CYBERSECURITY TECHNICAL TRAINING AND DRILL 2025 UNDER THE THEME "CYBER STORM: DEFEND, RECOVER & SECURE"

PARTICIPANTS HONORED WITH APPRECIATION PLAQUES, RECEIVED ON BEHALF OF THEIR OPERATORS, FOR ATTENDING THE CYBERSECURITY TECHNICAL TRAINING.

THE CERT HOSTED THE 5TH ANNUAL CEO CYBERSECURITY BREAKFAST ON JULY 3RD 2025, THE EVENT BROUGHT TOGETHER CEO'S AND CTOS FROM THE COMMUNICATIONS SECTOR TO DISCUSS THE PAST WINS MADE IN REGARD TO CYBERSECURITY AND FUTURE CYBER VISIONS.

PANEL DISCUSSION AT THE 5TH ANNUAL CYBERSECURITYCEO BREAKFAST UNDER THE THEME, THE CEO'S STRATEGIC EDGE: BRIDGING PAST WINS WITH FUTURE CYBER VISIONS.

UCC BOARD CHAIR, DR. CHARITY BASAZA MULENGA HANDS AN APPRECIATION AWARD TO MS.AUDREY MNISI - FORUM OF INCIDENT RESPONSE AND SECURTITY TEAMS (FIRST) REPRESENTATIVE, WHO WAS THE KEYNOTE SPEAKER AT THE 5TH CEO CYBERSECURITY BREAKFAST 2025.

THE CERT HOSTED THE 4TH ANNUAL CEO CYBERSECURITY BREAKFAST ON JULY 25TH 2024, BRINGING TOGETHER CEOs FROM THE COMMUNICATIONS SECTOR AND LEADERS FROM OTHER KEY INDUSTRIES TO DISCUSS THE LATEST TRENDS, RISKS AND STRATEGIES IN CYBERSECURITY.

THE PANELISTS EXPLORED THE CEO BREAKFAST THEME, "CYBERSECURITY AS A COMPETITIVE ADVANTAGE: ROBUST CYBERSECURITY MEASURES AS A CATALYST FOR INNOVATION AND COMPETITIVE EDGE," BY ADDRESSING A SERIES OF THOUGHT-PROVOKING QUESTIONS.

The Communications sector CERT serves the Communications sector in Uganda which includes licensed Telecommunications service providers, Internet Service Providers, and consumers of their services.

THE UGANDA COMMUNICATIONS COMMISSION ESTABLISHED THE CERT IN JUNE 2013 IN PARTNERSHIP WITH THE INTERNATIONAL TELECOMMUNICATIONS UNION (ITU) WITH ITS CONSTITUENTS BEING LICENSED OPERATORS, INTERNET SERVICE PROVIDERS AND CONSUMERS OF THEIR SERVICES.

Advisories
May 7, 2026 UCC-CERT-AD-26-006: CVE-2026-33032: Critical Authentication Bypass Vulnerability in Nginx-Ui 
April 22, 2026 UCC-CERT-AD-26-005: CVE-2026-34040: Authorization plugin (AuthZ) vulnerability in Docker Engine 
April 7, 2026 UCC-CERT-AD-26-004: CVE-2025-53521: Remote Code Execution (RCE) vulnerability in the F5 BIG-IP Access Policy Manager (APM).
March 13, 2026 UCC-CERT-AD-26-003: CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability.
February 23, 2026 UCC-CERT-SA-26-001: Global Malware Campaign Abusing Google Services to Deliver Lumma Stealer & Trojanized Ninja Browser

RECENT ADVISORIES

UCC-CERT-AD-26-006: CVE-2026-33032: Critical Authentication Bypass Vulnerability in Nginx-Ui 

May 7, 2026 0

Overview   CVE-2026-33032 is a critical authentication bypass vulnerability affecting Nginx UI, a web-based interface used to manage Nginx configurations. The flaw exists in the Model Context Protocol integration, where the /mcp_message endpoint does not enforce authentication and relies only on an IP whitelist that is empty by default. This fail-open behavior can allow…

UCC-CERT-AD-26-005: CVE-2026-34040: Authorization plugin (AuthZ) vulnerability in Docker Engine 

April 22, 2026 0

Overview   The vulnerability lies in how the Docker daemon handles large HTTP request bodies when interacting with Authorization Plugins (AuthZ) such as OPA or Prisma Cloud. By sending a request larger than 1MB, an attacker can trick the daemon into forwarding an empty request body to the security plugin. The plugin, seeing an empty…

UCC-CERT-AD-26-004: CVE-2025-53521: Remote Code Execution (RCE) vulnerability in the F5 BIG-IP Access Policy Manager (APM).

April 7, 2026 0

Overview This vulnerability exists in the data plane of BIG-IP systems where the APM module is active. It allows a remote, unauthenticated attacker to send specially crafted malicious traffic to a virtual server configured with an APM access policy. This triggers an execution path in the apmd process, leading to arbitrary code…

UCC-CERT-AD-26-003: CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability.

March 13, 2026 0

Overview CVE-2026-20127 is a vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism…

Report an Incident

Incidents, Phishing, Malware, or Vulnerabilities

Click here

Member Of

ITU
Africa Cert
First
Tanzania
Egypt

Contact Info

The Computer Emergency Response Team

Colville Street, Communications House

P.O. Box 7376
Kampala, Uganda

Tel: + 256 414 339000/ 312 339000
Fax: + 256 414 348832
E-mail: cert@ucc.co.ug

Useful links

Subscribe to our Newsletters

© 2023 . All Rights Reserved by Uganda Communications Commission.