Advisories & Alerts

  • [SingCERT] Alert on Zip Slip Vulnerability for Archive Files 08 June 2018

    On 5 June 2018, Snyk Security team disclosed a critical archive extraction vulnerability dubbed Zip Slip. This vulnerability allows attackers to perform arbitrary remote command execution on affected systems. As a result, thousands of projects, including projects by HP, Amazon, Apache, Pivotal and many more, are affected.

    The Zip Slip vulnerability has been found in multiple ecosystems, including JavaScript, Ruby, .NET and Go, but is especially prevalent in Java, where there is no central software library for unpacking archive files. The lack of such a library led to vulnerable code snippets being crafted and shared among developer communities such as StackOverflow.

  • [SingCERT] Alert on "VPNFilter" Malware Infecting Networking Devices Worldwide 07 June 2018

    On 23 May 2018, security researchers from Cisco revealed a new malware, “VPNFilter”, launched by an APT (Advanced Persistent Threat) group with the capacity to collect intelligence and launch destructive cyber-attacks on intended victims. The multi-stage malware targets networking devices in small and home office (SOHO) spaces, including routers from Linksys, MikroTik, NETGEAR, QNAP NAS and TP-Link. According to Cisco, it is estimated that at least 500,000 networking devices in at least 54 countries, including Singapore, have been infected with the malware. The number of infected devices detected in Singapore is low at nearly 30.

  • [SingCERT] Alert on Critical Cisco Vulnerabilities CVE-2018-0222, 0268, 0271 18 May 2018

    Cisco Digital Network Architecture (DNA) is an open, software-driven platform that integrates several advanced networking capabilities such as virtualisation, automation, analytics, and cloud capabilities into one solution, making it easy for network administrators to design and apply policies across multiple networks.

    On 16 May 2018, Cisco released multiple software patches to address vulnerabilities found in its products and they include three vulnerabilities discovered in the Cisco DNA Center which are categorised as “critical”. They are tracked as CVE-2018-0222, CVE-2018-0268 and CVE-2018-0271, and have scored the maximum Common Vulnerability Score System (CVSS) severity base score of 10 out of 10.

  • [SingCERT] Alert on Red Hat DHCP Client Critical Vulnerability (CVE-2018-1111) 18 May 2018

    The Dynamic Host Configuration Protocol (DHCP) is used to configure network settings of a computer system from a DHCP server. When a system joins the network, its DHCP client application is programmed to automatically request for network configuration information such as Internet Protocol (IP) address, IP routes, default IP gateway, and Domain Name System (DNS) servers from the nearest, or the first, DHCP server.

    On 15 May 2018, Red Hat published a security alert advising users to immediately patch a critical vulnerability found in the NetworkManager integration script included in its DHCP client packages. NetworkManager is a program that uses DHCP.

    The flawed script executes with administrative privileges on a system whenever the NetworkManager receives a DHCP response from a DHCP server. When successfully exploited, the vulnerability allows an attacker to execute arbitrary commands, resulting in a complete compromise of the system.

    The vulnerability tracked as CVE-2018-1111 is rated "Critical" with the maximum Common Vulnerability Score System (CVSS) severity base score of 10 out of 10.

  • [SingCERT] Alert on NagiosXI Security Vulnerabilities - CVE-2018-8733 through CVE-2018-8736 15 May 2018

    NagiosXI is a monitoring solution, designed by Nagios Enterprises, for many mission-critical infrastructure components in a system or organisation, including applications, web services, operating systems, network protocols, systems metrics, and network infrastructure.

    On 10 May 2018, Nagios Enterprises published a security alert on its website advising its users to immediately update to the latest version of NagiosXI, which addresses several vulnerabilities to ensure that a user’s system is not susceptible to security breach.

  • [SingCERT] Alert on Critical Microsoft Vulnerabilities CVE-2018-8174 & CVE-2018-8120 10 May 2018

    Microsoft has released multiple security patches to address vulnerabilities affecting its Operating System and other products, including two zero-days that have been observed to be actively exploited.

    The first, CVE-2018-8174, is a critical Remote Code Execution (RCE) vulnerability. Also dubbed as "Double Kill", which is a violated attempt to access memory after it has been freed. The issue resides in the way the VBScript Engine (included in all currently supported versions of Windows) handles objects in computer memory, corrupting memory in such a way that an attacker could execute arbitrary code in the context of the current user. This flaw allows an attacker to remotely take control of an affected system. The exploit could be delivered through malicious Office documents or links in emails that force the URL contents to be loaded in Internet Explorer.

    The second, CVE-2018-8120 is a privilege-escalation flaw that occurred in the Win32k component of Windows when it fails to properly handle objects in computer memory. To exploit this vulnerability, an attacker would first have to gain access to the system. This could be achieved by tricking the recipient to open malicious Office documents sent via email, allowing an attacker to remotely take control of an affected system.

  • [SingCERT] Alert on Vulnerability in Oracle WebLogic Server (CVE-2018-2628) 20 April 2018

    Oracle WebLogic Server (WLS) is a Java Enterprise Edition Application server by Oracle Corporation.

    On 17 April 2018, Oracle announced a critical patch update to address a Deserialization Remote Command Execution Vulnerability (CVE-2018-2628) found in its WebLogic Server, after security researchers reported the flaw.

    This vulnerability (CVE-2018-2628) has a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of the maximum 10.

  • [SingCERT] Technical Advisory for Network Administrators to Guard Against Recent Network Malicious Activities 20 April 2018

    US-CERT has released an advisory (TA18-106A) with regard to threat actors targeting Network Infrastructure Devices. The advisory contains mitigation strategies for various stakeholders to identify and reduce their exposure to malicious activities.

    Threat actors can exploit network equipment without the need for zero-day vulnerabilities or the need to install malware to the device. They take advantage of the vulnerabilities in devices that:
    • have legacy unencrypted protocols or unauthenticated services,
    • are insufficiently hardened before installation, and
    • are no longer supported with security patches by manufacturers or vendors (end-of-life devices).

  • [SingCERT] Alert on Microsoft Information Disclosure Vulnerability (CVE-2018-0950) 13 April 2018

    Object Linking & Embedding (OLE) is a technology developed by Microsoft for its Windows Operating System to allow contents to be embedded and linked to documents and other objects. On 10 April 2018, a vulnerability analyst from the United States’ Computer Emergency Response Team/Coordination Center (CERT/CC) reported the discovery of an information disclosure vulnerability when Microsoft Office renders Rich Text Format (RTF) email messages containing OLE objects.

  • [SingCERT] Advisory on Critical Microsoft Graphics Component Vulnerabilities 13 April 2018

    Microsoft has announced the release of several security patches to address vulnerabilities affecting its Operating System and other products. Five of these vulnerabilities with a severity rating of critical in Windows Graphics Component (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016) could allow an attacker to hack a user's computer by tricking the user to visit a malicious website. These vulnerabilities exist due to improper handling of specially crafted embedded fonts by the Windows font library. Attackers could take advantage of these vulnerabilities that require no special privileges or user interaction to gain full control of the system, including creating new user accounts or even Remote Code Execution (RCE).

    An attacker can exploit these issues by tricking an unsuspecting user to open a specially crafted malicious file sent through email or a website with the malicious font by clicking on a link in an email or through an instant message. These files or links, if opened by the user, would execute arbitrary code on the user's system and hand over control of the affected system to the attacker.