Alerts & Advisories

Ongoing Ransomware Campaign Actively Exploiting a Vulnerability in Fortra’s GoAnywhere

There is an ongoing ransomware campaign actively exploiting a vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere Managed File Transfer (MFT), a system that allows companies to securely transfer huge sets of data and other large files.

Critical Vulnerability in WooCommerce Payments

WooCommerce has released security updates addressing a critical vulnerability in its WooCommerce Payments plugin.

Importance of Using Secure Multi-Factor Authentication Methods

As cyber-attacks become more prevalent and sophisticated, relying solely on passwords to secure users’ online accounts may no longer be sufficient.

Security Bulletin 22 Mar 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Critical Vulnerability in Microsoft Outlook for Windows

Microsoft has released security updates to address a critical vulnerability in Microsoft Outlook for Windows (CVE-2023-23397). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Critical Vulnerabilities in Adobe ColdFusion

Adobe has released security updates to address critical vulnerabilities (CVE-2023-26359 and CVE-2023-26360) in ColdFusion.

Critical Vulnerabilities in SAP Products

SAP has released security updates addressing vulnerabilities (CVE-2023-25616, CVE-2023-23857, CVE-2023-27269, CVE-2023-27500 and CVE-2023-25617) in SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver Application Server.

March 2023 Monthly Patch

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Security Bulletin 15 Mar 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

High-Severity Vulnerability in Cisco IOS XR Software

Cisco has released security updates to address a high-severity vulnerability (CVE-2023-20049) in their IOS XR Software for ASR 9000 Series Routers.

Multiple Vulnerabilities in Jenkins Server and Update Centre

Jenkins has released security updates addressing multiple high-severity vulnerabilities (CVE-2023-27898 and CVE-2023-27899) in the Jenkins Server and Update Centre.

Critical Vulnerability in IBM Instana's Products

IBM has released security updates addressing a critical vulnerability (CVE-2023-27290) in their Instana's products.

Critical Vulnerability in Fortinet's FortiOS and FortiProxy Products

Fortinet has released security updates addressing a critical vulnerability (CVE-2023-25610) in their FortiOS and FortiProxy products.

Critical Vulnerabilities in Android Operating System

Google has released security updates to address multiple critical vulnerabilities (CVE-2023-20951 and CVE-2023-20954) for devices running Android versions 11, 12, and 13.

Security Bulletin 8 Mar 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Critical Vulnerability in Cisco IP Phones

Cisco has released software updates to address a critical vulnerability in the web-based management interface of certain Cisco IP Phones.

Critical Vulnerabilities in ArubaOS

Aruba Networks has released security updates addressing multiple critical vulnerabilities in the ArubaOS.

Security Bulletin 1 Mar 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

[Updated] Multiple Vulnerabilities in Sophos Firewall

Sophos has released hotfixes to address multiple critical and high severity vulnerabilities found in their firewalls that is reported to be exploited in the wild.

Active Exploitation of Critical Vulnerabilities in WordPress Plugin Houzez

There have been recent reports of active exploitation of two critical vulnerabilities (CVE-2023-26540 and CVE-2023-26009) affecting Houzez, a WordPress plugin.