Advisories & Alerts

  • [SingCERT] Fake Websites Hosted by 15 December 2015

    CSA has been alerted to mirrored faked websites hosted by “” (see below screenshot). Numerous Singapore agencies and companies have been found to be affected.

    The content of the genuine websites have been copied to these fake websites and additional URL links have been appended below. Android mobile users have also encountered pop-up dialog boxes when they accessed these websites.

  • [SingCERT] Malware Targeting Mobile Banking 15 December 2015

    The Association of Banks in Singapore (ABS) released an advisory on 1st December 2015, alerting consumers about the recent malware infection on Android smartphones used by mobile banking customers. It is noted that about 50 such incidents have been reported and the victims are predominantly customers of major banks in Singapore.

    The malware is downloaded when the user clicks on a malicious URL or has installed an application from untrusted sources. The malware disguises itself as a legitimate application such as Adobe Flash Player (which is misspelt as “Abode”) and tricks users into allowing it to be installed into the smartphone. Upon installation, the malware can access sensitive information such as user credentials and personal particulars. The malware affects Android users using Android version 2.3 and above.

  • [SingCERT] Alert: Fake MOM Websites Found 24 November 2015

    Numerous fake MOM (Ministry of Manpower) websites have been reported. The official MOM corporate website has been duplicated to lead people into believing that they are on the official MOM website. MOM is working to bring down these websites.

  • [SingCERT] Defacement of .sg Websites 18 November 2015

    Recently, many .sg websites have been defaced. All of the websites are hosted on Windows 2000 Server and Windows Server 2003.

    Initial investigations suggest that unpatched WebDAV vulnerability may be the cause of defacement.

  • [SingCERT] Adobe Flash Zero Day Vulnerability 14 October 2015

    Trend Micro has reported that researchers have discovered a new Adobe Flash Player zero-day vulnerability. Currently, no patch is available.

  • [SingCERT] Business Email Frauds 09 October 2015

    Several businesses have been tricked into transferring substantial amounts of money to fraudulent bank accounts, resulting in financial loss.

  • [SingCERT] August 2015 Internet Explorer Out-of-Band Security Patch 19 August 2015

    Microsoft has released an out-of-band security update for Internet Explorer. The update addresses a critical vulnerability in Internet Explorer (CVE-2015-2502) that could potentially allow an attacker to execute arbitrary code on affected systems.

  • [SingCERT] Stagefright Vulnerability on Android OS 29 July 2015

    Researchers at Zimperium discovered a major vulnerability (named Stagefright) in Android operating system.
    A malicious media file can be specially crafted and delivered to a user’s mobile phone via MMS (Multimedia Messaging System) to download and execute malicious codes without requiring any user interaction. Users with devices using Android OS 2.2 and above are vulnerable.

  • [SingCERT] Phishing Emails about GeBIZ and SingNet 22 July 2015

    Phishing emails purported to be from are being sent to users.

  • [SingCERT] SingPass Lookalike Domain 11 July 2015

    IDA has alerted the public of a suspicious website which is spelt similarly to the official SingPass website. There are also login fields on the website.