Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, integer overflow, type confusion and use-after-free error. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited on suspicious Internet banking mobile application (Apps), which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website(www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
IBM has published a security bulletin to address a vulnerability related to Apache Commons Collections used in Domino/Notes when handling Java object deserialisation in the InvokerTransformer class. An attacker could send specially crafted data to affected system to execute arbitrary Java code.
Apple has released software update fixing 30 vulnerabilities in iOS versions prior to iOS 9.2. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, the attacker could entice a user to open a specially crafted image or media files, font file, iBook file, iWork file, XML document, web page or install a malicious application to exploit the vulnerabilities.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Dah Sing Bank, Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to request a record with malformed class attribute to trigger REQUIRE assertion failure, causing a denial-of-service condition. In addition, a flaw was found which can cause the BIND to exit after encountering an INSIST assertion failure.
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, flaws in API or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, various buffer overflow, type confusion, use-after-free error and security bypass problems. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Multiple vulnerabilities are found in the OpenSSL library. A remote attacker could exploit a memory leak problem or launch denial of service attack exploiting a NULL pointer dereference problem in OpenSSL.
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (October 2015) which could be remotely exploited without authentication. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially-crafted file or visit a malicious website.
The Office of the Commissioner of Insurance today (December 2) alerted the public to three fraudulent websites (http://ppm.guoguangdai.com, www.prudentialjunsheng.com and www.hkbxbc.com) that purport to be official websites of two authorised insurers in Hong Kong, Prudential Hong Kong Limited and Prudential General Insurance Hong Kong Limited. The insurers concerned have confirmed that they have no connections with the fraudulent websites.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by BNP Paribas on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
The Office of the Privacy Commissioner for Personal Data conducted an assessment of 45 local websites and mobile applications targeting at children this year. The results show that some websites and mobile apps contain good privacy practice while others are not satisfactory.
The Office of the Privacy Commissioner for Personal Data has launched a new TV Announcements in the Public Interest entitled "Stay Smart. Mind Your Digital Footprint" calling on members of the public to go online vigilantly, and protect, respect others' personal data.
The Office of the Government Chief Information Officer, the Hong Kong Police Force and the Hong Kong Computer Emergency Response Team Co-ordination Centre jointly held a public seminar on 27 November 2015 to inform the public about cyber security risks, good practices on information security and measures to safeguard personal devices and private information.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Organised by Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) / Hong Kong Productivity Council / Professional Information Security Association
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Standard Chartered Bank (Hong Kong) Limited on phishing e-mail, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website(www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
The Office of the Commissioner of Insurance today (November 18) alerted the public to eight fraudulent websites that purport to be official websites (or an insurance portal) of 16 authorised insurers in Hong Kong. The insurers concerned have confirmed that they have no connections with the fraudulent websites. The fraudulent websites and the authorised insurers being purported are listed in the Annex.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion, security bypass and use-after-free error.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Malayan Banking Berhad on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
The Registration and Electoral Office (REO) today (October 30) alerted members of the public and candidates of the 2015 District Council Ordinary Election to a fraudulent email purportedly issued by the REO from the email account "reoenp@reo.gov.hk" with an attachment claiming to be the latest 2015 guidelines on election-related activities in respect of the District Council Election. The attachment may contain a virus.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Standard Chartered Bank (Hong Kong) Limited on phishing e-mail, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website(www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Citibank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused a problem in fetch() API that did not correctly implement the Cross-Origin Resource Sharing(CORS) specification.
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by various buffer overflow, use-after-free error, memory leak, memory corruption, security bypass and problems in Flash broker and JavaScript API.
Organised by Cloud Security Alliance / High Technology Crime Investigation Association / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) / Hong Kong Computer Society / Hong Kong Productivity Council / Information Security and Forensics Society / Information Systems Audit and Control Association / ISC2 / Professional Information Security Association
The Office of the Privacy Commissioner for Personal Data (“PCPD”) expresses concern over the possible personal data leakage involving the contactless credit cards issued by banks and commences a compliance check on this issue. PCPD reminds the card-issuing banks to comply with the requirements under the Data Protection Principles in the Personal Data (Privacy) Ordinance to ensure the protection of the personal data of the general public. This will greatly enhance the confidence of the general public in using this new technology.
