Alerts & Advisories

Critical Vulnerabilities in Ivanti Avalanche

Ivanti has released security updates addressing two critical vulnerabilities (CVE-2024-24996 and CVE-2024-29204) in their Avalanche mobile device management (MDM) products.

Security Bulletin 17 Apr 2024

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Active Exploitation of Critical Vulnerability in Palo Alto Networks PAN-OS Software

Palo Alto Networks has disclosed a critical vulnerability affecting their PAN-OS software used in its GlobalProtect gateways. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10.0 and is reportedly being actively exploited.

How Organisations Can Secure Their Network Attached Storage (NAS) Systems

There have been increasing instances of attackers targeting organisations' Network Attached Storage (NAS) systems. Upon gaining access, the attackers will either encrypt the files within the network by injecting malware into the compromised network, or delete data stored on the NAS system before leaving a ransom note in the system. Therefore, securing your NAS systems is crucial as it safeguards sensitive data from unauthorised access, ensuring confidentiality and integrity.

Active Exploitation of Vulnerabilities in D-Link Products

D-Link has disclosed two vulnerabilities (CVE-2024-3272 & CVE-2024-3273) in their network-attached storage (NAS) devices.

Critical Vulnerability in Rust Standard Library

Rust has released an update to address a critical vulnerability (CVE-2024-24576) affecting the Rust standard library.

Security Bulletin 11 Apr 2024

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Apr 2024 Monthly Patch

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Multiple Vulnerabilities in HTTP/2 Protocol

A security researcher has disclosed a new Denial-of-Service (DoS) attack method which exploits HTTP/2 protocols affected by a class of vulnerabilities, codenamed HTTP/2 CONTINUATION Flood.

Joint Advisory On Ransom Incidents Involving Network Attached Storage (NAS) Systems

The Singapore Police Force (SPF), Personal Data Protection Commission (PDPC) and CSA have issued a joint advisory on ransom incidents involving Network Attached Storage (NAS) systems, detailing the Tactics, Techniques and Procedures (TTPs) employed by the threat actors, how victims can respond to such incidents, and recommended measures to mitigate the threat posed.

Critical Vulnerability in WordPress LayerSlider Plugin

LayerSlider has released updates to address a critical vulnerability (CVE-2024-2879) affecting their LayerSlider plugin for WordPress. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Security Bulletin 03 Apr 2024

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Multiple High Severity Vulnerabilities in Cisco IOS and IOS XE Software

Cisco has released updates addressing multiple high severity vulnerabilities (CVE-2024-20311, CVE-2024-20314, CVE-2024-20307, CVE-2024-20308, CVE-2024-20259, CVE-2024-20303) affecting their IOS and IOS XE Software.

Critical Vulnerability in XZ Utils

Security researchers have disclosed a critical vulnerability in XZ Utils used in Linux distributions. Users and administrators are advised to downgrade to XZ versions 5.4.x or disable SSH services immediately.

Vulnerability Affecting User Datagram Protocol Implementations

Security researchers have disclosed a vulnerability (CVE-2024-2169) affecting implementations of User Datagram Protocol (UDP).

Ongoing Malware Campaign Targeting WordPress Websites

There are reports of an ongoing malware campaign, Sign1, targeting WordPress sites. The campaign entails attackers gaining access to WordPress websites through brute force attacks and exploiting vulnerabilities in their plugins.

Security Bulletin 27 Mar 2024

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Active Exploitation of Critical Vulnerability in JetBrains TeamCity On-Premises

JetBrains has released updates addressing a critical vulnerability (CVE-2024-27198) affecting JetBrains TeamCity On-Premises.

Advisory on Detecting and Responding to Deepfake Scams

Artificial Intelligence (AI) is being used to produce increasingly convincing deepfakes that are indistinguishable even to the trained eye.

Critical Vulnerabilities in Unitronics Products

Unitronics has released security updates to address critical vulnerabilities in their Unistream Unilogic software. Users and administrators of affected product versions are advised to update to the latest versions immediately.