Advisories & Alerts

  • [SingCERT] Alert on Windows DNS Server Vulnerability CVE-2018-8626 13 December 2018

    A Domain Name System (DNS) is a naming system for the Internet that translates readable domain names to information such as Internet Protocol (IP) addresses. A Microsoft Windows server, such as a domain controller, is typically configured as a DNS server by default. A remote code execution vulnerability in the Windows DNS server implementation has been reported and assigned the CVE number CVE-2018-8626. This vulnerability has a Common Vulnerability Scoring System score of 9.8 out of 10.

  • [SingCERT] Alert on EternalSilence, a New Variant of EternalBlue and EternalRed Abusing UPnP Services on Routers 05 December 2018

    Akamai researchers have recently published their observations on how a router feature known as Universal Plug and Play (UPnP) was being abused by attackers to conceal traffic, creating a proxy system dubbed as "UPnProxy". UPnProxy can be leveraged to distribute spam, malware and launch DDoS attacks.

    Attackers are known to make unauthorised changes to (i) the affected router’s Network Address Translation table, (ii) remap its port forwarding settings to proxy malicious traffic and; (iii) leverage its UPnP feature to enable remote connections to the affected router.

  • [SingCERT] Alert on Adobe Flash Player Vulnerability (CVE-2018-15981) 22 November 2018

    Adobe has released security updates for Adobe Flash Player for Windows, Macintosh Operating System (MacOS), Linux and Chrome Operating Systems (OS). The vulnerability occurs because the interpreter code of the Action Script Virtual Machine does not reset when an exception is caught. This leads to a “type confusion” bug, resulting in the possibility of a remote code execution. The security updates address this critical vulnerability (CVE-2018-15981) in Adobe Flash Player.

  • [SingCERT] Festive Shopping Advisory for Shoppers and Online Merchants 10 November 2018

    As the holiday season is fast approaching, more people are going online to shop for gifts and make their travel plans. There are also a series of promotions for Singles' Day, Thanksgiving, Black Friday and Cyber Monday to entice shoppers.

    For an enjoyable shopping experience, SingCERT advises members of the public to be more cautious of possible online threats.

  • [SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845) 08 November 2018

    Nginx is a free, open-source and high-performance web server used in over 14 million sites, including websites of companies such as Dropbox, Netflix, and Wordpress.com.

    Nginx has announced security patches for three vulnerabilities, which can result in a Denial of Service (DoS) and/or Data Exfiltration.

  • [SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031) 08 November 2018

    Apache Struts is a popular open-source Java-based web application framework used for developing many enterprise web applications globally.

    Apache Software Foundation released new versions of its Apache Struts 2 framework to address a Remote Code Execution (RCE) vulnerability in the commons-fileupload library, which used in the built-in file upload mechanism.

  • [SingCERT] Technical Advisory on Vulnerabilities in Bluetooth Low Energy Chips by Texas Instruments (CVE-2018-16986 and CVE-2018-7080) 05 November 2018

    Security researchers have discovered two vulnerabilities dubbed “BLEEDINGBIT” in the Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI).

    CVE-2018-16986 is a buffer overflow vulnerability that occurs when processing malformed BLE frames, causing memory corruption. This vulnerability can be exploited if the attacker is within the Bluetooth range from the targeted devices with both the BLE feature and scanning mode enabled.

    CVE-2018-7080 is a vulnerability that exists when the Over-the-Air firmware download (OAD) feature is not properly configured to address secure firmware updates.

  • [SingCERT] Alert on Drupal Critical Vulnerabilities 24 October 2018

    Drupal is a content management software that is used by numerous companies around the world to manage content and host websites. There are over one million sites using Drupal including popular websites such as NBC, Fox, The Economist, Twitter, and Pinterest.

    Drupal has announced security patches for five vulnerabilities, including two critical vulnerabilities. The first critical vulnerability allows attackers to inject commands into the default mail function, which could lead to remote code execution. The second critical vulnerability involves insufficient validation in the Contextual Links module, which could also result in remote code execution.

  • [SingCERT] Alert on Multiple Security Vulnerabilities in Oracle's Enterprise Products 18 October 2018

    Oracle has released a critical patch update for October 2018 to address 301 security vulnerabilities across its various enterprise products, including Database, E-Business Suite, and Fusion Middleware packages. Of the 301 vulnerabilities, 45 vulnerabilities have a Common Vulnerability Score System (CVSS) severity base score of 9.8 (on a scale of 10) and one vulnerability (CVE-2018-2913) has a maximum severity base score of 10.

    CVE-2018-2913 is a vulnerability in the Monitoring Manager component of Oracle GoldenGate. Oracle GoldenGate is a data replication framework that can work with large quantities of information in real-time. This vulnerability can be easily exploited by an unauthenticated attacker with network access via Transmission Control Protocol (TCP).

  • [SingCERT] Alert on Linksys E Series Routers Vulnerabilities (CVE-2018-3953, CVE-2018-3954, and CVE-2018-3955) 18 October 2018

    Linksys E Series is a line of routers designed for small businesses and home offices. The routers are designed to connect home computers, internet-ready TVs, game consoles, smartphones and other devices to the Wi-Fi network. Three vulnerabilities (CVE-2018-3953, CVE-2018-3954, and CVE-2018-3955) were discovered in the Linksys E Series line of routers. Successful exploitation of these vulnerabilities via specially crafted requests to the network configuration could allow attackers to perform arbitrary code execution.