Cisco has released three security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software. An unauthenticated remote attacker could exploit the vulnerabilities in relation to several functions or protocols including SSH version 2 (SSHv2) using RSA-based user authentication, Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services, and IPv6 snooping feature configured.
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion, various buffer overflow, use-after-free error, memory leak and memory corruption. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited on suspicious Internet banking mobile application (Apps), which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.
Businesses and organisations are urged to strengthen their readiness against emerging cyber threats targeting networked embedded systems or the “Internet of Things” (IoTs), arising from the integrated use of disruptive technologies such as mobile and cloud computing, social networking and big data analytics.
Mobile apps owners and developers should apply transmission encryption (SSL), validate digital certificates and use certificate authentication technology to prevent hackers from stealing app users’ sensitive personal and transaction data, urged the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council (HKPC) and the Professional Information Security Association (PISA).
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public in Hong Kong to a suspected fraudulent website with the domain name http://www.kowloonglobal.com/. The website is operated by "KOWLOON GLOBAL”, which claims that it is regulated by the Hong Kong Monetary Authority.
2015-9-12
Subject Talks on New Era of IT: Analysis the internet traps and precaution
Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to exploit errors in parsing a malformed DNSSEC key or in performing a boundary check in openpgpkey_61.c that would trigger an assertion failure, causing BIND to exit.
The Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) took part in the Global Privacy Enforcement Network1 (GPEN) Privacy Sweep (the "Sweep") to examine websites and mobile applications (apps) used by youngsters. Results of the Sweep have raised concerns over the personal data collected, in particular how much personal data was collected and how it was then shared with third parties.
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by use-after-free error or add-on notification bypass through "data:" URL. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
The Hong Kong Monetary Authority wishes to alert members of the public to a fraudulent website with the domain name "http://bankofeastasia-uk.com". The website purports to be the official website of The Bank of East Asia, Limited (BEA) and contains a link to a fraudulent Internet banking login page "http://loginq.org/bankofeastasia-uk/login.php". BEA has clarified that it has no connection with the fraudulent website.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to an e-mail purporting to be sent from The Hongkong and Shanghai Banking Corporation Limited (HSBC). The e-mail requests customers to use an embedded hyperlink to connect to a fraudulent website (for example, "http://bluerio.sg/account.php" linking to "http://oscommerce.amdiantest.com/pub/hkkk/register.html", and "http://oscommerce.amdiantest.com/pub/hkkk/form.php") and provide their account information such as the Hong Kong Identity Card number and credit card information. HSBC has clarified that it has not sent these e-mails to its customers and has no connection with the fraudulent website.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to an e-mail purporting to be sent from Hang Seng Bank, Limited (HSB). The e-mail requests customers to use an embedded hyperlink to connect to a fraudulent website (for example, "paulettemarieb.com/wp-includes/error_log.php" and "dolbergdentistry.com/wp-admin/maint/maint/hgb/") and provide their personal information such as the Hong Kong Identity Card number and credit card information. HSB has clarified that it has not sent these e-mails to its customers and has no connection with the fraudulent website.
Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (July 2015) which could be remotely exploited without authentication.
Android was recently found to have Certifi-Gate and Stagefright vulnerabilities. A successful attack could lead to remote code execution and potentially take control of the vulnerable devices.
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, integer overflows when handling MPEG4 video and buffer overflows in the Libvpx library used for WebM video.
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion, various buffer overflow, use-after-free error and memory corruption.
Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused by a problem that allows violation of the same origin policy to read local files. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerability.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to an e-mail purporting to be sent from Hang Seng Bank, Limited (HSB). The e-mail requests customers to use an embedded hyperlink to connect to a fraudulent website (for example, "s-oh.sakura.ne.jp/okayama/index2.php" linking to "dev2.digisat.org/digisat_new", and "s-oh.sakura.ne.jp/dan-shinya/wp-includes/id3.php" linking to "www.gangesindia.com/icon/os/_tmp") and provide their personal information such as the Hong Kong Identity Card number and credit card information. HSB has clarified that it has not sent these e-mails to its customers and has no connection with the fraudulent website.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "www.bochkgroup.com". The website purports to be the official website of Bank of China (Hong Kong) Limited (BOCHK). BOCHK has clarified that it has no connection with the fraudulent website.
The Office of the Privacy Commissioner for Personal Data released today a revised Information Leaflet on "Protect Privacy by Smart Use of Smartphones" to help smartphone users minimise the personal data privacy risks associated with use of smartphones.
The Office of the Privacy Commissioner for Personal Data (PCPD) published a revised Information Leaflet on "Cloud Computing" to advise cloud users on privacy concerns, the importance to fully assess the benefits and risks of cloud services and the implications for safeguarding personal data privacy. This is an update of the publication PCPD issued more than two years ago to take account of the latest developments in the cloud market and the relevant data protection tools presently available.
A vulnerability is found in the Internet Systems Consortium (ISC) BIND software. A remote attacker could send a specially crafted packets to exploit an error in the handling of TKEY queries and trigger a REQUIRE assertion failure, causing BIND to exit. Access control lists or configuration options limiting or denying service cannot prevent the problem.
Multiple vulnerabilities are found in Android. A remote attacker could send a specially crafted Multimedia Messaging Service (MMS) message to targeted Android devices to exploit the vulnerabilities.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "bk.hkbetas.com". The website purports to be the official website of The Bank of East Asia, Limited (BEA). BEA has clarified that it has no connection with the fraudulent website.
A vulnerability is identified in Microsoft Windows that could be exploited to compromise an affected system. Due to an error when Windows Adobe Type Manager Library handles OpenType fonts, an attacker could exploit to take control of the system if a user opens a specially crafted document or visit a webpage that contains embedded OpenType fonts.
The Office of the Privacy Commissioner for Personal Data published "Guidance on Collection and Use of Biometric Data" to provide data users who intend to collect biometric data with practical guidance on complying with the requirements under the Personal Data (Privacy) Ordinance
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by memory corruption, various buffer overflow, null-pointer dereference, use-after-free error and security bypass. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file, web page, Flash file, or document that supports embedded Flash content.
By exploiting the vulnerability in the OpenSSL library, an attacker could bypass certain checks on certificates, such as the Certificate Authority (CA) flag check, enabling a certificate issued by a valid leaf certificate to be wrongly verified as issued by the valid CA.
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, heap buffer overflow, type confusion or use-after-free error. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, uses of uninitialised memory, poor validation, read of not owned memory in zip files and buffer overflows. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
Multiple vulnerabilities are found in Apple QuickTime. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially crafted media file.
Apple has released software update fixing 33 vulnerabilities in iOS versions prior to iOS 8.4. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could intercept SSL/TLS connections and perform man-in-the-middle (MITM) attacks (also known as Logjam attack). The attacker could also entice a user to open a specially crafted font file, PDF file, TIFF file, SMS or web page to exploit the vulnerabilities.
Security updates are released for Adobe Flash Player to address a vulnerability caused by heap buffer overflow. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
The Office of the Communications Authority (OFCA) has welcomed the court order granted by the Eastern Magistrates' Courts yesterday (June 15) directing the sole proprietor of a company operating a tutor referral business and a related person to provide information on the sending of unsolicited short messages via the WhatsApp Messenger platform which is suspected to have contravened the Unsolicited Electronic Messages Ordinance (Cap. 593) (UEMO).
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "http://www.groupbochk.com". The website purports to be the official website of Bank of China (Hong Kong) Limited (BOCHK). BOCHK has clarified that it has no connection with the fraudulent website.
