Welcome to KENET CERT

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions.

KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.

KENET CERT News

  • UPDATE: As of 2018-02-28, more attack using the memcached reflection vector have been unleashed on the Internet. Operators are asked to port filter (Exploitable Port Filters), rate limits the port 11211 UDP traffic (ingress and egress), and clean up any memcached exposed to the Internet (iptables on UNIX works).  These mitigations should be on IPv4 and IPv6!

  • Joomla! 3.7.4 is now available. This is a security release for the 3.x series of Joomla! which includes two security vulnerability fixes and over 50 bug fixes and improvements. We strongly recommend that you update your sites immediately.

    What's in 3.7.4?

    Joomla! 3.7.4 is released to address security issues as well as several bugs.

    Security Issues Fixed

  • Systems Affected

    Microsoft Windows operating systems

    Overview

    This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center's (NCCIC) analysis of the "NotPetya" malware variant.

  • Systems Affected

    All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

  • Microsoft has released updates to address vulnerabilities affecting Microsoft Office. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

    US-CERT encourages users and administrators to review the following Microsoft security advisories and apply the necessary updates:

  • WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.