Advisories & Alerts

[SingCERT] Alert on Vulnerability in Oracle Database Server (CVE-2018-3110) 16 August 2018

Oracle has announced a critical patch update to address a Vulnerability (CVE-2018-3110) found in the Oracle Database Server. This flaw affects the Java Virtual Machine component.
This vulnerability has a Common Vulnerability Score System (CVSS) severity base score of 9.9 out of 10.

[SingCERT] Alert on Vulnerability in Oracle WebLogic Server (CVE-2018-2893) 27 July 2018

Oracle WebLogic Server (WLS) is a Java Enterprise Edition Application server by Oracle Corporation.

Oracle announced a critical patch update to address a Vulnerability (CVE-2018-2893) found in its WebLogic Server after researchers reported the flaw. This flaw affects the product’s WLS Core Components subcomponent.

This vulnerability (CVE-2018-2893) has a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of the maximum 10.

[SingCERT] Alert on Intel Management Engine Vulnerabilities (CVE-2018-3627, CVE-2018-3628, CVE-2018-3629 & CVE-2018-3632) 26 July 2018

Intel has issued security advisories to address vulnerabilities found in Intel Management Engine (IME). Four high-severity vulnerabilities were identified which require immediate attention.

Precautionary Measures to Take In View of the SingHealth Incident 20 July 2018

SingHealth’s database containing patient personal particulars and outpatient dispensed medicines has been the target of a major cyberattack. About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth. The records were not tampered with, i.e. no records were amended or deleted.

[SingCERT] Technical Advisory on Measures For Protecting Customers’ Personal Data 20 July 2018

SingHealth’s database containing patient personal particulars and outpatient dispensed medicines has been the target of a major cyberattack. About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth. The records were not tampered with, i.e. no records were amended or deleted.

[SingCERT] Alert on Cisco Security Updates (CVE-2018-0369 & CVE-2018-0341) 13 July 2018

Cisco has announced the release of several security updates to address vulnerabilities affecting its operating system and other products.

Two high-severity vulnerabilities were identified which require immediate attention.

CVE-2018-0369 is an IPv4 fragmentation denial of service (DoS) vulnerability affecting Cisco products running on StarOS. StarOS powers next generation mobile networks which support everything from tablets and smartphones to IoT deployments. StarOS gives users the flexibility and dynamic resource allocation for mobile services and networks. This vulnerability can be exploited by sending malicious IPv4 packets across an affected device. An exploit could allow an unauthenticated, remote explorer to trigger a reload of the npusim process, resulting in a DoS condition and possible service disruptions.

CVE-2018-0341 is a web-based user interface (UI) command injection vulnerability affecting Cisco IP Phone 6800, 7800, and 8800 series with Multiplatform Firmware. The vulnerability can be triggered by remotely executing commands with the privileges of the web server. Successful attackers can then eavesdrop on conversations, intercept rich media data, place phone calls and more.

[SingCERT] Alert on WordPress 4.9.7 Security Release 12 July 2018

WordPress is one of the most widely deployed content management system (CMS) used by millions of websites. On 5 July 2018, WordPress released a security and maintenance update to fix an arbitrary file deletion vulnerability that has been discovered in WordPress versions 4.9.6 and earlier. The vulnerability allows attackers with file upload privileges, “Author” or higher, to delete files outside of the uploads directory, which can compromise the website.

[SingCERT] Alert on Misconfigured Geth Ethereum Client 19 June 2018

On 11 June 2018, Qihoo 360 reported that a group of hackers had stolen over $20 million worth of Ethereum, which is a form of cryptocurrency. The cause of these thefts is due to a misconfiguration of the Geth Ethereum client, exposing a Remote Procedure Call (RPC) interface on port 8545. This interface grants access to sensitive functions, allowing hackers to obtain private keys, move funds and retrieve owner's personal details.

[SingCERT] Alert on "SigSpoof" Email Encryption and Digital Signature Vulnerability (CVE-2018-12020) 19 June 2018

A security researcher discovered a vulnerability affecting email clients that use GnuPG (Gnu Privacy Guard) for email encryption and digital signature. GnuPG (aka. GPG) is a complete and free implementation of the OpenPGP (Open Pretty Good Privacy) security standard. It enables users to secure their data communication with strong encryption and digital signatures.

Dubbed as "SigSpoof" by the researcher, the improper sanitisation of filenames allows an attacker to insert fake GnuPG status messages into the application parser to imitate signature verification and message decryption results. The resultant spoof signed and/or encrypted messages are able to bypass application verifications.

[SingCERT] Alert on Critical Microsoft Vulnerabilities CVE-2018-8267, CVE-2018-8225 & CVE-2018-8231 14 June 2018

Microsoft has announced the release of several security patches to address vulnerabilities affecting its Operating System and other products.

Three critical vulnerabilities were identified and require immediate attention.

CVE-2018-8267 is a memory corruption vulnerability affecting Microsoft Internet Explorer. This vulnerability can be triggered when it fails to properly handle errors, allowing an attacker to execute arbitrary code.

CVE-2018-8225 is a critical Windows Domain Name Server API (DNSAPI) remote code execution vulnerability that exists in Windows DNS. The vulnerability can be exploited by sending a corrupted DNS response to a targeted system.

CVE-2018-8231 is a critical Hypertext Transfer Protocol (HTTP) stack memory vulnerability that can be exploited by sending a malicious packet to a targeted system, allowing an attacker to execute arbitrary code.