NCC urges consumers on automatic antivirus updates to avoid vulnerabilities

*The Nigerian Communications Commission alerts consumers to timely information about current security issues and vulnerabilities, and offers measures to prevent exposure to cyberthreats in the country’s ICT/Telecoms ecosystem

Isola Moses | ConsumerConnect

As part of the telecoms sector regulatory Commission’s consumer education and sensitisation initiatives, the Nigerian Communications Commission (NCC) has advised telecoms consumers and other Information and Communications Technology (ICT) end users to always enable automatic update features for AVAST and AVG antiviruses to prevent potential cyber vulnerabilities.

ConsumerConnect reports the NCC disclosed this was contained in a new advisory released by the Computer Security Incident Response Team (CSIRT), the cybersecurity centre for the telecoms sector established by the Commission, in continuation of its resolve to always keep Nigerians safe in the cyber space.

READ ALSO CyberEspionage: NCC Alerts Nigerians To Hackers’ Targeting Telcos, ISPs, Others

Dr. Ikechukwu Adinde, Director of Public Affairs at NCC, Sunday, May 22, 2022, stated the advisory noted that cyber vulnerability in AVAST and AVG Antiviruses could lead to attacks on millions of devices with high impact in terms of consequences to the ICT user. The Commission said the threat types as a result of this vulnerability are Bypass Authentication, Remote Code Execution and Unauthorised Access while consequences range from Privilege Escalation, Bypass Security Products, Overwrite System Components and corrupting the Operating System (OS).

Dr. Adinde also said the CSIRT noted that researchers at SentinelOne security firm have discovered two potentially damaging vulnerabilities in AVAST and AVG antivirus products that allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.

READ ALSO Security: Government Upgrades Emergency Communications Centres For Improved Efficiency, Says NCC

“Two vulnerabilities identified as CVE-2022-26522 and CVE-2022-26523 targeted the “Anti Rootkit” driver of Avast antivirus (also used by AVG) allowing an attacker with limited privileges on the targeted system to execute code in system mode (kernel mode) and take complete control of the device. Moreover, the vulnerabilities allow complete take-over of a device, even without privileges, due to the ability to execute code in kernel mode,” said the CSIRT.

READ ALSO Special Report: 2022 WCRD And Consumer Protection Against Market Abuses In Digital Financial Services Ecosystem

On how the Internet/ICT users can prevent vulnerability to cyberthreats in the country’s ICT/Telecoms ecosystem, the NCC however, said the cybersecurity centre offered a tripartite measures that should be taken by Internet/ICT users to prevent being vulnerable to the cyberthreats.

They include enabling automatic update feature for AVAST and AVG antiviruses, upgrading AVAST and AVG antiviruses to version 22.1.2504, as well as carrying out regular patch management, noted the Commission.

Kindly Share This Story