Advisories & Alerts

  • [SingCERT] Microsoft August 2019 Patch Tuesday 14 August 2019

    Microsoft has announced the release of 96 security patches to address vulnerabilities affecting its operating system and other products.

  • [SingCERT] Alert on WordPress Auto-Update Policy 13 August 2019

    The WordPress development team will introduce a new auto-update policy that affects WordPress versions v3.7 to v4.6 to address security issues affecting about 11.7% of all WordPress sites.

    At present, the oldest secured version is v4.7; older versions are susceptible to multiple vulnerabilities such as the injection of malicious scripts.

    The implementation plan will be rolled out in incremental phases. WordPress targets to auto-update v3.7 to the minimum supported version v4.7 first, and subsequently versions v3.8 up to v4.6. Site owners will be given the option to opt out of this auto-update policy and manually update their respective sites.

    If a website fails to auto-update properly, it will roll back, and the site owner will receive an email notification from WordPress informing them to manually update to the latest version.

  • [SingCERT] Critical RCE Vulnerability (CVE-2019-1579) in Palo Alto Gateway 23 July 2019

    A critical remote code execution vulnerability (CVE-2019-1579) was found in Palo Alto GlobalProtect Portal and GlobalProtect Gateway interface products. CVE-2019-1579 is a pre-authentication format string vulnerability where it could be exploited by sending a specially crafted request to the vulnerable Secure Sockets Layer (SSL) Virtual Private Network (VPN) Gateway.

    There have been reports of threat actors targeting organisations around the world by using this vulnerability.

  • [SingCERT] High-Severity Vulnerability in Iomega and LenovoEMC Products 19 July 2019

    A high-severity vulnerability (CVE-2019-6160) was found in Iomega and LenovoEMC Network-attached Storage (NAS) products.

  • [SingCERT] Microsoft July 2019 Patch Tuesday 10 July 2019

    Microsoft has announced the release of 77 security patches to address vulnerabilities affecting its operating system and other products.

  • [SingCERT] High-Severity Vulnerabilities in Cisco Products 05 July 2019

    Background
    Cisco has released security updates to address vulnerabilities found in multiple Cisco products.

    Ten high-severity vulnerabilities were identified and they require immediate attention.

  • [SingCERT] Microsoft Office's Excel Attack Vector 02 July 2019

    Security researchers have discovered a new security loophole in Microsoft Office's Excel program. Attackers can exploit a feature found in Excel called Power Query, to launch a remote Dynamic Data Exchange (DDE) attack on an Excel spreadsheet.

  • [SingCERT] Magento Commerce and Open Source Security Update 28 June 2019

    Magento has announced the release of 75 security patches to address vulnerabilities affecting its Magento Commerce and Open Source products.

  • [SingCERT] Alert on New Silex Malware on IoT Devices 27 June 2019

    A new Internet of Things (IoT) malware, dubbed Silex, is affecting IoT devices such as routers and IP cameras with telnet (port 23) service running on its Internet-facing interface.

    The malware attempts to gain access to IoT devices by using default and widely-used telnet credentials, and corrupts the device by filling its storage, removing its firewall and network configurations, and halting the device, thus rendering it unusable.

  • [SingCERT] Alert on Multiple Linux Vulnerabilities 19 June 2019

    Multiple vulnerabilities were found in the Linux-based operating systems. Its kernel handling Transmission Control Protocol (TCP) networking can be exploited by attackers remotely to trigger a Denial of Service (DoS) condition in vulnerable systems.