InfoSec: Search by News & Events

2016-8-9 to

2017-1-6

Cyber Security Professionals Awards 2016

Organised by Hong Kong Police Force (HKPF) / Office of the Government Chief Information Officer (OGCIO) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2016-12-30

Cyber Smart Advice: End-to-End Encryption Secures your Privacy in Instant Messaging Applications (Chinese only)

Please refer to Chinese version

2016-12-28

GovCERT.HK - Security Alert (A16-12-07): Vulnerability in PHPMailer

A vulnerability is found in the PHPMailer plugin that could lead to remote arbitrary code execution.

2016-12-23

Cyber Smart Advice: Beware of Security Risks for Online Shop Owners (Chinese only)

Please refer to Chinese version

2016-12-21

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2016-12-16

HKCERT – Security Blog: Another Yahoo Data Breach

Yahoo confirmed a data breach happened in August 2013, one billion user accounts were affected.

2016-12-16

Cyber Smart Advice: Mutated Trojan Virus Lures for Selfies to Steal Data (Chinese only)

Please refer to Chinese version

2016-12-15

GovCERT.HK - Security Alert (A16-12-06): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 12 vulnerabilities in iOS versions prior to iOS 10.2.

2016-12-15

GovCERT.HK - Security Alert (A16-12-05): Multiple Vulnerabilities in IBM Notes

Multiple vulnerabilities are found in IBM Lotus Notes related to Apache Struts and Taglibs.

2016-12-14

LCQ19: Information security in Hong Kong

Following is a question by the Hon Charles Peter Mok and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (December 14)…

2016-12-14

GovCERT.HK - Security Alert (A16-12-04): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2016-12-14

GovCERT.HK - Security Alert (A16-12-03): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by buffer overflow, memory corruption, security restriction bypass and use-after-free errors.

2016-12-14

GovCERT.HK - Security Alert (A16-12-02): Multiple Vulnerabilities in Microsoft Products

Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-12-14

Phishing Attack - Suspicious Internet banking mobile application related to Public Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited on suspicious Apps, which has been reported to the HKMA.

2016-12-9

Cyber Smart Advice: Verify Promotional Messages and Beware of Phishing Traps (Chinese only)

Please refer to Chinese version

2016-12-7

Hacking an ATM For Cash - ATM Company Visit and Cases Sharing

Organised by Professional Information Security Association

2016-12-7

LCQ8: Cyber security

Following is a question by the Hon Martin Liao and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (December 7).

2016-12-2

Cyber Smart Advice: Security Risk found in Karaoke Microphone App (Chinese only)

Please refer to Chinese version

2016-12-2

HKCERT – Security Blog: Be aware of "Ghost Push" Mobile Malware

HKCERT is aware that a security vendor disclosed a malware campaign called Gooligan, which is a variant of “Ghost Push” mobile malware discovered in 2015. Cybercriminals made use of Ghost Push to download other mobile apps in the infected device for monetisation.

2016-12-2

HKCERT – Security Blog: HK Victims Reported in Global Takedown of "Avalanche" Cybercrime Hosting Platform

A joint operation to take down the “Avalanche” cybercrime hosting platform was led by Europol, and conducted with law enforcement, judiciaries, and security researchers from more than 30 countries. there are around 350 IP addresses affected, and more than 50 ISP are involved in Hong Kong. We will notify the corresponding ISP to contact their affected clients in coming week.

2016-12-1

GovCERT.HK - Security Alert (A16-12-01): Vulnerability in Firefox

Mozilla has published a security advisory to address a vulnerability found in Firefox.

2016-11-29

HKCERT – Security Blog: SME Free Web Security Health Check Pilot Scheme (2016) Final Report

HKCERT launched "SME Free Web Security Health Check Pilot Scheme" in Jan 2016. 35 companies joined the scheme, and 30 of them had gone through the scanning. A survey was conducted on the profile of the participants of the scheme.

2016-11-29

GovCERT.HK - Security Alert (A16-11-06): Vulnerability in Firefox

Mozilla has published a security advisory to address a vulnerability found in Firefox.

2016-11-29

Phishing Attack - Suspicious Internet banking mobile application (Apps) related to Public Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited on suspicious Apps, which has been reported to the HKMA.

