Advisories & Alerts

[SingCERT] Alert on Microsoft Scripting Engine Memory Corruption Vulnerability CVE-2018-8653

Microsoft has released an out-of-band security update to address a critical vulnerability discovered in its Internet Explorer (IE) software. This memory corruption vulnerability (CVE-2018-8653) affects IE when browsing websites that utilise the JScript as the scripting engine.

[SingCERT] Alert on Windows DNS Server Vulnerability CVE-2018-8626

A Domain Name System (DNS) is a naming system for the Internet that translates readable domain names to information such as Internet Protocol (IP) addresses. A Microsoft Windows server, such as a domain controller, is typically configured as a DNS server by default. A remote code execution vulnerability in the Windows DNS server implementation has been reported and assigned the CVE number CVE-2018-8626. This vulnerability has a Common Vulnerability Scoring System score of 9.8 out of 10.

[SingCERT] Alert on EternalSilence, a New Variant of EternalBlue and EternalRed Abusing UPnP Services on Routers

Akamai researchers have recently published their observations on how a router feature known as Universal Plug and Play (UPnP) was being abused by attackers to conceal traffic, creating a proxy system dubbed as "UPnProxy". UPnProxy can be leveraged to distribute spam, malware and launch DDoS attacks.

Attackers are known to make unauthorised changes to (i) the affected router’s Network Address Translation table, (ii) remap its port forwarding settings to proxy malicious traffic and; (iii) leverage its UPnP feature to enable remote connections to the affected router.

[SingCERT] Alert on Adobe Flash Player Vulnerability (CVE-2018-15981)

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh Operating System (MacOS), Linux and Chrome Operating Systems (OS). The vulnerability occurs because the interpreter code of the Action Script Virtual Machine does not reset when an exception is caught. This leads to a “type confusion” bug, resulting in the possibility of a remote code execution. The security updates address this critical vulnerability (CVE-2018-15981) in Adobe Flash Player.

[SingCERT] Festive Shopping Advisory for Shoppers and Online Merchants

As the holiday season is fast approaching, more people are going online to shop for gifts and make their travel plans. There are also a series of promotions for Singles' Day, Thanksgiving, Black Friday and Cyber Monday to entice shoppers.

For an enjoyable shopping experience, SingCERT advises members of the public to be more cautious of possible online threats.

[SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031)

Apache Struts is a popular open-source Java-based web application framework used for developing many enterprise web applications globally.

Apache Software Foundation released new versions of its Apache Struts 2 framework to address a Remote Code Execution (RCE) vulnerability in the commons-fileupload library, which used in the built-in file upload mechanism.

[SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845)

Nginx is a free, open-source and high-performance web server used in over 14 million sites, including websites of companies such as Dropbox, Netflix, and Wordpress.com.

Nginx has announced security patches for three vulnerabilities, which can result in a Denial of Service (DoS) and/or Data Exfiltration.

[SingCERT] Technical Advisory on Vulnerabilities in Bluetooth Low Energy Chips by Texas Instruments (CVE-2018-16986 and CVE-2018-7080)

Security researchers have discovered two vulnerabilities dubbed “BLEEDINGBIT” in the Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI).

CVE-2018-16986 is a buffer overflow vulnerability that occurs when processing malformed BLE frames, causing memory corruption. This vulnerability can be exploited if the attacker is within the Bluetooth range from the targeted devices with both the BLE feature and scanning mode enabled.

CVE-2018-7080 is a vulnerability that exists when the Over-the-Air firmware download (OAD) feature is not properly configured to address secure firmware updates.

[SingCERT] Alert on Drupal Critical Vulnerabilities

Drupal is a content management software that is used by numerous companies around the world to manage content and host websites. There are over one million sites using Drupal including popular websites such as NBC, Fox, The Economist, Twitter, and Pinterest.

Drupal has announced security patches for five vulnerabilities, including two critical vulnerabilities. The first critical vulnerability allows attackers to inject commands into the default mail function, which could lead to remote code execution. The second critical vulnerability involves insufficient validation in the Contextual Links module, which could also result in remote code execution.

[SingCERT] Alert on Multiple Security Vulnerabilities in Oracle's Enterprise Products

Oracle has released a critical patch update for October 2018 to address 301 security vulnerabilities across its various enterprise products, including Database, E-Business Suite, and Fusion Middleware packages. Of the 301 vulnerabilities, 45 vulnerabilities have a Common Vulnerability Score System (CVSS) severity base score of 9.8 (on a scale of 10) and one vulnerability (CVE-2018-2913) has a maximum severity base score of 10.

CVE-2018-2913 is a vulnerability in the Monitoring Manager component of Oracle GoldenGate. Oracle GoldenGate is a data replication framework that can work with large quantities of information in real-time. This vulnerability can be easily exploited by an unauthenticated attacker with network access via Transmission Control Protocol (TCP).