UGCERT is aware of a high-severity security flaw in the Chrome browser that has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability is a type of confusion bug in the V8 JavaScript and WebAssembly engine. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC)…
QR code phishing, often referred to as “quishing,” is an emerging cybersecurity threat that leverages the convenience of QR codes to deceive users into giving out sensitive information or installing malware on their systems. As QR codes become more integrated into everyday transactions and communications, understanding and mitigating this risk…
UGCERT is aware of a large-scale extortion campaign that has compromised multiple organizations by exploiting publicly accessible environment variable files (.env) containing credentials linked to cloud and social media applications. The campaign is notable for setting its attack infrastructure within the infected organizations’ Amazon Web Services (AWS) environments and using…
Insider threats are individuals within an organization who misuse their access rights to systems, to compromise data security. These threats can be intentional (malicious) or unintentional (accidental). Types of Insider Threats To Reduce the Risk of Insider Threats: Secure Your Devices: Ensure all your devices are password-protected and avoid leaving…
Colville Street, Communications House
P.O. Box 7376
Kampala, Uganda
Tel: + 256 414 339000/ 312 339000
Fax: + 256 414 348832
E-mail: cert@ucc.co.ug