No recent events yet!
ngCERT is aware of a critical zero-day vulnerability affecting all Versa Director, a widely used network management platform. The vulnerability is an Advanced Persistent Threat (APT) linked to the Volt Typhoon Hacking Group (VTHG), it enables unauthorized users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to potentially upload malicious files which could lead to privilege escalation and remote code execution. Exposed management ports leave individuals and organizations vulnerable to unauthorized access, data breaches, and network attacks. This can result in significant loss of sensitive information, financial damage, and compromised system integrity. Individuals and organizations using Versa Director software should promptly take steps to mitigate this exploitation.
ngCERT is issuing an urgent security alert regarding the dangers and risks associated with expired Secure Socket Layer (SSL) certificates, which are increasingly observed within Nigerian cyberspace. SSL is essential for web services as it ensures end-to-end encrypted communication between client and server over the Internet. However, if an SSL certificate on the server side expires, this secure communication is compromised, exposing users to cyber threats. Malicious actors can exploit this vulnerability to execute phishing attacks and Man-in-the-Middle (MitM) attacks, among others, leading to data breaches, data theft, reputational damage, financial losses, and Denial of Service (DoS) attacks. Given these risks, users are advised to renew expired SSL certificates and implement other recommended mitigation steps.
ngCERT is issuing an urgent security advisory regarding a high-severity vulnerability in Veeam Backup and Replication (VBR) software, recently exploited by ransomware groups. The flaw is designated CVE-2023-27532, affecting VBR versions 12 and below. Threat actors exploit this weakness by obtaining encrypted and plaintext credentials stored in the configuration database, which is further used to elevate privileges and execute arbitrary code on affected systems. The successful exploitation of the vulnerability may result in malware installation, system takeover, data exfiltration and ultimately ransomware attacks. It is pertinent to note that, the Phobos ransomware group recently exploited this flaw in a ransomware attack on a cloud infrastructure, within the Nigerian Cyberspace. Accordingly, users are strongly advised to implement the latest security patches from VBR and other mitigation steps recommended herein.
ngCERT is aware of the global IT outage affecting various services and platforms resulting in widespread system crashes and the "blue screen of death" (BSOD). This outage resulted from the release of a software update by CrowdStrike Falcon agent for Windows clients and servers. No impact was recorded for Mac and Linux users. The outage, estimated to have affected about 8.5 million users, disrupted many businesses and the daily routines of many individuals. Malicious actors are currently exploiting this vulnerability to launch various attacks against CrowdStrike customers. Consequently, users are strongly advised to implement the latest security updates from CrowdStrike and Microsoft to address this critical issue.
ngCERT has become aware of multiple high severity vulnerabilities in some Ivanti products that affect the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities can be exploited by unauthenticated attackers to send specially crafted requests that can crash the vulnerable systems and services, resulting in a denial-of-service (DoS) condition. In some cases, the attackers may also be able to execute arbitrary code or access sensitive information on the compromised systems. ngCERT urges individuals and organizations using the affected products to apply the available patches from Ivanti as soon as possible to prevent potential attacks by cyber criminals.
