Advisories & Alerts

  • [SingCERT] Alert on DNS Flag Day 01 February 2019

    Domain Name System (DNS) infrastructure operators and Internet service providers are taking part in the first DNS Flag Day on 1 February 2019. This is a global initiative to promote the use of Extension Mechanism Protocol for DNS (EDNS) where participants, software and service providers such as Google and Cloudflare, are going to remove non-standard DNS workarounds.

  • [SingCERT] Alert on Linux Advanced Package Tool (APT) Remote Code Execution Vulnerability (CVE-2019-3462) 24 January 2019

    A vulnerability (CVE-2019-3462) in the Linux Advanced Package Tool (APT) has been discovered. Successful exploitation of the vulnerability could result in arbitrary code execution with access to privileged administrator “root” on affected Linux systems. APT is a widely used utility that handles installation, update, upgrade and removal of software across many Linux operating system distributions. This vulnerability has been given a Common Vulnerability Score System version 3 severity base score of 8.1 out of 10.

  • [SingCERT] Advisory on Mitigating DNS Records Tampering 24 January 2019

    On 22 Jan 19, the US Department of Homeland Security - Cybersecurity and Infrastructure Security Agency - published an Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering” [1] in response to a recent series of incidents involving the tampering of Domain Name System (DNS) records belonging to government agencies and civilian entities across the globe.

  • [SingCERT] Advisory on Vulnerability for Android ES File Explorer Application (CVE-2019-6447) 18 January 2019

    On 17 January, a security researcher found a vulnerability in an Android application known as “ES File Explorer File Manager” (CVE-2019-6447). The application is commonly used for managing files on devices running the Android operating system.

    The application only needs to be run once for the vulnerability to be active. Once launched, the application starts a web server on port number 59777 in the background, and allows attackers on the same network to gain access and download files that are stored in the compromised device.

  • [SingCERT] Alert on Oracle Critical Patch Update Advisory for Administrators 16 January 2019

    Oracle has released a critical patch update comprising 284 security patches for over 30 of its products.

    Many of the 284 vulnerabilities are remotely exploitable without authentication; for instance, an attacker could gain access into a network without using any user credentials.

  • [SingCERT] Alert on Microsoft January 2019 Patch Tuesday 10 January 2019

    Microsoft has announced the release of over 50 security patches to address vulnerabilities affecting its operating system and other products. Seven vulnerabilities were identified as critical and required immediate attention.

    Successful exploitation of these 7 critical vulnerabilities could allow remote code execution by attackers. The vulnerabilities include:

  • [SingCERT] Advisory on E-mail Extortion Scam 03 January 2019

    SingCERT has received a number of reports of e-mail extortion scams asking victims for money in return for not publicly disclosing “private and confidential” information about the victims. These cases bear similarities in modus operandi to reported cases in an advisory - https://www.facebook.com/56706929407/posts/10158120541014408/ issued by the Singapore Police Force on 31 December 2018.

  • [SingCERT] Alert on Microsoft Scripting Engine Memory Corruption Vulnerability CVE-2018-8653 21 December 2018

    Microsoft has released an out-of-band security update to address a critical vulnerability discovered in its Internet Explorer (IE) software. This memory corruption vulnerability (CVE-2018-8653) affects IE when browsing websites that utilise the JScript as the scripting engine.

  • [SingCERT] Alert on Windows DNS Server Vulnerability CVE-2018-8626 13 December 2018

    A Domain Name System (DNS) is a naming system for the Internet that translates readable domain names to information such as Internet Protocol (IP) addresses. A Microsoft Windows server, such as a domain controller, is typically configured as a DNS server by default. A remote code execution vulnerability in the Windows DNS server implementation has been reported and assigned the CVE number CVE-2018-8626. This vulnerability has a Common Vulnerability Scoring System score of 9.8 out of 10.

  • [SingCERT] Alert on EternalSilence, a New Variant of EternalBlue and EternalRed Abusing UPnP Services on Routers 05 December 2018

    Akamai researchers have recently published their observations on how a router feature known as Universal Plug and Play (UPnP) was being abused by attackers to conceal traffic, creating a proxy system dubbed as "UPnProxy". UPnProxy can be leveraged to distribute spam, malware and launch DDoS attacks.

    Attackers are known to make unauthorised changes to (i) the affected router’s Network Address Translation table, (ii) remap its port forwarding settings to proxy malicious traffic and; (iii) leverage its UPnP feature to enable remote connections to the affected router.