Advisories & Alerts

  • [SingCERT] Educational Platform Edmodo Compromised 02 June 2017

    SingCERT has learned about a data breach of a popular online educational platform – Edmodo (URL: https://www.edmodo.com). User account details of about 78 million of Edmodo’s customers - including their usernames, email addresses and hashed passwords could have been exposed. Edmodo has issued an advisory to address this.

  • [SingCERT] Technical Advisory for System Administrators on "WannaCry Ransomware" 15 May 2017

    On 12th May 2017, there was a global wide-spread infection of a ransomware known as "WannaCry", aka. WanaCrypt0r. This ransomware exploits a known critical Microsoft Windows Server Message Block 1.0 (SMB) vulnerability (MS17-010), which allows remote code execution, providing a worm-like capability to propagate through a network by scanning for vulnerable systems and infecting them. It then encrypts files on the system, and extorts a bitcoin ransom in exchange for the decryption of files.

    This advisory serves to provide system administrators with technical information to safeguard their networks against this cyber threat.

  • [SingCERT] WanaCrypt0r aka WannaCry: What You Need to Know and Actions to Take 14 May 2017

    On 12th May 2017, there was a global wide-spread infections of a ransomware known as "WannaCry" aka. WanaCrypt0r. This ransomware has the capability to spread over the network by scanning for vulnerable systems, and infecting them. It then encrypts files on the system, and exhorts a ransom payment in bitcoin for the decryption of files.

  • [SingCERT] Alert on wide-spread "Wannacry" Ransomware targeting unpatched Windows systems 13 May 2017

    On 12th May 2017, SingCERT observed global wide-spread infections of a ransomware known as "WannaCry" aka. WanaCrypt0r. This ransomware has the capability to spread over the network by scanning for vulnerable systems, and infecting them. It then encrypts files on the system, and exhorts a ransom payment in bitcoin for the decryption of files.

  • [SingCERT] Shadow Brokers Leaked New Trove of Hacking Tools 15 April 2017

    On 14th April 2017, a hacking group known as the 'Shadow Brokers" released a new trove of hacking tools containing zero-day vulnerabilties and exploits believed to be stolen from a hyper-secret hacking unit dubbed the "Equation Group". This arsenal of hacking tools targets the SWIFT Alliance access boxes, Cisco VPN and several versions of Microsoft Windows operating systems.

  • [SingCERT] Apache Struts2 Possible Remote Code Execution 09 March 2017

    On 7th March 2017, Apache Software Foundation issued an emergency security alert for CVE-2017-5638 (Apache Struts2 S2-045).

    Apache Struts is an open source project of the Apache Foundation Jakarta project team which adopts a MVC framework for developers to develop Java web applications.

    Apache Struts is exposed to a high-risk remote command execution (RCE) vulnerability. It has been reported that the vulnerability is being actively exploited on a wide scale since it is relatively easy to exploit. SingCERT has found numerous unpatched Apache Struts websites in Singapore that are affected. There are potentially many more websites that have not been patched and are therefore vulnerable.

  • [SingCERT] Threat Alert on Cloudflare CloudBleed 24 February 2017

    Last updated on 7 March 2017, 15:13

    On 18 February 0032 GMT, a critical system vulnerability caused by a parser bug was reported to Cloudflare. On 18 February 0722, Cloudflare determined the root cause and turned off three of its features (namely Email Obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) that were using the same HTML parser chain which caused the leak.

  • [SingCERT] Threat Alert: Compromised WordPress Websites due to Outdated WordPress Versions 08 February 2017

    Over the past 3 days, SingCERT has observed an increase in defacements affecting websites hosted in Singapore as well as .sg websites hosted both locally and overseas on WordPress version 4.7.1 and earlier versions. Based on an initial investigations by SingCERT, this was a result of exploitation of a Wordpress vulnerability

  • [SingCERT] Advisory on Gooligan Malware 01 December 2016

    On 30 November 2016, security company Check Point reported that an Android malware, Gooligan, has affected Android phone users, compromising over a million Google accounts. Android phone users can perform a self-check at https://gooligan.checkpoint.com/ to find out if they are infected with Gooligan.

  • [SingCERT] Advisory on Tech Support Scams 17 November 2016

    The first reports of tech support scams surfaced around 2008 and these scams gradually gained momentum over the years. Their tactics have also evolved. In the past, these scammers cold called users in their attempt to make victims part with their money. Recently, fake tech support websites have been created and scammers use various techniques to trick users into believing that their computing devices are infected or facing some technical issues. Users may also find their computing devices being held ransom after following instructions provided by the scammer.