No recent events yet!
ngCERT has detected about 78 (medium to low) vulnerabilities primarily impacting Microsoft Windows components like Windows Digital Media and Secure Boot, as well as Dell firmware. These weaknesses include elevation of privilege (EoP), security feature bypasses, and improper access controls, with CVSS v3.1 scores from 4.3 to 8.1 (low to high severity). Most of these require local access, but exploitation could lead to system compromise or data exposure. Although the vulnerabilities have been patched, there is the urgent need for these systems to be updated and the patches applied, in order to safeguard against exploits and possible cyberattacks.
ngCERT has detected over 100 (Critical and high) vulnerabilities primarily affecting Microsoft Windows components like Office and few third-party issues. Key risks include remote code execution (RCE), elevation of privilege (EoP), and zero-day exploits, with high CVSS scores (up to 9.8). Ten critical flaws and eight zero-days were noted, some actively exploited and listed in the US Cybersecurity and Infrastructure Security Agency's catalog. It is pertinent to note that these vulnerabilities have been patched by Microsoft, hence the urgent need for system updates and the application of available patches.
ngCERT has identified a malware tagged Necurs, a family of malware containing rootkit capabilities that was used to form one of the world’s largest criminal botnets. Necurs has both a user and kernel mode component used to access systems at the root level and dynamically load additional modules. It is distributed via exploit kits as well as through other malware such as the Zeus Trojan and has been used to deliver Dridex trojan and Locky malware through spam campaigns. Enforcing a strong password policy and implementing regular password changes as well as enabling a personal firewall on workstation could mitigate Necurs malware effects.
ngCERT is aware of the discovery of “Cobalt Strike Beacon” malware on Nigeria cyberspace. Cobalt Strike Beacon is the central payload of the commercial Cobalt Strike red-team framework, originally designed for penetration testing but increasingly abused by threat actors. The Beacon is a versatile and stealthy implant that provides attackers with command-and-control (C2) capabilities, post-exploitation tools, and the ability to persist in target networks. Its modularity, encryption features, and ability to mimic legitimate traffic make it one of the most commonly observed payloads in advanced cyber intrusions. While a legitimate security tool, Cobalt Strike has been weaponized by ransomware operators, state-backed advanced persistent threats (APTs), and financially motivated cybercriminals. Its widespread misuse has made it a critical security concern for governments, enterprises, and research institutions worldwide.
ngCERT is aware of a persistent “AdLoad” malware infiltrating macOS through deceptive installers and bypasses Apple’s native security protections. Once installed, it hijacks browsers, injects unwanted advertisements, and collects user data while embedding itself deeply via launch agents, login items, and configuration profiles to maintain persistence. Detecting AdLoad can be challenging due to its stealthy nature and use of legitimate system mechanisms. Manual detection involves inspecting login items, system profiles, and startup agents, but these methods may miss advanced variants. Proactive monitoring, regular audits, and user education are essential to mitigate risk and protect system integrity. The malware exemplifies the increasing sophistication of macOS threats, making layered defense and timely detection critical to maintaining secure computing environments.
