Advisories & Alerts

  • [SingCERT] Alert on Multiple Vulnerabilities Affecting Wi-Fi Protected Access 2 (WPA2) Protocol 17 October 2017

    Background

    Wi-Fi Protected Access 2 (WPA2) is a security protocol developed by the Wi-Fi Alliance to enhance the security of the commonly used Wi-Fi networks.

    On 16th October 2017, a researcher publicly disclosed multiple vulnerabilities found in WPA2 protocol. These vulnerabilities may affect the data confidentiality of users' Wi-Fi connectivity in homes and offices.

  • [SingCERT] Alert on Multiple Dnsmasq Vulnerabilities (CVE-2017-14491 to CVE-2017-14496) 04 October 2017

    Dnsmasq is a software that is able to perform roles such as being a Domain Name System (DNS) forwarder, Dynamic Host Configuration Protocol (DHCP) server, router advertisements, and network booting for computer networks. It is included in most Linux distributions and the ports systems of Berkeley Software Distribution (BSD) Unix and is widely used on the Internet and in private networks.

  • [SingCERT] Advisory on Multiple Security Vulnerabilities Affecting D-Link DIR-800 Series Routers 30 September 2017

    On 8th and 12th September 2017, security researchers publicly disclosed details of multiple vulnerabilities affecting D-Link DIR-800 series of routers.

  • [SingCERT] Alert on Two Apache Tomcat Security Vulnerabilities (CVE-2017-12615 and CVE-2017-12616) 24 September 2017

    On 19 September 2017, the Apache Software Foundation announced two important security vulnerabilities (CVE-2017-12615 and CVE-2017-12616) in its Apache Tomcat 7.0.x which could lead to remote code execution (RCE).

    Apache Tomcat is an open-source HTTP server and Java servlet container developed by the Apache Software Foundation. Many Internet websites employ Apache Tomcat to serve Java Servlets and Java Server Pages.

  • [SingCERT] Alert on Apache Struts2 Remote Code Execution Vulnerability (S2-052) 06 September 2017

    Apache Struts is a popular, free, open-source web application framework for developing Java web applications. Struts is well-known for its extensible "plug-in" architecture.

    On 5th September 2017, the Apache Software Foundation announced that a critical security vulnerability (S2-052) was discovered in its Apache Struts project, which allows possible remote code execution (RCE) due to the lack of input validation or sanitization in Struts REST plugin.

  • [SingCERT] ShadowPad Backdoor Spreads in Corporate Networks Through Software Update Mechanism 25 August 2017

    On 15 August 2017, Kaspersky Labs reported that they had discovered suspicious DNS requests in a partner's network. Further investigation showed that the source of the suspicious DNS queries was from a software package produced by NetSarang. Kaspersky Labs named the threat ShadowPad. SingCERT understands that the attacks occurred in Hong Kong, but the ShadowPad backdoor could be dormant in many other systems worldwide, if users have not updated to the latest version of the affected software.

  • [SingCERT] Increase in Defacements Affecting Singapore-hosted Websites 09 August 2017

    SingCERT has observed an increase in defacement activities affecting websites hosted in Singapore in early August 2017. A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. This is usually done by exploiting an unpatched vulnerability.

  • [SingCERT] Alert on Apache Struts2 Remote Code Execution Vulnerability 14 July 2017

    Apache Struts is a popular, free, open-source web application framework for developing Java web applications. Struts is well-known for its extensible "plug-in" architecture.

    On 9th July 2017, the Apache Software Foundation announced that a high-risk security vulnerability (S2-048) was discovered in its Apache Struts project, which allows possible remote code execution (RCE) in Struts 2.3.x with Struts 1 plugin and Struts 1 action.

  • [SingCERT] Alert on ISC Bind Vulnerabilities 08 July 2017

    Berkeley Internet Name Domain (BIND) is a DNS implementation solution developed by the Internet Software Consortium (ISC) that is widely used in Unix and Linux operating systems. A Domain Name System or Service or Server (DNS) acts like yellow pages for the Internet. It is used to resolve domain names such as google-public-dns-a.google.com into IP addresses like 8.8.8.8 so that they can be directed to the correct sites.

    Earlier this week, a security researcher reported two severe vulnerabilities in ISC BIND that can be remotely exploited. Details of the reported vulnerabilities are explained in CVE-2017-3142 and CVE-2017-3143 (see links below). As the associated exploit codes have also been posted online, many unpatched Internet-facing ISC BIND DNS servers are at risk.

  • [SingCERT] Technical Advisory on Petya/Petna Ransomware 28 June 2017

    On 27th June 2017, SingCERT was alerted to the occurrence of a Petya variant also known as Petna, which has impacted organisations in Ukraine and other parts of Europe. Petya/Petna works by modifying Window’s Master Boot Record (MBR), causing the system to crash. It uses the ETERNALBLUE exploit tool to accomplish this, which is a similar exploit to that of the WannaCrypt/WannaCry ransomware.