Advisories & Alerts

  • [SingCERT] Technical Advisory on Measures For Protecting Customers’ Personal Data 20 July 2018

    SingHealth’s database containing patient personal particulars and outpatient dispensed medicines has been the target of a major cyberattack. About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth. The records were not tampered with, i.e. no records were amended or deleted.

  • [SingCERT] Alert on Cisco Security Updates (CVE-2018-0369 & CVE-2018-0341) 13 July 2018

    Cisco has announced the release of several security updates to address vulnerabilities affecting its operating system and other products.

    Two high-severity vulnerabilities were identified which require immediate attention.

    CVE-2018-0369 is an IPv4 fragmentation denial of service (DoS) vulnerability affecting Cisco products running on StarOS. StarOS powers next generation mobile networks which support everything from tablets and smartphones to IoT deployments. StarOS gives users the flexibility and dynamic resource allocation for mobile services and networks. This vulnerability can be exploited by sending malicious IPv4 packets across an affected device. An exploit could allow an unauthenticated, remote explorer to trigger a reload of the npusim process, resulting in a DoS condition and possible service disruptions.

    CVE-2018-0341 is a web-based user interface (UI) command injection vulnerability affecting Cisco IP Phone 6800, 7800, and 8800 series with Multiplatform Firmware. The vulnerability can be triggered by remotely executing commands with the privileges of the web server. Successful attackers can then eavesdrop on conversations, intercept rich media data, place phone calls and more.

  • [SingCERT] Alert on WordPress 4.9.7 Security Release 12 July 2018

    WordPress is one of the most widely deployed content management system (CMS) used by millions of websites. On 5 July 2018, WordPress released a security and maintenance update to fix an arbitrary file deletion vulnerability that has been discovered in WordPress versions 4.9.6 and earlier. The vulnerability allows attackers with file upload privileges, “Author” or higher, to delete files outside of the uploads directory, which can compromise the website.

  • [SingCERT] Alert on Misconfigured Geth Ethereum Client 19 June 2018

    On 11 June 2018, Qihoo 360 reported that a group of hackers had stolen over $20 million worth of Ethereum, which is a form of cryptocurrency. The cause of these thefts is due to a misconfiguration of the Geth Ethereum client, exposing a Remote Procedure Call (RPC) interface on port 8545. This interface grants access to sensitive functions, allowing hackers to obtain private keys, move funds and retrieve owner's personal details.

  • [SingCERT] Alert on "SigSpoof" Email Encryption and Digital Signature Vulnerability (CVE-2018-12020) 19 June 2018

    A security researcher discovered a vulnerability affecting email clients that use GnuPG (Gnu Privacy Guard) for email encryption and digital signature. GnuPG (aka. GPG) is a complete and free implementation of the OpenPGP (Open Pretty Good Privacy) security standard. It enables users to secure their data communication with strong encryption and digital signatures.

    Dubbed as "SigSpoof" by the researcher, the improper sanitisation of filenames allows an attacker to insert fake GnuPG status messages into the application parser to imitate signature verification and message decryption results. The resultant spoof signed and/or encrypted messages are able to bypass application verifications.

  • [SingCERT] Alert on Critical Microsoft Vulnerabilities CVE-2018-8267, CVE-2018-8225 & CVE-2018-8231 14 June 2018

    Microsoft has announced the release of several security patches to address vulnerabilities affecting its Operating System and other products.

    Three critical vulnerabilities were identified and require immediate attention.

    CVE-2018-8267 is a memory corruption vulnerability affecting Microsoft Internet Explorer. This vulnerability can be triggered when it fails to properly handle errors, allowing an attacker to execute arbitrary code.

    CVE-2018-8225 is a critical Windows Domain Name Server API (DNSAPI) remote code execution vulnerability that exists in Windows DNS. The vulnerability can be exploited by sending a corrupted DNS response to a targeted system.

    CVE-2018-8231 is a critical Hypertext Transfer Protocol (HTTP) stack memory vulnerability that can be exploited by sending a malicious packet to a targeted system, allowing an attacker to execute arbitrary code.

  • [SingCERT] Alert on Zip Slip Vulnerability for Archive Files 08 June 2018

    On 5 June 2018, Snyk Security team disclosed a critical archive extraction vulnerability dubbed Zip Slip. This vulnerability allows attackers to perform arbitrary remote command execution on affected systems. As a result, thousands of projects, including projects by HP, Amazon, Apache, Pivotal and many more, are affected.

    The Zip Slip vulnerability has been found in multiple ecosystems, including JavaScript, Ruby, .NET and Go, but is especially prevalent in Java, where there is no central software library for unpacking archive files. The lack of such a library led to vulnerable code snippets being crafted and shared among developer communities such as StackOverflow.

  • [SingCERT] Alert on "VPNFilter" Malware Infecting Networking Devices Worldwide 07 June 2018

    On 23 May 2018, security researchers from Cisco revealed a new malware, “VPNFilter”, launched by an APT (Advanced Persistent Threat) group with the capacity to collect intelligence and launch destructive cyber-attacks on intended victims. The multi-stage malware targets networking devices in small and home office (SOHO) spaces, including routers from Linksys, MikroTik, NETGEAR, QNAP NAS and TP-Link. According to Cisco, it is estimated that at least 500,000 networking devices in at least 54 countries, including Singapore, have been infected with the malware. The number of infected devices detected in Singapore is low at nearly 30.

  • [SingCERT] Alert on Critical Cisco Vulnerabilities CVE-2018-0222, 0268, 0271 18 May 2018

    Cisco Digital Network Architecture (DNA) is an open, software-driven platform that integrates several advanced networking capabilities such as virtualisation, automation, analytics, and cloud capabilities into one solution, making it easy for network administrators to design and apply policies across multiple networks.

    On 16 May 2018, Cisco released multiple software patches to address vulnerabilities found in its products and they include three vulnerabilities discovered in the Cisco DNA Center which are categorised as “critical”. They are tracked as CVE-2018-0222, CVE-2018-0268 and CVE-2018-0271, and have scored the maximum Common Vulnerability Score System (CVSS) severity base score of 10 out of 10.

  • [SingCERT] Alert on Red Hat DHCP Client Critical Vulnerability (CVE-2018-1111) 18 May 2018

    The Dynamic Host Configuration Protocol (DHCP) is used to configure network settings of a computer system from a DHCP server. When a system joins the network, its DHCP client application is programmed to automatically request for network configuration information such as Internet Protocol (IP) address, IP routes, default IP gateway, and Domain Name System (DNS) servers from the nearest, or the first, DHCP server.

    On 15 May 2018, Red Hat published a security alert advising users to immediately patch a critical vulnerability found in the NetworkManager integration script included in its DHCP client packages. NetworkManager is a program that uses DHCP.

    The flawed script executes with administrative privileges on a system whenever the NetworkManager receives a DHCP response from a DHCP server. When successfully exploited, the vulnerability allows an attacker to execute arbitrary commands, resulting in a complete compromise of the system.

    The vulnerability tracked as CVE-2018-1111 is rated "Critical" with the maximum Common Vulnerability Score System (CVSS) severity base score of 10 out of 10.