Advisories & Alerts

  • Advisory on Microsoft Office Dynamic Data Exchange Attacks 02 November 2017

    SingCERT is aware of reports of hackers leveraging the built-in feature of Microsoft Windows known as Dynamic Data Exchange (DDE) protocol for malicious purpose.

  • [SingCERT] Advisory on Bad Rabbit Ransomware 26 October 2017

    A new ransomware known as Bad Rabbit was discovered by researchers from Kaspersky Lab and ESET on 24th October 2017. It is reported to have hit corporate networks in Ukraine and Russia, and appeared to be spreading to other countries. The ransomware bears some similarities to the NotPetya outbreak that caused extensive damages in June 2017, but also bear notable differences.

    For example, unlike Notpetya, it does not exploit software vulnerabilities, but rely on the traditional click-and-infect method. Basically it tricks victims to download a fake Adobe Flash Installer when they visit compromised websites. Once infected, this ransomware will spread itself within the infected organisation’s network through Windows File Sharing protocol and infect other machines within this network.

  • [SingCERT] Alert on Botnet IoT Reaper 22 October 2017

    A newly-detected cyber threat targeting internet-connected devices is reported to be spreading across the internet. The malicious malware is observed to exploit vulnerabilities in devices to take control and make them part of a massive botnet infrastructure. The threat has been reported by independent researchers from Checkpoint and Qihoo, and has been named “IOT_reaper” or “Reaper”.

  • [SingCERT] Alert on Multiple Vulnerabilities Affecting Wi-Fi Protected Access 2 (WPA2) Protocol 17 October 2017


    Wi-Fi Protected Access 2 (WPA2) is a security protocol developed by the Wi-Fi Alliance to enhance the security of the commonly used Wi-Fi networks.

    On 16th October 2017, a researcher publicly disclosed multiple vulnerabilities found in WPA2 protocol. These vulnerabilities may affect the data confidentiality of users' Wi-Fi connectivity in homes and offices.

  • [SingCERT] Alert on Multiple Dnsmasq Vulnerabilities (CVE-2017-14491 to CVE-2017-14496) 04 October 2017

    Dnsmasq is a software that is able to perform roles such as being a Domain Name System (DNS) forwarder, Dynamic Host Configuration Protocol (DHCP) server, router advertisements, and network booting for computer networks. It is included in most Linux distributions and the ports systems of Berkeley Software Distribution (BSD) Unix and is widely used on the Internet and in private networks.

  • [SingCERT] Advisory on Multiple Security Vulnerabilities Affecting D-Link DIR-800 Series Routers 30 September 2017

    On 8th and 12th September 2017, security researchers publicly disclosed details of multiple vulnerabilities affecting D-Link DIR-800 series of routers.

  • [SingCERT] Alert on Two Apache Tomcat Security Vulnerabilities (CVE-2017-12615 and CVE-2017-12616) 24 September 2017

    On 19 September 2017, the Apache Software Foundation announced two important security vulnerabilities (CVE-2017-12615 and CVE-2017-12616) in its Apache Tomcat 7.0.x which could lead to remote code execution (RCE).

    Apache Tomcat is an open-source HTTP server and Java servlet container developed by the Apache Software Foundation. Many Internet websites employ Apache Tomcat to serve Java Servlets and Java Server Pages.

  • [SingCERT] Alert on Apache Struts2 Remote Code Execution Vulnerability (S2-052) 06 September 2017

    Apache Struts is a popular, free, open-source web application framework for developing Java web applications. Struts is well-known for its extensible "plug-in" architecture.

    On 5th September 2017, the Apache Software Foundation announced that a critical security vulnerability (S2-052) was discovered in its Apache Struts project, which allows possible remote code execution (RCE) due to the lack of input validation or sanitization in Struts REST plugin.

  • [SingCERT] ShadowPad Backdoor Spreads in Corporate Networks Through Software Update Mechanism 25 August 2017

    On 15 August 2017, Kaspersky Labs reported that they had discovered suspicious DNS requests in a partner's network. Further investigation showed that the source of the suspicious DNS queries was from a software package produced by NetSarang. Kaspersky Labs named the threat ShadowPad. SingCERT understands that the attacks occurred in Hong Kong, but the ShadowPad backdoor could be dormant in many other systems worldwide, if users have not updated to the latest version of the affected software.

  • [SingCERT] Increase in Defacements Affecting Singapore-hosted Websites 09 August 2017

    SingCERT has observed an increase in defacement activities affecting websites hosted in Singapore in early August 2017. A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. This is usually done by exploiting an unpatched vulnerability.