulate the redirect process, potentially leading to phishing attacks, unauthorized access, or other malicious activities. HTTP redirect vulnerabilities can be mitigated by Implementing Strong Input Validation, logging, and Monitoring Redirects, and more so users should be informed of HTTP redirect issues.
ngCERT has issued an urgent alert regarding a critical vulnerability (CVE-2024-44276, CVSS 9.1 – Critical) in Apple’s Password App for iOS 18, enabling attackers to hijack user sessions and steal sensitive credentials. The flaw originates from the app’s reliance on an insecure HTTP protocol for data transmission, allowing adversaries on shared networks (e.g., public Wi-Fi) to intercept unencrypted traffic and redirect users to malicious phishing sites. These fraudulent pages mimic legitimate services to harvest login credentials, financial data, and other personal information.