Multiple vulnerabilities are found in the OpenSSL library. A remote attacker could downgrade a vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography and perform man-in-the-middle attack (known as Logjam attack). A remote attacker could also launch denial of service attack by sending specially crafted public keys, certificate requests, certificates, PKCS#7 data or signedData messages to an affected system.
Multiple vulnerabilities are found in IBM Lotus Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (April 2015) which could be remotely exploited without authentication.
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption/leak, stack/integer overflow, use-after-free or security restrictions bypass issues. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
Hong Kong Research Study finds Hong Kong organisations have made significant strides in embracing data protection as part of their corporate governance responsibilities, shifting from compliance to accountability.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "www.hangsengonline.com". The website purports to be the official website of Hang Seng Bank, Limited (HSB). HSB has clarified that it has no connection with the fraudulent website.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "new.positio.pl/tmp/HKSBC". The website purports to be the official website of The Hongkong and Shanghai Banking Corporation Limited (HSBC). HSBC has clarified that it has no connection with the fraudulent website.
The Office of the Government Chief Information Officer (OGCIO) today (May 14) alerted members of the public to a fraudulent email purporting to be issued by OGCIO from its email account, enquiry@ogcio.gov.hk. The email contains a hyperlink which might trick recipients into downloading malicious software.
Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by memory corruption, heap overflow, use-after-free or security bypass issues. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, PDF file, or document that supports embedded Flash content.
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow during rendering SVG format graphics or parsing compressed XML content, an out-of-bounds read and write in asm.js during JavaScript validation, and a use-after-free flaw during text processing with vertical text enabled. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
IBM has issued a security bulletin to address two image parsing buffer overflow vulnerabilities in IBM Domino and one cross-site scripting vulnerability in the IBM Dojo Toolkit in IBM Notes, iNotes and Domino. A remote attacker could exploit these vulnerabilities by enticing a user to visit a specially crafted URL to execute scripts or sending a specially crafted bitmap (.BMP) image to the vulnerable Domino SMTP server.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "www.hangsbl.com". The website purports to be the official website of Hang Seng Bank, Limited (HSB). HSB has clarified that it has no connection with the fraudulent website.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "http://www.dahsingbankonline.com". The website purports to be the official website of Dah Sing Bank, Limited (DSB). DSB has clarified that it has no connection with the fraudulent website.
Mozilla has published a security advisory to address a vulnerability found in Firefox. The vulnerability is caused by memory corruption during failed plugin initialization. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerability.
Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
IBM has issued a security bulletin to address a vulnerability caused by a problem in processing GIF files in Domino. A remote attacker could send Internet email with specially crafted GIF files to an affected system to exploit the vulnerability without authentication.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to an e-mail purporting to be sent from Hang Seng Bank, Limited (HSB). The e-mail requests customers to use an embedded hyperlink to connect to a fraudulent website (for example, "http://www.sugra.com/hang/ssl-banking/en/index2.html", "http://www.apptics.com/wp-content/hk/" and "http://www.svc.cat/dd/") and provide their account information such as the Internet banking logon user name and password. HSB has clarified that it has not sent these e-mails to its customers and has no connection with the fraudulent website.
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities that could be exploited to cause arbitrary code execution, security restrictions bypass, or information disclosure.
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
Apple has released software updates fixing 58 vulnerabilities in iOS versions prior to iOS 8.3. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could entice a user to open a specially crafted web page, font file, configuration profile or iWork file, or install a malicious application to exploit the vulnerabilities. A local attacker could also connect the affected systems with a malicious external device to execute arbitrary code or access protected information of the affected systems.
Cisco has released security advisories fixing a number of vulnerabilities in Cisco security appliances, virtual appliances and services modules as listed below.
IBM has published a security bulletin to address a vulnerability related to Factoring Attack on RSA-EXPORT Keys (FREAK) problem in TLS/SSL used in IBM Java in Notes and Domino. It allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use weaker or "export-grade" cryptography, which can be easily decrypted to steal or manipulate sensitive data.
