Advisories & Alerts

  • [SingCERT] Advisory on Distrust of Symantec-issued Certificates 09 April 2018

    A Secure Socket Layer (SSL) certificate binds the website owner's details to a cryptographic key and is used as a proof of trust for secure communication between a browser and web server. Certificates are issued by Certificates Authorities (CA), and Symantec was previously one such CA that issues certificates to verify a digital entity’s identity on the Internet [1].

    Two major browsers, Google Chrome and Mozilla Firefox, announced last year that they would gradually distrust these issued certificates as they had failed to comply with the industry standards set by the Certification Authority Browser Forum. Symantec-issued certificates issued before 1 June 2016 will be distrusted in later versions of Chrome 66 and Firefox 60 onwards. Updated versions of Chrome 66 and Firefox 60 are scheduled for release on 17 April 2018 and 9 May 2018 respectively.

  • [SingCERT] Alert on Cyber Attacks Leveraging Cisco Critical Vulnerabilities (CVE-2018-0171) 08 April 2018

    On 8th April, it was reported that there had been cyber attacks on Cisco equipment, causing network outages in several countries including the US, Russia and Iran. The attacks exploited the CVE-2018-0171 Cisco Smart Install vulnerability which has a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of 10.

    A remote attacker could exploit this vulnerability by sending a crafted message to an unpatched Cisco equipment on TCP port 4786. This would trigger a reload of affected devices, resulting in a denial of service (DoS) condition, or the execution of arbitrary codes on affected devices.

    The Cisco Smart Install feature provides zero-touch deployment for new equipment, similar to a "plug-and-play" model. It allows a customer to deploy the network device to any location and install it into a network for immediate use without additional configuration required.

  • [SingCERT] Alert on Microsoft Malware Protection Engine Critical Vulnerability (CVE-2018-0986) 06 April 2018

    Microsoft Malware Protection Engine (MMPE) is a component used in Microsoft Anti-Malware products to automatically scan all incoming files.

    On 3 April 2018, Microsoft released an out-of-band security update to address a critical security vulnerability (CVE-2018-0986) in MMPE that allows an attacker to perform remote code execution.

    An attacker can exploit this vulnerability through several methods such as sending a specially crafted malicious file as an email attachment or file sharing over instant messaging. The vulnerable MMPE scans this malicious file, leading to memory corruption thereby allowing the attacker to execute arbitrary code on the system.

  • [SingCERT] Alert on Debian Beep Package Local Privilege Escalation Vulnerability (CVE-2018-0492) 06 April 2018

    Debian's beep package is a command-line tool that causes PC speakers to make a beep sound when an error occurs for troubleshooting purposes. It is estimated that approximately 130 million users have this package installed on their computer.

    On 4 April 2018, a security researcher disclosed a vulnerability (CVE-2018-0492) in Debian beep packages that allows local privilege escalation. This vulnerability allows an attacker to gain unauthorised elevated access to system configuration files and perform other malicious activities.

  • [SingCERT] Alert on Drupal Critical Vulnerability (CVE-2018-7600) 03 April 2018

    Drupal is a content management software that is used by numerous companies around the world to create content and host websites. There are over one million sites using Drupal including popular websites such as NBC, Fox, The Economist, Twitter, and Pinterest.

    On 28 March 2018, Drupal announced a highly critical vulnerability CVE-2018-7600 in their system that leads to remote code execution. This vulnerability potentially allows attackers to exploit multiple attack vectors, which could result in the site being completely compromised.

  • [SingCERT] Alert on security flaws in Advanced Micro Devices (AMD) processors 22 March 2018

    On 13 March 2018, security researchers from CTS Labs announced the discovery of several security flaws affecting some Advanced Micro Devices (AMD) products that could allow an attacker under the right conditions take complete control over AMD processors that reside in computers and other devices.

    On 21 March 2018, AMD acknowledged these security flaws and updated its technical assessment of the issues. They are working on the appropriate mitigation actions and plan to release firmware patches in the coming weeks. AMD also clarified that these flaws are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made known in January 2018. Instead, these issues were found within the firmware managing the embedded security control processor in some AMD products, such as the AMD Secure Processor, and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

  • [SingCERT] Technical Alert on the Distributed Denial of Service (DDoS) Amplification Attacks Using Memcached 13 March 2018

    Memcached is a free and open source distributed memory object caching system. It is often used to speed up dynamic websites by caching data object in random-access memory, reducing high latency when accessing external database.

    On 27 February 2018, Cloudflare reported a significant rise in number and magnitude of distributed denial of service (DDoS) amplification attacks due to the abuse of misconfigured Memcached servers.

  • [SingCERT] Alert on Firefox Browser Critical Vulnerability (CVE-2018-5124) 02 February 2018

    On 29 January 2018, Mozilla Foundation announced a critical vulnerability (CVE-2018-5124) found in its Firefox browser.

  • [SingCERT] Advisory on Critical Security Bug in Oracle's MICROS POS System 02 February 2018

    On 30 January 2018, security researchers from ERPScan disclosed a critical security flaw (CVE-2018-2636) in Oracle's MICROS Point-of-Sale (POS) system. As a provider of POS system, Oracle’s MICROS software is used in more than 330,000 cash registers globally, including food and beverage outlets and hotels.

    CVE-2018-2636 is a security flaw that allows attackers to read sensitive data such as usernames and password hashes from configuration files in the POS terminals. Using the retrieved data, attackers can perform a brute-force attack to gain full and legitimate access to the POS server's database containing vendors' business data, which can include their customers’ credit card details. Attackers can also use the stolen usernames and passwords for corporate espionage and proxy endpoints for future cyber-attacks.

  • [SingCERT] Alert on Cisco Adaptive Security Appliance (ASA) Critical Vulnerability (CVE-2018-0101) 01 February 2018

    On 29 January 2018, Cisco announced a critical vulnerability (CVE-2018-0101) found on its Adaptive Security Appliance (ASA) software with a maximum Common Vulnerability Score System (CVSS) severity base score of 10 out of 10. The vulnerability is found in the Secure Sockets Layer (SSL) VPN functionality of the ASA and is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system, resulting in unauthenticated remote access.