Advisories & Alerts

  • [SingCERT] Kaspersky Report on Compromised RDP Servers - "The xDedic Marketplace" 18 June 2016

    On 15 June 2016, Kaspersky released a report on xDedic - an underground market that facilitated the sale of compromised login credentials of Remote Desktop Protocol (RDP) servers in 173 countries including Singapore.

    With the login credentials, the buyer will be able to access the server, including all the data on it and use the access to launch further attacks. xDedic appears to be run by a Russian-speaking group of hackers.

    The Kaspersky report indicated that Singapore has more than 700 compromised servers and was ranked 29th out of the 173 countries affected.

    Kaspersky has shared details of the report with SingCERT. SingCERT is taking action to contact affected companies that have been identified thus far to inform them of the compromise and to extend our assistance where necessary.

  • [SingCERT] Unsecured Virtual Network Computing (VNC) Configurations 23 May 2016

    Virtual Network Computing (VNC) is an open-source desktop sharing technology that enables users to access and control their home computers remotely over the Internet. Examples include enabling remote technical support to critical systems, allowing users to work from home, accessing home surveillance systems remotely from workplace, etc. An unsecured VNC configuration results when users use VNC without a password, thus causing them to be vulnerable to attackers who are constantly scanning the internet for loopholes.

  • [SingCERT] Software Vulnerability in Symantec's Antivirus Engine 19 May 2016

    Symantec’s Antivirus Engine (AVE) has been reported as vulnerable to memory corruption due to a flaw when parsing a specially crafted Portable Executable (PE) file. On computers that are running Windows operating system, a successful exploitation of the vulnerability will result in a system crash – displaying a blue screen commonly known as Blue Screen of Death. This advisory is provided for users who are currently using Symantec Antivirus Engine on their computers.

  • [SingCERT] Ransomware 06 May 2016

    Ransomware is a type of malware that holds a victim’s files, computer system or mobile device ransom, restricting access until a ransom is paid. Operating systems that can be infected include Windows, Mac OS X and Linux. Some ransomware variants are also known to traverse across the network and encrypt all files stored in shared and/or network drives. The more prevalent type of ransomware today encrypts commonly-used files, such as user documents, images, audio, and video files. By encrypting these files with a strong encryption (2048-bit or more), these files are rendered irrecoverable unless a decryption key is obtained.

  • [SingCERT] Software Vulnerability Discovered by CISCO in their ASA Software 11 February 2016

    This vulnerability was discovered in the Cisco Adaptive Security Appliance (ASA) software. The Cisco ASA is an IP router which serves as an application-aware firewall, network antivirus, intrusion prevention system, and virtual private network (VPN) server. On 10 Feb 2016, CISCO published a security advisory to address this software vulnerability (CVE-2016-1287).

  • [SingCERT] Multiple Security Issues with Juniper ScreenOS 22 December 2015

    Juniper found two security issues with ScreenOS during an internal code review – one that could allow unauthorised control of the affected system and the other which could allow an attacker to decrypt VPN traffic.

  • [SingCERT] Malware Targeting Mobile Banking 15 December 2015

    The Association of Banks in Singapore (ABS) released an advisory on 1st December 2015, alerting consumers about the recent malware infection on Android smartphones used by mobile banking customers. It is noted that about 50 such incidents have been reported and the victims are predominantly customers of major banks in Singapore.

    The malware is downloaded when the user clicks on a malicious URL or has installed an application from untrusted sources. The malware disguises itself as a legitimate application such as Adobe Flash Player (which is misspelt as “Abode”) and tricks users into allowing it to be installed into the smartphone. Upon installation, the malware can access sensitive information such as user credentials and personal particulars. The malware affects Android users using Android version 2.3 and above.

  • [SingCERT] Fake Websites Hosted by 15 December 2015

    CSA has been alerted to mirrored faked websites hosted by “” (see below screenshot). Numerous Singapore agencies and companies have been found to be affected.

    The content of the genuine websites have been copied to these fake websites and additional URL links have been appended below. Android mobile users have also encountered pop-up dialog boxes when they accessed these websites.

  • [SingCERT] Alert: Fake MOM Websites Found 24 November 2015

    Numerous fake MOM (Ministry of Manpower) websites have been reported. The official MOM corporate website has been duplicated to lead people into believing that they are on the official MOM website. MOM is working to bring down these websites.

  • [SingCERT] Defacement of .sg Websites 18 November 2015

    Recently, many .sg websites have been defaced. All of the websites are hosted on Windows 2000 Server and Windows Server 2003.

    Initial investigations suggest that unpatched WebDAV vulnerability may be the cause of defacement.