2016-11-26

Stay Informed in Mobile Era – Public Seminar

Organised by Communications Authority

2016-11-25

Build a Secure Cyberspace 2016 – “Protect Data, Secure Transaction” Seminar

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2016-11-25

Cyber Smart Advice: New Trojan and Computer Viruses can Spread Actively (Chinese only)

Please refer to Chinese version

2016-11-24

CPD Seminar - Privacy law compliance in the big data era

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-11-23

HKCERT – Security Blog: 3 billion phone numbers with identities exposed by "Caller Blocking" apps

An investigation found that three mobile apps with the “Caller Blocking” feature are collecting and integrating users’ phone address books into a publicly available database, which contains around 3 billion phone numbers with identities

2016-11-23

Phishing Attack - Suspicious Internet banking mobile application (Apps) related to Public Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited on suspicious Apps, which has been reported to the HKMA.

2016-11-21

Privacy Commissioner Follows Up on Personal Data Protection Concerns Regarding the Collection and Integration of User's Personal Data by Three Smartphone Apps with "Caller Blocking" Feature

Privacy Commissioner Follows Up on Privacy Concerns Over the Collection and Integration of User's Personal Data by Three Mobile Apps with "Call-Blocking" Function (21 November 2016) In relation to the three smartphone apps with the “call blocking” function that are suspected of collecting and integrating users’ phone books into a database for public access.

2016-11-21

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2016-11-20

Privacy Commissioner's Response to Personal Data Protection Concerns Regarding to the Collection and Integration of User's Personal Data by Three Smartphone Apps with "Caller Blocking" Feature

Please refer to Chinese version

2016-11-18

Cyber Smart Advice – Update your Android device to patch the security loophole (Chinese only)

Please refer to Chinese version

2016-11-17

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2016-11-16

GovCERT.HK - Security Alert (A16-11-05): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2016-11-14

Phishing Attack - Fraudulent website related to Fubon Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2016-11-11

Cyber Smart Advice - Pay Attention to the Online Shopping Security (Chinese Only)

Please refer to Chinese version

2016-11-10

CSA HKM Knowledge Sharing Event - November 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2016-11-9

GovCERT.HK - Security Alert (A16-11-04): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by type confusion and use-after-free errors.

2016-11-9

GovCERT.HK - Security Alert (A16-11-03): Multiple Vulnerabilities in Microsoft Products (November 2016)

Microsoft has released 14 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that the vulnerabilities mentioned in MS16-132 and MS16-135 are being exploited in wild. In addition, there are scattered exploits observed against the vulnerabilities mentioned in MS16-129 and MS16-142.

2016-11-4

Technical Sharing from the Blackhat US 2016 (4-Nov-2016)

Organised by Professional Information Security Association

2016-11-4

Cyber Smart Advice - Double Check Before Transaction to Avoid Email Scams

Please refer to Chinese version

2016-11-2

GovCERT.HK - Security Alert (A16-11-02): Vulnerability in Microsoft Windows

A vulnerability was identified in Microsoft Windows Kernel. A local user can obtain elevated privileges on the target system when invoking a specially crafted system call.

2016-11-2

GovCERT.HK - Security Alert (A16-11-01): Vulnerability in ISC BIND

A vulnerability was found in the ISC BIND software. Both authoritative and recursive name servers are affected.

2016-11-2

Phishing Attack - Fraudulent website related to Citibank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Citibank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2016-10-28

Cyber Smart Advice: Enforce the 3-2-1 Data Backup Principle to Ensure Data Safety (Chinese only)

Please refer to Chinese version

2016-10-27

GovCERT.HK - Security Alert (A16-10-11): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 14 vulnerabilities caused by various iOS components in iOS versions prior to iOS 10.1.

2016-10-27

GovCERT.HK - Security Alert (A16-10-10): Vulnerability in Adobe Flash Player

Security update is released for Adobe Flash Player to address a vulnerability caused by use-after-free error.

2016-10-27

Phishing Attack - Fraudulent website related to Fubon Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2016-10-25

Phishing Attack - Fraudulent website related to Corporate Finance (D.T.C.) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Corporate Finance (D.T.C.) Limited on fraudulent website, which has been reported to the HKMA.

2016-10-24

HK One Day Workshop - Auditing Business Continuity Management

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-10-24

HKCERT - Large websites attacked by massive DDoS from Internet-enabled devices (IoT devices)

At the last weekend (21 Oct) many large websites such as Twitter, PayPal, Amazon etc. could not be accessed due to their DNS provider Dyn being attacked.

2016-10-24

GovCERT.HK - Security Alert (A16-10-09): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2016-10-24

GovCERT.HK - Security Alert (A16-10-08): Vulnerability in Linux Kernel

A local privilege escalation vulnerability is found in the Linux kernel 2.6.22 or later.

