WhiteHat NG is Nigeria's leading CERT-style Information Sharing and Analysis Center (ISAC). Founded in 2019, it serves as a people's Computer Emergency Response Team, providing cybersecurity advisories, vulnerability disclosure services, and threat intelligence to protect Nigerian cyberspace. WhiteHat NG publishes security advisories about vulnerabilities and threats affecting Nigerian organizations and citizens.

How do I report a security vulnerability to WhiteHat NG?

You can report security vulnerabilities through WhiteHat NG's Vulnerability Disclosure Program (VDP) at whitehat.ng/vdp/report. The platform accepts reports about vulnerabilities in Nigerian digital infrastructure, government systems, and private sector applications. All reports are handled confidentially by trained security professionals who coordinate responsible disclosure with affected organizations.

What types of security advisories does WhiteHat NG publish?

WhiteHat NG publishes four severity levels of security advisories: Critical (immediate action required), High (significant risk), Medium (moderate risk), and Low (minimal risk). Advisories cover topics including software vulnerabilities, malware campaigns, phishing attacks, data breaches, and emerging cyber threats affecting Nigeria. All advisories are available via web and RSS feed at whitehat.ng/advisories.

Is WhiteHat NG affiliated with the Nigerian government?

WhiteHat NG operates as an independent, community-driven cybersecurity organization. While it collaborates with government agencies and private sector partners on security matters, it maintains independence to serve as a trusted neutral party for vulnerability disclosure and security coordination. This independence allows WhiteHat NG to advocate for both security researchers and affected organizations.

How can organizations partner with WhiteHat NG?

Organizations can partner with WhiteHat NG through several programs: becoming an information sharing partner for threat intelligence, participating in the Vulnerability Disclosure Program as a receiving organization, sponsoring cybersecurity awareness initiatives, or contributing to advisory development. Contact partnerships@whitehat.ng or visit the About page for more information on collaboration opportunities.

Back to advisories

High

June 20, 2024

1 min read

Addressing Threats to Our Educational and Government Websites

Our analysis reveals that threat groups specializing in website defacement and backdoor access are targeting the educational and government sectors.

defacement government education backdoor web-security alert

Alert: Addressing Threats to Our Educational and Government Websites

Threat Summary

Our analysis reveals that threat groups specializing in website defacement and backdoor access are actively targeting the educational and government sectors in Nigeria.

Attack Vectors Observed

Exploitation of unpatched CMS vulnerabilities
SQL injection attacks
Cross-site scripting (XSS) leading to account compromise

Affected Sectors

Sector	Risk Level
Education (.edu.ng)	High
Government (.gov.ng)	Critical
State Governments	High

Recommendations

Audit all public-facing web applications
Update CMS platforms and plugins
Implement Web Application Firewall (WAF)
Enable multi-factor authentication

WhiteHat NG Security Alert