WhiteHat NG is Nigeria's leading CERT-style Information Sharing and Analysis Center (ISAC). Founded in 2019, it serves as a people's Computer Emergency Response Team, providing cybersecurity advisories, vulnerability disclosure services, and threat intelligence to protect Nigerian cyberspace. WhiteHat NG publishes security advisories about vulnerabilities and threats affecting Nigerian organizations and citizens.

How do I report a security vulnerability to WhiteHat NG?

You can report security vulnerabilities through WhiteHat NG's Vulnerability Disclosure Program (VDP) at whitehat.ng/vdp/report. The platform accepts reports about vulnerabilities in Nigerian digital infrastructure, government systems, and private sector applications. All reports are handled confidentially by trained security professionals who coordinate responsible disclosure with affected organizations.

What types of security advisories does WhiteHat NG publish?

WhiteHat NG publishes four severity levels of security advisories: Critical (immediate action required), High (significant risk), Medium (moderate risk), and Low (minimal risk). Advisories cover topics including software vulnerabilities, malware campaigns, phishing attacks, data breaches, and emerging cyber threats affecting Nigeria. All advisories are available via web and RSS feed at whitehat.ng/advisories.

Is WhiteHat NG affiliated with the Nigerian government?

WhiteHat NG operates as an independent, community-driven cybersecurity organization. While it collaborates with government agencies and private sector partners on security matters, it maintains independence to serve as a trusted neutral party for vulnerability disclosure and security coordination. This independence allows WhiteHat NG to advocate for both security researchers and affected organizations.

How can organizations partner with WhiteHat NG?

Organizations can partner with WhiteHat NG through several programs: becoming an information sharing partner for threat intelligence, participating in the Vulnerability Disclosure Program as a receiving organization, sponsoring cybersecurity awareness initiatives, or contributing to advisory development. Contact partnerships@whitehat.ng or visit the About page for more information on collaboration opportunities.

Advisory on Cybersecurity Measures for Financial Institutions

To: All Banks

The Committee of Chief Information Security Officers (CISO) of financial institutions has issued a critical advisory regarding the increasing threat posed by cyber actors targeting banks. These threats exploit vulnerabilities and misconfigurations within process flow applications, specifically ProcessMaker. To mitigate potential attacks within your organization, we recommend the immediate implementation of the following measures:

Recommendations for Immediate Implementation

Risk and Exposure Discovery
- Conduct a thorough review of the architectural diagram for in-branch applications. Highlight all points of connection, integration, APIs, and other vulnerabilities.
Remove External Exposure
- Ensure that the Process flow application is not accessible from the internet. Access should be restricted to internal networks only (e.g., via VPN or secure internal access).
Change Default Credentials and Service Account Restrictions
- Review and change the password of the default admin account immediately. Enforce strict monitoring of service accounts and disable interactive logins to prevent misuse or unauthorized access.
Monitor Triggers and Workflows
- Closely monitor all Process flow triggers, workflows, and scripts for unauthorized modifications or suspicious activities.
SIEM Monitoring, File Integrity Monitoring, and DAM Monitoring
- Ensure that all Process flow application servers and associated database servers are fully integrated with Security Information and Event Management (SIEM) and File Integrity Monitoring (FIM) solutions for continuous oversight.
Privileged Access Management
- Onboard all generic, local, and domain accounts related to the application into a Privileged Access Management (PAM) system.
Review File Upload and Script Execution Controls
- Implement strict validation and monitoring of file uploads within workflows. Disable the execution of unauthorized scripts on the Process flow server to prevent remote code execution and malicious workflow manipulation.
Transaction Monitoring
- Ensure that all transactions initiated through the Process flow application are routed through the bank's fraud monitoring systems to enhance the detection of suspicious activities.
Disable Unnecessary APIs and External Integrations
- Review and restrict all Process flow APIs, web services, and third-party integrations. Unused or unsecured APIs may expose sensitive workflow data or allow unauthorized transactions.
Immediate Review of Process Flow Applications
- Conduct an immediate security review of all Process flow deployments within the bank's environment to ensure compliance with the recommended controls.

Additional Feedback

Brian Reale, CEO of ProcessMaker, has acknowledged these recommendations, emphasizing that external exposure is not the primary concern. The critical issue lies in running outdated software in an insecure setup. Organizations using ProcessMaker version 3.9.3 or higher (released in September 2025) have significantly reduced risk.
Furthermore, regardless of the application in use, it is imperative to implement Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to bolster security.

Action is essential to safeguard your institution against potential cyber threats. We urge all banks to prioritize these recommendations.