2016-10-24

GovCERT.HK - Security Alert (A16-10-07): Vulnerability in ISC BIND

A vulnerability was found in the ISC BIND software released before May 2013 and in third-party versions that do not include fix number 3548.

2016-10-22

Stay Informed in Mobile Era Public Seminar

Organised by Communications Authority

2016-10-21

Cyber Smart Advice: Network Devices Leak Data and Abused by Hackers (Chinese only)

Please refer to Chinese version

2016-10-20

CPD Seminar - ISO27001:2013 Information Security Management System – Overview

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-10-20

GovCERT.HK - Security Alert (A16-10-06): Vulnerability in Apache Struts

A vulnerability is found in the Convention plugin of Apache Struts that could allow path traversal and arbitrary code execution.

2016-10-20

GovCERT.HK - Security Alert (A16-10-05): Multiple Vulnerabilities in Cisco Products

Cisco has released three security advisories fixing a number of vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower System Software.

2016-10-20

Phishing Attack - Suspicious Internet banking login screen related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on suspicious Internet banking login screen, which has been reported to the HKMA.

2016-10-19

GovCERT.HK - Security Alert (A16-10-04): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2016)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2016-10-17

Phishing Attack - Suspicious Internet banking mobile application related to Chong Hing Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited about suspicious Internet banking mobile application (Apps), which has been reported to the HKMA.

2016-10-17

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2016-10-14

Cyber Smart Advice - Multiple layers of measures to ensure your password not easy to guess (Chinese only)

Please refer to Chinese version

2016-10-12

GovCERT.HK - Security Alert (A16-10-03): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by heap buffer overflow, integer overflow, use-after-free error, security bypass, memory corruption, and type confusion.

2016-10-12

GovCERT.HK - Security Alert (A16-10-02): Multiple Vulnerabilities in Microsoft Products (October 2016)

Microsoft has released 10 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-10-7

Cyber Smart Advice - Beware of domain shadowing attack (Chinese only)

Please refer to Chinese version

2016-10-6

GovCERT.HK - Security Alert (A16-10-01): Multiple Vulnerabilities in Cisco Products

Cisco has released five security advisories fixing a number of vulnerabilities in Cisco NX-OS Software.

2016-10-3

Phishing Attack - Phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on phishing email, which has been reported to the HKMA

2016-9-30

Cyber Smart Advice - Commercialisation of ransomware and stay vigilant of the suspicious emails (Chinese only)

Please refer to Chinese version

2016-9-30

GovCERT.HK - Security Alert (A16-09-09): Multiple Vulnerabilities in Cisco Products (September 2016)

Cisco has released 10 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software.

2016-9-12 to

2016-9-29

Information Security Summit 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) / Hong Kong Computer Society / Hong Kong Information Technology Federation / Hong Kong Productivity Council / Information Security and Forensics Society / Information Systems Audit and Control Association / ISC2 / ISOC Hong Kong / Professional Information Security Association

2016-9-28

GovCERT.HK - Security Alert (A16-09-08): Vulnerability in ISC BIND

A vulnerability was found in the ISC BIND software. All name servers are vulnerable if they can receive request packets from any source.

2016-9-26

Cyber Smart Advice - Low-cost wireless keyboard may not protect data privacy (Chinese only)

Please refer to Chinese version

2016-9-23

Cyber Security Seminar – "Protect Your Precious Assets in Cyberspace"

Organised by Office of the Government Chief Information Officer (OGCIO)

2016-9-23

Government seminar promotes cyber security

The Office of the Government Chief Information Officer held the Cyber Security Seminar today (September 23) to share with the public the emerging cyber security threats and the associated risk mitigation measures.

2016-9-23

GovCERT.HK - Security Alert (A16-09-07): Multiple vulnerabilities in OpenSSL

Multiple vulnerabilities are found in the OpenSSL library. Any servers running the affected OpenSSL versions with a default configuration are vulnerable. However, those builds using the "no-ocsp" build time option are not vulnerable.

2016-9-23

GovCERT.HK - Security Alert (A16-09-06): Multiple vulnerabilities in Apple iTunes for Windows

Apple has released software update fixing eleven vulnerabilities in iTunes for Windows prior to version 12.5.1.

2016-9-21

GovCERT.HK - Security Alert (A16-09-05): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2016-9-21

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA.

2016-9-21

Phishing Attack - Fraudulent website related to Shanghai Commercial Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Shanghai Commercial Bank Limited on fraudulent website, which has been reported to the HKMA.

