No recent events yet!
ngCERT is aware of a critical security flaw in several versions of Fortinet Operating System (FortiOS). The vulnerability dubbed (CVE-2024-21762) with a CVSS score of 9.6, is an out-of-bounds write vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or command on Fortinet SSL VPNs via specially crafted HTTP requests. It is pertinent to note that other recent Fortinet SSL VPN vulnerabilities identified as (CVE-2022-42475, CVE-2022-41328, and CVE-2023-27997) have been exploited by cybercriminals as both zero-day and n-day following public disclosure. Consequently, ngCERT advises individuals and organizations to take immediate steps to protect their systems from exploitation by threat actors.
ngCERT has identified a new version of the Anatsa banking trojan that targets Android devices and steals banking credentials and financial information from users. The trojan masquerades as a PDF and QR code reader and uses advanced remote-control and evasion techniques to bypass security measures and display fake login screens. The trojan has been distributed through various apps on the Google Play Store and has infected over 70,000 devices. ngCERT urges Android users to exercise caution when downloading apps and to follow the recommendations below to protect their devices and accounts.
ngCERT has detected an increase in ransomware attacks by the Phobos ransomware group, specifically targeting critical cloud service providers within our national cyberspace. We are actively collaborating with vulnerable and affected organizations to swiftly resolve these incidents and prevent further escalation. The most at-risk entities include providers of information technology and telecommunication services, such as managed cloud services, whose clients include critical government agencies, financial institutions, telecommunications, education, healthcare, service providers, and NGOs in Nigeria. It is essential for organizations to proactively implement the mitigation strategies outlined in this document to help prevent the spread of the malware.
ngCERT is issuing an urgent security advisory regarding a critical vulnerability within Microsoft Windows Wi-Fi drivers, designated as CVE-2024-30078. This severe Remote Code Execution (RCE) flaw affects all current Microsoft Windows versions, with particular emphasis on Windows 10 and 11. An attacker, without requiring authentication, can exploit this vulnerability by transmitting a malicious network message to a vulnerable Wi-Fi driver, leading to arbitrary code execution on the target system. This may result in unauthorized malware installation, complete system compromise, and the potential theft or manipulation of sensitive information. Users are strongly advised to implement the latest security updates from Microsoft, addressing this critical issue.
ngCERT is aware of the resurgence of Andromeda malware, also known as Gamarue, Wauchos, and Andromeda Stealer, which is a dangerous Trojan horse with multiple malicious capabilities. This malware has been used by threat actors to create a network of infected computers, known as Andromeda Botnet, which can be used to launch further attacks by distributing other malwares such as ransomwares, banking Trojans, Distributed Denial of Service (DDos), spam bot and backdoor. Despite the takedown of the Andromeda botnet by US and Europe law enforcement agencies in 2017, new variants have been detected, infecting systems worldwide, including Nigeria. ngCERT advises individuals and organisations to take immediate steps to protect their systems and data from Andromeda and other malware threats.
