Advisories & Alerts

[SingCERT] Microsoft October 2019 Patch Tuesday

Microsoft has announced the release of 60 security patches to address vulnerabilities affecting its Operating System (OS) and other related products.

[SingCERT] Critical Vulnerability CVE-2019-16928 in Exim Mail Server

A critical vulnerability (CVE-2019-16928) was discovered in the Exim mail server, which is an open-source message transfer agent on Internet-facing Unix operating systems (OS).

[SingCERT] High-Severity Vulnerabilities in Cisco Products

Cisco has released security updates to address vulnerabilities found in multiple Cisco products.

Thirteen high-severity vulnerabilities were identified and they require immediate attention.

[SingCERT] New Variant of Technical Support Scams - Scammers claim to investigate cybersecurity issue

SingCERT has received reports that there have been cases whereby members of the public were contacted by call scammers claiming to be investigating a cybersecurity issue.

[SingCERT] Microsoft Out-Of-Band Security Updates (CVE-2019-1367 and CVE-2019-1255)

Microsoft has released two out-of-band security updates to address vulnerabilities discovered in Internet Explorer and Microsoft Defender.
- CVE-2019-1367 - This is a remote code execution vulnerability in Internet Explorer. It exists in the way that the scripting engine mishandles objects in memory, thereby allowing an attacker to execute arbitrary code in the context of the current user. It has a Common Vulnerability Score System (CVSS) v3.0 severity base score of 7.5 out of 10.
- CVE-2019-1255 - This is a denial of service vulnerability that exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to prevent the execution of legitimate system binaries. It has a CVSS v3.0 severity base score of 3.2.

[SingCERT] Microsoft September 2019 Patch Tuesday

Microsoft has announced the release of 80 security patches to address vulnerabilities affecting its Operating System (OS) and other related products.

[SingCERT] Critical Vulnerability (CVE-2019-15846) in Exim Mail Server

A critical vulnerability (CVE-2019-15846) was discovered in the Exim mail server, an open-source message transfer agent on Internet-facing Unix operating systems. It has a Common Vulnerability Score System v3.0 severity base score of 9.8 out of 10.

[SingCERT] Over-The-Air Provision Phishing Attacks Against Android Devices

Researchers from Check Point revealed a security flaw in Android-based devices that leaves the device owner vulnerable to phishing. Affected devices are those that utilise over-the-air (OTA) provisioning. Due to weak authentication method in the OTA, an attacker can pose as a telco to send rogue provisioning messages to subscribers.

[SingCERT] Critical Vulnerability CVE-2019-5869 in Google Chrome

Google has announced a security update to address a critical vulnerability (CVE-2019-5869) found in its Chrome web browser.

A “use-after-free” memory corruption flaw exists in Blink, the rendering engine that powers the Chrome web browser. Blink's primary role is to transform HTML documents and other web page resources into visual representations on users' devices.

[SingCERT] Microsoft August 2019 Patch Tuesday

Microsoft has announced the release of 96 security patches to address vulnerabilities affecting its operating system and other products.