2016-9-20

GovCERT.HK - Security Alert (A16-09-04): Vulnerability in Cisco Products

A vulnerability was identified in IKEv1 packet processing code on Cisco IOS, IOS XE and IOS XR Software.

2016-9-19

GovCERT.HK - Security Alert (A16-09-03): Multiple vulnerabilities in IBM Notes

Multiple vulnerabilities are found in IBM Lotus Notes related to Apache Xerces-C XML Parser library.

2016-9-16

Cyber Smart Advice - Users may be easily hacked by tailor-made cyber attacks

Please refer to Chinese version

2016-9-15

Phishing Attack - Suspicious Internet banking mobile application related to Chong Hing Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited on suspicious Internet banking mobile application (Apps), which has been reported to the HKMA.

2016-9-14

SME's Cloud Security Forum

Organised by Office of the Government Chief Information Officer (OGCIO) / Support and Consultation Centre for SMEs (SUCCESS) of the Trade and Industry Department

2016-9-14

GovCERT.HK - Security Alert (A16-09-02): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by integer overflow, use-after-free error, security bypass and memory corruption.

2016-9-14

GovCERT.HK - Security Alert (A16-09-01): Multiple Vulnerabilities in Microsoft Products (September 2016)

Microsoft has released 14 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-9-13

Symposium: Challenges to Cyber Resilience for Internet Infrastructure Providers (IIP)

Organised by Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2016-9-12

HKPC Calls for Strengthened Security in Websites and Networked Industrial Systems

Businesses and industries are urged to strengthen the security of their websites and networked industrial systems amid the prevalence of organised attacks.

2016-9-9

Cyber Smart Advice - The number of phishing web site reaches new high, stay vigilant when surfing the Internet

Please refer to Chinese version

2016-9-9

Phishing Attack - issued by Inland Revenue Department

The Inland Revenue Department alerted members of the public to a fraudulent email purportedly issued by the department from the email account "voicemail@ird.gov.hk". Attached to the email is a Zip file, which may contain a computer virus.

2016-9-8

CSA HKM Knowledge Sharing Event - September 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2016-9-2

SecureHongKong 2016

Organised by ISC2 / ISOC Hong Kong / Professional Information Security Association / Cloud Security Alliance Hong Kong & Macau Chapter / Hong Kong Cyberport Management Company Limited

2016-9-2

Cyber Smart Advice – New mobile ransomware infecting device with no trace

Please refer to Chinese version

2016-8-31

Privacy Commissioner Issues “BYOD (Bring Your Own Device)” Information Leaflet

Privacy Commissioner for Personal Data, Hong Kong today issued the “BYOD (Bring Your Own Device)” Information Leaflet to highlight the personal data privacy risks that an organisation needs to be aware of when it develops a BYOD policy.

2016-8-30

GovCERT.HK - Security Alert (A16-08-08): Multiple Vulnerabilities in IBM Notes and Domino

Multiple vulnerabilities are found in IBM Notes and Domino.

2016-8-26

GovCERT.HK - Security Alert (A16-08-07): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing three vulnerabilities in iOS versions prior to iOS 9.3.5.

2016-8-26

Cyber Smart Advice – Beware of ransomware and avoid download apps indiscriminately (Chinese only)

Please refer to Chinese version

2016-8-24

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA.

2016-8-22

GovCERT.HK - Security Alert (A16-08-06): Multiple Vulnerabilities in Cisco Products (August 2016)

Cisco has released three security advisories fixing a number of vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Management Center.

2016-8-19

Web Security Starts from Health Check Seminar

Organised by Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2016-8-19

Cyber Smart Advice: Android vulnerabilities were fixed, install updates once available (Chinese only)

Please refer to Chinese version

2016-8-18

Security Implications of Software Defined Networking (SDN) Seminar

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-8-18

GovCERT.HK - Security Alert (A16-08-05): Multiple vulnerabilities in IBM Notes

IBM has published few security bulletins to address multiple vulnerabilities related to Pixman library, XStream, and IBM Java SDK used in Notes.

2016-8-17

Phishing Attack - Suspicious Internet banking login screen related to Bank of China (Hong Kong) Limited

2016-8-16

CISA and CISM Briefing Seminar

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-8-16

Privacy Commissioner Expresses Concern on the Featuring Images Captured from Unsecure Webcams in Hong Kong Used in a UK Art Exhibition (Chinese Version Only)

Please refer to Chinese version

2016-8-16

GovCERT.HK - Security Alert (A16-08-04): Vulnerability in Apple iOS

Apple has released software update fixing a vulnerability in iOS versions prior to iOS 9.3.4.

