Malawi CERT

MWCERT Hosts MDF Command And Staff College Students

  MACRA’s Malawi Computer Emergency Response Team (mwCERT) had the pleasure to host an educational tour for students from Malawi Defence Force Command and Staff College students in Lilongwe to strengthen awareness and preparedness in addressing emerging security threats.. Held under the theme “Confronting the Unknown: Strategies to Counter Emerging Transnational Security Threats”, the tour […]

MWCERT Hosts MDF Command And Staff College Students Read More »

MWCERT Takes Part In The Africa Regional Cyberdrill

  The Malawi Computer Emergency Response Team (mwCERT) has enhanced its cyber security skills through the thirteenth edition of the regional Cyberdrill for Africa Region taking place in Brazzaville, Republic of Congo. The four-day drill organised by International Telecommunication Union (ITU) and Interpol aimed at strengthening cyber security readiness in the African region.  The meeting 

MWCERT Takes Part In The Africa Regional Cyberdrill Read More »

MWCERT Takes Part In The National Youth Summit 2025

MACRA mentored over 600 youth leaders through a partnership with the National Youth Council of Malawi (NYCOM) at the ongoing 2025 National Youth Summit in Lilongwe. The summit, which drew participants from Malawi’s 28 districts and international delegates, provided a platform to empower young people with digital skills, innovation opportunities, and leadership mentorship. An Incident

MWCERT Takes Part In The National Youth Summit 2025 Read More »

Data Protection Authority Engages Government Institutions In a Data Protection Awareness Drive

MACRA through the Data Protection Authority (DPA) has engaged Government Institutions in a Data Protection Awareness drive to enhance data privacy and security in Malawi’s public sector. During the meeting in Lilongwe, MACRA Board Director Mr Isaac Songea, stressed the importance of safeguarding personal data in today’s digital era: “Personal data is one of the

Data Protection Authority Engages Government Institutions In a Data Protection Awareness Drive Read More »

SonicWall has revealed that two security flaws impacting its SMA100 Secure Mobile Access appliances have been exploited

EXPLOIT This flaws were being exploited by use of the following CVEs CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability CVE-2024-38475 (CVSS score: 9.8)

SonicWall has revealed that two security flaws impacting its SMA100 Secure Mobile Access appliances have been exploited Read More »

MACRA hosts a Validation Workshop on the Data Protection Regulations

MACRA hosted a Validation Workshop on the Data Protection Regulations and proposed registration fees for Data Controllers and Data Processors of Significant Importance at the Bingu International Convention Centre (BICC). This important workshop is platform where we are discussing stakeholder comments on the draft regulations as read with the Authority’s determination which has informed the

MACRA hosts a Validation Workshop on the Data Protection Regulations Read More »

Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

BACKGROUND Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. RECOMMENDATION To mitigate the risk posed by such attacks, clients are advised to apply a Conditional Access policy to all Microsoft 365, Dynamics

Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach Read More »

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

BACKGROUND Researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging functionality that can report back to a

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers Read More »

Scroll to Top
Skip to content