Advisories & Alerts

[SingCERT] Festive Shopping Advisory for Shoppers and Online Merchants 10 November 2018

As the holiday season is fast approaching, more people are going online to shop for gifts and make their travel plans. There are also a series of promotions for Singles' Day, Thanksgiving, Black Friday and Cyber Monday to entice shoppers.

For an enjoyable shopping experience, SingCERT advises members of the public to be more cautious of possible online threats.

[SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845) 08 November 2018

Nginx is a free, open-source and high-performance web server used in over 14 million sites, including websites of companies such as Dropbox, Netflix, and Wordpress.com.

Nginx has announced security patches for three vulnerabilities, which can result in a Denial of Service (DoS) and/or Data Exfiltration.

[SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031) 08 November 2018

Apache Struts is a popular open-source Java-based web application framework used for developing many enterprise web applications globally.

Apache Software Foundation released new versions of its Apache Struts 2 framework to address a Remote Code Execution (RCE) vulnerability in the commons-fileupload library, which used in the built-in file upload mechanism.

[SingCERT] Technical Advisory on Vulnerabilities in Bluetooth Low Energy Chips by Texas Instruments (CVE-2018-16986 and CVE-2018-7080) 05 November 2018

Security researchers have discovered two vulnerabilities dubbed “BLEEDINGBIT” in the Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI).

CVE-2018-16986 is a buffer overflow vulnerability that occurs when processing malformed BLE frames, causing memory corruption. This vulnerability can be exploited if the attacker is within the Bluetooth range from the targeted devices with both the BLE feature and scanning mode enabled.

CVE-2018-7080 is a vulnerability that exists when the Over-the-Air firmware download (OAD) feature is not properly configured to address secure firmware updates.

[SingCERT] Alert on Drupal Critical Vulnerabilities 24 October 2018

Drupal is a content management software that is used by numerous companies around the world to manage content and host websites. There are over one million sites using Drupal including popular websites such as NBC, Fox, The Economist, Twitter, and Pinterest.

Drupal has announced security patches for five vulnerabilities, including two critical vulnerabilities. The first critical vulnerability allows attackers to inject commands into the default mail function, which could lead to remote code execution. The second critical vulnerability involves insufficient validation in the Contextual Links module, which could also result in remote code execution.

[SingCERT] Alert on Multiple Security Vulnerabilities in Oracle's Enterprise Products 18 October 2018

Oracle has released a critical patch update for October 2018 to address 301 security vulnerabilities across its various enterprise products, including Database, E-Business Suite, and Fusion Middleware packages. Of the 301 vulnerabilities, 45 vulnerabilities have a Common Vulnerability Score System (CVSS) severity base score of 9.8 (on a scale of 10) and one vulnerability (CVE-2018-2913) has a maximum severity base score of 10.

CVE-2018-2913 is a vulnerability in the Monitoring Manager component of Oracle GoldenGate. Oracle GoldenGate is a data replication framework that can work with large quantities of information in real-time. This vulnerability can be easily exploited by an unauthenticated attacker with network access via Transmission Control Protocol (TCP).

[SingCERT] Alert on Linksys E Series Routers Vulnerabilities (CVE-2018-3953, CVE-2018-3954, and CVE-2018-3955) 18 October 2018

Linksys E Series is a line of routers designed for small businesses and home offices. The routers are designed to connect home computers, internet-ready TVs, game consoles, smartphones and other devices to the Wi-Fi network. Three vulnerabilities (CVE-2018-3953, CVE-2018-3954, and CVE-2018-3955) were discovered in the Linksys E Series line of routers. Successful exploitation of these vulnerabilities via specially crafted requests to the network configuration could allow attackers to perform arbitrary code execution.

[SingCERT] Alert on PHP 5.6 and 7.0 End-of-Life 16 October 2018

Hypertext Preprocessor (PHP) is a programming language designed for use in web-based applications with Hypertext Markup Language (HTML) content. PHP supports a wide variety of platforms and is used by numerous web-based software applications such as WordPress.

PHP versions 5.6 and 7.0 will no longer be supported from 31 December 2018 and 3 December 2018 onwards. The deadlines will not be extended and it is critical that PHP based websites are upgraded to ensure that security support is provided.

[SingCERT] Alert on Multiple Vulnerabilities in PHP 16 October 2018

Hypertext Preprocessor (PHP) is a programming language designed for use in web-based applications with Hypertext Markup Language (HTML) content. PHP supports a wide variety of platforms and is used by numerous web-based software applications such as WordPress.

[SingCERT] Updated Advisory on Ransomware 13 October 2018

Ransomware is a prevalent cyber threat to businesses and individuals. This advisory provides updated information on ransomware and additional measures organisations, businesses and members of public can take to prevent and recover from this threat.

Ransomware is a type of malware that holds a victim’s files, computer system or mobile device ransom, restricting access until a ransom is paid. Some ransomware variants are also known to traverse across the network and encrypt all files stored in shared and/or network drives. By encrypting these files with a strong encryption, these files are rendered irrecoverable unless a decryption key is obtained.