Advisories & Alerts

  • [SingCERT] Security Flaws in Apple OS X and iOS 23 June 2015

    Six university researchers have revealed four vulnerabilities affecting Apple OS X and iOS. These vulnerabilities could allow attackers to steal passwords and other credentials if successfully exploited.

  • [SingCERT] Samsung Galaxy Devices MITM Vulnerability 19 June 2015

    A vulnerability has been reported in the update mechanism of Samsung keyboards in various Samsung Galaxy devices. Samsung keyboards are powered by SwiftKey through SwiftKey SDK and SwiftKey periodically checks for language packs updates over HTTP. As the HTTP requests are not encrypted, it is susceptible to man-in-the-middle (MITM) attacks. Additionally, the Samsung keyboards are operating with system privileges, which may allow an attacker to write arbitrary data to the vulnerable devices.

  • [SingCERT] Dyre Malware 17 April 2015

    Variants of Dyre (Dyreza) malware have been observed to be targeting the retail and banking customers. The malware spreads itself through phishing emails that contain malicious attachments.

  • [SingCERT] Adobe Flash Player Security Updates for April 2015 16 April 2015

    Adobe has released security updates for Adobe Flash Player 17.0.0.134 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.451 and earlier versions for Linux.

  • [SingCERT] Microsoft Security Bulletin Summary for April 2015 16 April 2015

    Microsoft has released 11 bulletins this month that need to be patched to address vulnerabilities in Microsoft Windows, Microsoft Server Software and Internet Explorer.

  • [SingCERT] WordPress RevSlider Plugin Vulnerability 30 March 2015

    A vulnerable WordPress plugin (RevSlider) may be used to compromise websites to embed iframes and exploit kits, and websites may also be defaced.

  • [SingCERT] Microsoft Security Bulletin Summary for March 2015 11 March 2015

    Microsoft has released 14 bulletins this month that need to be patched to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Server Software, Microsoft Exchange and Internet Explorer.

  • [SingCERT] FREAK Attack 04 March 2015

    Researchers from IMDEA, INRIA and Microsoft Research discovered a new SSL/TLS bug that allows attackers to conduct man-in-the-middle attacks to downgrade the level of encryption used between a vulnerable browser and a vulnerable server to a weaker, easily crackable level.