Advisories & Alerts

  • [SingCERT] Advisory on Multiple Security Vulnerabilities Affecting D-Link DIR-800 Series Routers 15 September 2017

    On 8th and 12th September 2017, security researchers publicly disclosed details of multiple vulnerabilities affecting D-Link DIR-800 series of routers.

  • [SingCERT] Alert on Apache Struts2 Remote Code Execution Vulnerability (S2-052) 06 September 2017

    Apache Struts is a popular, free, open-source web application framework for developing Java web applications. Struts is well-known for its extensible "plug-in" architecture.

    On 5th September 2017, the Apache Software Foundation announced that a critical security vulnerability (S2-052) was discovered in its Apache Struts project, which allows possible remote code execution (RCE) due to the lack of input validation or sanitization in Struts REST plugin.

  • [SingCERT] ShadowPad Backdoor Spreads in Corporate Networks Through Software Update Mechanism 25 August 2017

    On 15 August 2017, Kaspersky Labs reported that they had discovered suspicious DNS requests in a partner's network. Further investigation showed that the source of the suspicious DNS queries was from a software package produced by NetSarang. Kaspersky Labs named the threat ShadowPad. SingCERT understands that the attacks occurred in Hong Kong, but the ShadowPad backdoor could be dormant in many other systems worldwide, if users have not updated to the latest version of the affected software.

  • [SingCERT] Increase in Defacements Affecting Singapore-hosted Websites 09 August 2017

    SingCERT has observed an increase in defacement activities affecting websites hosted in Singapore in early August 2017. A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. This is usually done by exploiting an unpatched vulnerability.

  • [SingCERT] Alert on Apache Struts2 Remote Code Execution Vulnerability 14 July 2017

    Apache Struts is a popular, free, open-source web application framework for developing Java web applications. Struts is well-known for its extensible "plug-in" architecture.

    On 9th July 2017, the Apache Software Foundation announced that a high-risk security vulnerability (S2-048) was discovered in its Apache Struts project, which allows possible remote code execution (RCE) in Struts 2.3.x with Struts 1 plugin and Struts 1 action.

  • [SingCERT] Alert on ISC Bind Vulnerabilities 08 July 2017

    Berkeley Internet Name Domain (BIND) is a DNS implementation solution developed by the Internet Software Consortium (ISC) that is widely used in Unix and Linux operating systems. A Domain Name System or Service or Server (DNS) acts like yellow pages for the Internet. It is used to resolve domain names such as google-public-dns-a.google.com into IP addresses like 8.8.8.8 so that they can be directed to the correct sites.

    Earlier this week, a security researcher reported two severe vulnerabilities in ISC BIND that can be remotely exploited. Details of the reported vulnerabilities are explained in CVE-2017-3142 and CVE-2017-3143 (see links below). As the associated exploit codes have also been posted online, many unpatched Internet-facing ISC BIND DNS servers are at risk.

  • [SingCERT] Technical Advisory on Petya/Petna Ransomware 28 June 2017

    On 27th June 2017, SingCERT was alerted to the occurrence of a Petya variant also known as Petna, which has impacted organisations in Ukraine and other parts of Europe. Petya/Petna works by modifying Window’s Master Boot Record (MBR), causing the system to crash. It uses the ETERNALBLUE exploit tool to accomplish this, which is a similar exploit to that of the WannaCrypt/WannaCry ransomware.

  • [SingCERT] Alert on Global Spread of Ransomware Petya/Petna 28 June 2017

    On 27th June 2017, SingCERT was alerted to a new variant of the Petya malware known as Petna, which spreads via the Microsoft Windows SMB protocol based on the ETERNALBLUE exploit. This is a similar exploit to the WannaCrypt/WannaCry ransomware earlier in May 2017. It was reported globally that multiple organisations, including government agencies and critical information infrastructure operators experienced network outages.

  • [SingCERT] Increase in Occurrence of Phishing Emails from 'Logistics' Companies 23 June 2017

    Recently, SingCERT has noted an increase in the number of reports on phishing emails sent from fake logistics companies.

    Phishing is one of the simplest and more effective ways of obtaining sensitive information from users. The information includes passwords, bank account details and credit card details. A phishing email works by preying on the curiosity of users, convincing them to click on suspicious links or opening file attachments. Phishing emails are becoming increasingly well-written and appear legitimate. Hence, users need to exercise caution.

  • [SingCERT] Fake Mobile Apps 15 June 2017

    With the global wide-spread infection of a ransomware known as “WannaCry” aka WanaCryptor, fake mobile apps in Google Play are emerging to promise protection from the ransomware. However, the “WannaCry” ransomware does not target phones. These fake mobile apps disguised as anti-virus apps actually contain malware.