No recent events yet!
ngCERT is aware of a critical vulnerability referred to as Directory Traversal vulnerability. Directory Traversal also known as Path traversal or directory climbing, is a web application server flaw that enables attackers to gain unauthorized access to files and directories on a server by manipulating file paths. This flaw arises from weak input validation, which allows attackers to navigate outside the designated directory structure. The severity of the impact can vary, however, it often results in significant consequences such as data breaches or unauthorised system access. Additionally, following best practices like regular vulnerability testing, code audits, and implementing access control is essential for preventing exploitation.
ngCERT’s attention has been drawn to a sophisticated android malware campaign tagged Tria Stealer. The trojan exploits android devices to harvest SMS data, as well as hijack WhatsApp and Telegram accounts. Reportedly, Tria Stealer is spread by luring unsuspecting persons into downloading a malicious Android Package Kit (APK), through fake wedding or event invitations sent on mobile messaging apps. Once installed, the trojan is capable of stealing sensitive data, and exploits the same for account hijacking as well as financial fraud. Consequently, android users and are advised to take proactive steps to safeguard their systems against Tria Stealer infiltration.
Lumma Stealer (also known as LummaC2) is a potent and widely distributed information-stealing malware targeting Windows systems. Operated as Malware-as-a-Service (MaaS) via illicit cybercrime markets, it was recently disrupted by Microsoft in response to its escalating threat profile. Lumma Stealer poses a high risk due to its commercial availability, sophisticated evasion, broad data theft capabilities, and network propagation. Its recent disruption highlights active law enforcement attention, but residual infections and potential re-emergence remain concerns. ngCERT urges organizations to reassess their security measures and implement strategies to mitigate infection risks.
ngCERT is aware of Cisco’s declaration of product End-of-Life (EoL) and End-of-Support (EoS) for Cisco Catalyst 1900, 2900, and 3900 series routers. This implies that Cisco no longer sells or supports the affected devices; hence, software/firmware updates, security patches, and bug fixes will cease. Additionally, technical support and warranty services are discontinued, while hardware replacement/services may become unavailable. The continued use of these devices is liable to introduce significant operational and security risks as well as compliance violations to enterprise and government networks. This advisory therefore, highlights the security risks and consequences associated with the continued use of Cisco Catalyst 1900, 2900, and 3900 Series Routers and provides mitigation strategies for organizations and individuals
ngCERT has discovered a Hypertext Transfer Protocol (HTTP) redirect vulnerability during its routine monitoring of the Nation’s cyberspace. HTTP redirect vulnerabilities, if exploited, can allow attackers to manipulate the redirect process, potentially leading to phishing attacks, unauthorized access, or other malicious activities. HTTP redirect vulnerabilities can be mitigated by Implementing Strong Input Validation, logging, and Monitoring Redirects, and more so users should be informed of HTTP redirect issues.
