Advisories & Alerts

  • [SingCERT] Oracle Critical Patch Update Advisory - October 2013 17 October 2013

    Oracle has released a Critical Patch Update (CPU) for October 2013 to address 127 vulnerabilities across multiple products. This update contains the security fixes.

  • [SingCERT] Vulnerability in USB Internet Modems 04 September 2013

    A vulnerability is discovered in the SMS parser of the dialler software bundled with USB Internet modems. The vulnerability allows an attacker to cause a denial of service (knocking a large number of users offline) to or cause memory corruption and executing arbitrary code.

  • [SingCERT] Adobe Shockwave Player Update 04 September 2013

    Adobe has released a security update for Adobe Shockwave. This update addresses vulnerabilities that could allow an remote attacker can cause arbitrary code to be executed on the affected system.

  • [SingCERT] Apache Struts2 Vulnerability Exploited in the Wild 04 September 2013

    SingCERT has been notified that a recently disclosed Apache Struts2 vulnerability (CVE-2013-2251) is being exploited actively.

  • [SingCERT] Adobe Flash Player Update 04 September 2013

    Adobe has released security updates for Adobe Flash Player to address several vulnerabilities that could cause arbitrary code to be executed on the affected system.

  • [SingCERT] Microsoft Security Bulletin Summary for August 2013 04 September 2013

    Microsoft has released 8 security bulletins for the month of August 2013 to address vulnerabilities in Microsoft Windows, Internet Explorer and Microsoft Exchange Server. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service or information disclosure. MS13-061 is rated as Critical as the vulnerabilities allow an attacker to send the organisation an email and get arbitrary code to run on the Exchange server itself. This exploit is also publicly disclosed. MS13-063 is rated as Important as it affects the Kernel and is publicly disclosed.

  • [SingCERT] Microsoft Security Bulletin Summary for July 2013 04 September 2013

    Microsoft has released 7 security bulletins for the month of July 2013 to address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Office, Visual Studio, Lync, Internet Explorer, and Windows Defender. These vulnerabilities could allow remote code execution or elevation of privilege.

  • Information Security Seminar 2013 02 July 2013

    The theme of the 2013 Seminar is "Security of Our Cyber Environment - Looking to the Future", which centres on sensitising the Public and Private sectors to the security of current technology trends such as cloud computing, mobility, big data management and workplace of the future and generate discussions on the considerations and means to securely adopt such technologies.

  • Defacement of Websites 27 June 2013

    A number of Singapore websites were defaced by hackers recently. It was reported that the defacement was in protest against the outrage voiced out in Singapore in relation to the haze.

  • [SingCERT] Oracle Java Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges 17 April 2013

    Multiple vulnerabilities were reported in Oracle Java. It allows a remote user to execute arbitrary code and a local user can obtain elevated privileges on the vulnerable system. A remote user can access and modify data. A remote or local user can cause denial of service conditions.