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by a flaw in Reader mode on Firefox for Android to bypass restrictions and load privileged content, and a flaw in the HTTP Alternative Service implementation to bypass SSL certificate verification to launch man-in-the-middle attacks. A remote attacker could entice a user to open a web page in a specially configured server or with specially crafted content to exploit the vulnerabilities.
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, a use-after-free flaw in handling certain MP3 files by Fluendo MP3 plugin, memory corruption during 2D graphics rendering and type confusion flaws. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
2015-3-12 to
2015-3-31
Hong Kong Software Quality Assurance (HKSQA) Conference 2015 and Workshop
Organised by Hong Kong Software Testing and Certification Centre
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to an e-mail purporting to be sent from Bank of China (Hong Kong) Limited (BOCHK). The e-mail requests customers to use an embedded hyperlink to connect to a fraudulent website (for example, "http://naszefokusownie.pl/wp-content/bochk/hong/index2.html") and provide their account information such as the Internet banking logon user name and password. BOCHK has clarified that it has not sent these e-mails to its customers and has no connection with the fraudulent website.
The Office of the Government Chief Information Officer, in collaboration with the local information and communications technology (ICT) industry, will stage International IT Fest 2015 from April 9 to 24. It will feature a variety of events that showcase Hong Kong's vibrant developments and achievements in the ICT sector.
Mr Gregory SO Kam-leung, GBS, JP, Secretary for Commerce and Economic Development recommends "Cyber Security Information Portal" (www.cybersecurity.hk) that launched in January 2015.
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to an e-mail purporting to be sent from Bank of China (Hong Kong) Limited (BOCHK). The e-mail requests customers to use an embedded hyperlink to connect to a fraudulent website (for example, "bakc.org.kh/its1s/boconlines2ssl/login/index.html" and "www.bakc.org.kh/km/its1s/boconlines2ssl/login/index.html") and provide their account information such as the Internet banking logon user name and password. BOCHK has clarified that it has not sent these e-mails to its customers and has no connection with the fraudulent websites.
Organised by Office of the Privacy Commissioner for Personal Data / Internet Professional Association - OSP Alliance / Information Systems Audit and Control Association, China Hong Kong Chapter / Hong Kong Public Libraries of LCSD
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a suspected fraudulent website with the domain name "http://hkdse.hkma.org.hk/sluvu/index.htm". The website purports to be the official website of The Hongkong and Shanghai Banking Corporation Limited (HSBC). HSBC has clarified that it has no connection with the suspected fraudulent website.
Organised by Office of the Privacy Commissioner for Personal Data / Internet Professional Association - OSP Alliance / Hong Kong Public Libraries of LCSD
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a suspected fraudulent website with the domain name "www.hkicgroup.com". The website is operated by an alleged "HKIC Group", which claims that it is regulated by the HKMA. The public should be aware that the alleged "HKIC Group" is not authorised under the Banking Ordinance to carry on banking business or the business of taking deposits in Hong Kong, nor does it have the approval to establish a local representative office. The HKMA has referred the case to the Hong Kong Police Force for further investigation.
Organised by Office of the Privacy Commissioner for Personal Data / Internet Professional Association - OSP Alliance / Information Systems Audit and Control Association, China Hong Kong Chapter / Hong Kong Public Libraries of LCSD
Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "http://citinternationalservices.com/e/sb/account/sainsburyAUTH.php". The website purports to be the official websites of China Citic Bank International Limited (CNCBI) and Citibank (Hong Kong) Limited (CBHK). CNCBI and CBHK have clarified that they have no connection with the fraudulent website.
Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
Information security experts at the Hong Kong Productivity Council (HKPC) today (12 January 2015) urged enterprises and Internet users to strengthen their vigilance against an anticipated surge in large-scale and intensive attacks targeting mobile and Internet devices, and servers.
Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a fraudulent website with the domain name "http://hsplbk.com/bank.hangseng.com/1/2/personal/private-banking/private-banking.html". The website purports to be the official website of Hang Seng Bank, Limited (HSB). HSB has clarified that it has no connection with the fraudulent website.
