Advisories & Alerts

[SingCERT] Tips to Stay Safe Online in 2018

In 2017, major cyber incidents such as the WannaCry ransomware attack, Equifax hack, Uber data breach and multiple phishing scams were found to have affected millions of people worldwide. Singapore has also experienced its fair share of cyber incidents such as local data breaches and various phishing scams involving fake Government websites which have resulted in victims incurring monetary losses and their personal data compromised. To avoid falling prey to cyber criminals, practising good cyber hygiene will help safeguard our devices and information.

[SingCERT] Alert on Digital Currency Mining Campaign "ZEALOT"

On 15 December 2017, security researchers detected a malicious cyber campaign, known as “Zealot”, that hijacks the computing power of compromised Internet-facing servers to mine for "Monero", a type of digital currency.

[SingCERT] Alert on the Return Of Bleichenbacher's Oracle Threat (ROBOT) Attack

On 12 December 2017, a group of security researchers published findings that indicated that Transport Layer Security (TLS) implementation using RSA ciphers are vulnerable and may lead to information disclosure risk. TLS is a widely used internet security protocol that provides data privacy and integrity between two communicating applications (i.e. browser and Internet Banking website).

This happens when applications with TLS implementation using RSA ciphers are subjected to adaptive-chosen-ciphertext attack. An attacker could send multiple selective ciphertexts to a victim for decryption. The results are then recorded and used to select subsequent ciphertexts, which will help to derive the TLS session keys. This vulnerability is named Return Of Bleichenbacher's Oracle Threat (ROBOT) Attack after Daniel Bleichenbacher who was the first person to discover this class of cryptosystem vulnerability 19 years ago (1998).

[SingCERT] Alert on HP Notebook Keylogger

A keylogger*-type feature was found in the Synaptics touchpad driver installed in several HP notebook models. Although this feature is disabled by default, an attacker with local administrative rights could still obtain the keystrokes by modifying the system to enable the keylogger feature on an affected notebook.

*A keylogger is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard.

[SingCERT] Alert on Microsoft Malware Protection Engine Critical Vulnerability (CVE-2017-11937)

On 8 December 2017, Microsoft announced a critical remote code execution (RCE) vulnerability existing in the Microsoft Malware Protection Engine, which allows an attacker to take full control of an affected system.

[SingCERT] Securing Your Mobile Devices When Travelling This Holiday Season

As the year comes to a close, we would like to remind all who are travelling during this holiday season to remain vigilant of potential cyber threats and practise good cyber hygiene when using smart mobile devices. SingCERT recommends the following steps to prevent yourself from becoming a cyber-victim.

[SingCERT] Alert on Mailsploit to Spoof Email Addresses

On 5 December 2017, a security researcher disclosed a set of vulnerabilities dubbed "Mailsploit" which allowed hackers to send a well-crafted spoofed email. The exploit allows non-standard characters to be encoded into emails to trick recipients into believing they have received the email from a specific individual.

[SingCERT] Alert on Security Flaw Found in macOS High Sierra

macOS High Sierra is the latest release of Mac operating system by Apple Inc. for its brand of computers.

On 28 November 2017, a software developer discovered a security bug in macOS High Sierra. This bug allows anyone with access to Mac computers to log into the “root” account without keying in a password.

CSA | SingCERT | Advisory on Exim Internet Mailer Vulnerabilities

Exim is a popular internet mail message transfer agent that is widely used by Unix-like operating systems.

Two critical vulnerabilities (CVE-2017-16943 and CVE-2017-16944) have been discovered and publicly disclosed on 26 November 2017. These vulnerabilities could allow an attacker to execute malicious codes remotely on the affected systems.

CVE-2017-16943 is a use-after-free bug that affects Exim's feature which allows the breaking and sending of emails in multiple chunks.

CVE-2017-16944 is a denial of service (DoS) flaw caused by the improper checking for a '.' character to signify the end of an email when parsing the data header. This vulnerability is also exploitable via the chunking feature.

[SingCERT] Alert on Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)

On 14th November 2017, Microsoft reported a remote code execution vulnerability in Microsoft Office software when the software fails to properly handle data in memory.