Advisories & Alerts

  • [SingCERT] Alert on Security Flaw Found in macOS High Sierra 30 November 2017

    macOS High Sierra is the latest release of Mac operating system by Apple Inc. for its brand of computers.

    On 28 November 2017, a software developer discovered a security bug in macOS High Sierra. This bug allows anyone with access to Mac computers to log into the “root” account without keying in a password.

  • [SingCERT] Advisory on Exim Internet Mailer Vulnerabilities 30 November 2017

    Exim is a popular internet mail message transfer agent that is widely used by Unix-like operating systems.

    Two critical vulnerabilities (CVE-2017-16943 and CVE-2017-16944) have been discovered and publicly disclosed on 26 November 2017. These vulnerabilities could allow an attacker to execute malicious codes remotely on the affected systems.

    CVE-2017-16943 is a use-after-free bug that affects Exim's feature which allows the breaking and sending of emails in multiple chunks.

    CVE-2017-16944 is a denial of service (DoS) flaw caused by the improper checking for a '.' character to signify the end of an email when parsing the data header. This vulnerability is also exploitable via the chunking feature.

  • [SingCERT] Alert on Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882) 24 November 2017

    On 14th November 2017, Microsoft reported a remote code execution vulnerability in Microsoft Office software when the software fails to properly handle data in memory.

  • [SingCERT] Alert on Online Shopping During Festive Season 23 November 2017

    SingCERT advises members of the public who intend to shop online during the festive holiday season to be aware of possible online scams.

  • [SingCERT] Advisory on Intel Firmware Vulnerabilities 23 November 2017

    Intel manufactures processors that reside in computers and other devices. These processors execute instructions which will then perform specific actions.

    On 20th November 2017, Intel announced security vulnerabilities (CVE-2017-5705 to CVE-2017-5712) in Intel Core processors manufactured from 2015 onwards. These vulnerabilities could lead to remote code execution (RCE) on certain PCs, servers, and Internet-of-Things (IoT) platforms.

  • [SingCERT] Alert on Browser-based Digital Currency Mining 09 November 2017

    SingCERT has seen an increase in digital mining tools embedded in websites to secretly mine digital currency. These websites expend the user's Central Processing Unit (CPU) power without their permission.

    Digital Currency is a form of currency that exists only in digital form, unlike traditional physical currency such as banknotes and coins. Digital currency is digitally created, held and transacted electronically through transfers of value on computer networks. Digital currencies are generated by mining software that run on computer systems on the internet, making use of the computational power of the hardware Central Processing Unit (CPU) and Graphics Processing Unit (GPU). Bitcoin, Monero and Ethereum are examples of digital currencies that make use of hardware computational power for digital mining.

  • [SingCERT] Alert on Security Vulnerability in Older Versions of WordPress 03 November 2017

    Background

    A vulnerability in WordPress has been uncovered in versions 4.8.2 and earlier. Users of this popular free and open source content management system (CMS) are strongly urged to update to the latest version of WordPress, version 4.8.3, as soon as possible.

  • [SingCERT] Advisory on Microsoft Office Dynamic Data Exchange Attacks 02 November 2017

    SingCERT is aware of reports of hackers leveraging the built-in feature of Microsoft Windows known as Dynamic Data Exchange (DDE) protocol for malicious purpose.

  • [SingCERT] Advisory on Bad Rabbit Ransomware 26 October 2017

    A new ransomware known as Bad Rabbit was discovered by researchers from Kaspersky Lab and ESET on 24th October 2017. It is reported to have hit corporate networks in Ukraine and Russia, and appeared to be spreading to other countries. The ransomware bears some similarities to the NotPetya outbreak that caused extensive damages in June 2017, but also bear notable differences.

    For example, unlike Notpetya, it does not exploit software vulnerabilities, but rely on the traditional click-and-infect method. Basically it tricks victims to download a fake Adobe Flash Installer when they visit compromised websites. Once infected, this ransomware will spread itself within the infected organisation’s network through Windows File Sharing protocol and infect other machines within this network.

  • [SingCERT] Alert on Botnet IoT Reaper 22 October 2017

    A newly-detected cyber threat targeting internet-connected devices is reported to be spreading across the internet. The malicious malware is observed to exploit vulnerabilities in devices to take control and make them part of a massive botnet infrastructure. The threat has been reported by independent researchers from Checkpoint and Qihoo, and has been named “IOT_reaper” or “Reaper”.