Alerts & Advisories

Active Exploitation of Zero-Day Vulnerabilities in Apple WebKit

Apple has released security updates to address two zero-day vulnerabilities. The vulnerabilities are reportedly being actively exploited. Users of affected Apple's products are advised to update to the latest versions immediately

Active Exploitation of Zero-Day Vulnerability in Google Chrome

Google has released security updates addressing a zero-day vulnerability (CVE-2023-6345) in Google Chrome.

Security Bulletin 29 Nov 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Critical Vulnerabilities in ownCloud File Sharing Application

ownCloud has released security updates to address three critical vulnerabilities in its open source file sharing software. CVE-2023-49103 and CVE-2023-49105 have a Common Vulnerability Scoring System (CVSS) score of 10 out of 10 and 9.8 out of 10 respectively.

Active Exploitation of Critical Vulnerability in Apache ActiveMQ

Apache has released updates to address a critical vulnerability (CVE-2023-46604) in Apache ActiveMQ.

Security Bulletin 22 Nov 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Critical Vulnerability in Fortinet’s FortiSIEM Product

Fortinet has released security updates to address a critical vulnerability (CVE-2023-36553) in their FortiSIEM report server.

Critical Vulnerability in VMWare Cloud Director Appliance

VMWare has released security updates to address a critical vulnerability (CVE-2023-34060) in their VMware Cloud Director Appliance (VCD Appliance).

Nov 2023 Monthly Patch

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Security Bulletin 15 Nov 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Joint Advisory on Protecting Yourself against Malware Scams during the Festive Season

The Cyber Security Agency of Singapore (CSA) and the Singapore Police Force (SPF) have issued a joint advisory to advise the public to stay vigilant against such festive-themed malware scams and how individuals can protect themselves.

Security Bulletin 8 Nov 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Active Exploitation of High Severity Vulnerability in GNU C Library

Security researchers have disclosed a high severity vulnerability, known as Looney Tunables (CVE-2023-4911), in GNU C library which is commonly used in Linux kernel-based systems.

Critical Vulnerabilities in QNAP QTS Operating System and Applications

QNAP has released security updates to address two critical vulnerabilities (CVE-2023-23368 and CVE-2023-23369) that impact multiple versions of the QTS Operating System (OS) and applications on its network-attached storage (NAS) devices.

Critical Vulnerabilities in Veeam ONE

Veeam has released security updates to address two critical vulnerabilities (CVE-2023-38547 and CVE-2023-38548) in their Veeam ONE platform, an IT infrastructure monitoring and analytics platform.

Critical Vulnerability in F5's BIG-IP Traffic Management User Interface (TMUI)

F5 has released security updates to address a critical vulnerability (CVE-2023-46747) in their BIG-IP Traffic Management User Interface (TMUI).

Critical Vulnerability in Atlassian Confluence Data Center and Server

Atlassian has released security updates to address a critical vulnerability (CVE-2023-22518) in their Confluence Data Center and Server products.

Security Bulletin 1 Nov 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

Common Cybersecurity Misconfigurations in Networks

Threat actors often target common cybersecurity misconfigurations in the networks of large organisations to gain unauthorised access, move laterally within the network and carry out various forms of cyberattacks. Addressing these common misconfigurations through proactive security measures, regular assessments, and ongoing monitoring is essential for improving network security in large organisations.

Critical Vulnerability in VMware vCenter Server

VMware has released emergency security updates to address a critical vulnerability in VMware vCenter Server.