2016-8-13

Public Awareness Seminar on WiFi Security 2016

Organised by Professional Information Security Association

2016-8-12

Cyber Smart Advice: Use digital wallet smartly (Chinese only)

Please refer to Chinese version

2016-8-11

Suspicious Internet banking mobile application (Apps) related to Fubon Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited on suspicious Internet banking mobile application (Apps), which has been reported to the HKMA.

2016-8-11

Fraudulent website related to BNP Paribas

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by BNP Paribas on fraudulent website, which has been reported to the HKMA

2016-8-11 to

2016-8-10

Cybersecurity Fundamentals Workshop

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-8-10

GovCERT.HK - Security Alert (A16-08-03): Multiple Vulnerabilities in Microsoft Products (August 2016)

Microsoft has released 9 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-8-9

GovCERT.HK - Security Alert (A16-08-02): Multiple Vulnerabilities in Android

Multiple vulnerabilities are found in Android devices built on Qualcomm chipsets called "QuadRooter".

2016-8-6

Open Discussion on "Professional Development Programme for Cybersecurity Practitioners to Enhance the Cyber Resilience of Banks"

Organised by ISC2 / Information Security and Forensics Society / ISOC Hong Kong / OWASP HK Chapter / Professional Information Security Association / VX Research Limited

2016-8-5

Cyber Smart Advice: Download mobile games from unofficial sources may lead to data leakage (Chinese only)

Please refer to Chinese version

2016-8-4

CSA HKM Knowledge Sharing Event – August 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2016-8-4

Phishing Attack - Fraudulent email purportedly issued by Inland Revenue Department

The Inland Revenue Department today (August 4) alerted members of the public to a fraudulent email purportedly issued by the department from the email account "return@ird12.gov.hk". The email provides a hyperlink to an unknown website. Attached to the email is a document file, which may contain computer virus.

2016-8-3

GovCERT.HK - Security Alert (A16-08-01): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2016-8-1

PCPD - Cyber-bullying (tracking down personal data) May Violate the Privacy Ordinance

The Privacy Commissioner for Personal Data, Hong Kong, Mr Stephen Kai-yi WONG, called for Internet users to respect others’ privacy rights to avoid contravening the relevant offences set out in the Personal Data Ordinance

2016-1-11 to

2016-7-31

SME Free Web Security Health Check Pilot Scheme

Organised by Hong Kong Productivity Council / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2016-4-20 to

2016-7-29

Build a Secure Cyberspace 2016 - "Protect Data, Secure Transaction" Mascot Design Contest

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2016-7-29

PCPD Alerts App Players to Stay Smart for Protecting Personal Data (Chinese version Only)

Please refer to the Chinese version

2016-7-29

Cyber Smart Advice: 3 areas SMEs should plan for web security (Chinese only)

Please refer to Chinese version

2016-7-29

Phishing Attack - Phishing Attack: Fraudulent website related to Fubon Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2016-7-29

Phishing Attack - Phishing Attack: Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2016-7-27

GovCERT.HK - Security Alert (A16-07-04): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 43 vulnerabilities in iOS versions prior to iOS 9.3.3. These vulnerabilities are caused by problems in various iOS components.

2016-7-25

Phishing Attack - Phishing Attack: Fraudulent website related to Corporate Finance (D.T.C.) Limited

2016-7-22

Cyber Smart Advice: Safeguard your websites and do not underestimate their values (Chinese only)

Please refer to Chinese version

2016-7-21

GovCERT.HK - Security Alert (A16-07-03): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2016)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2016-7-20

Phishing Attack - Phishing Attack: Fraudulent website related to BNP Paribas

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by BNP Paribas about a fraudulent website, which has been reported to the HKMA.

2016-7-20

ASTRI and Hong Kong Police Jointly Set Up Cyber Range Laboratory To Train Experts to Tackle Increasing Threats of Cyber Attacks

Hong Kong’s first Cyber Range Laboratory was launched today to raise the technical readiness of law enforcement and other major institutions against fast-increasing malicious cyber attacks on critical systems in the territory.

2016-7-15

Cyber Smart Advice: Ransomware found hosting at compromised web sites (Chinese only)

Please refer to Chinese version

2016-7-14

CSA Knowledge Sharing Event – July 2016

Organised by Cloud Security Alliance

2016-7-13

GovCERT.HK - Security Alert (A16-07-02): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.

2016-7-13

GovCERT.HK - Security Alert (A16-07-01): Multiple Vulnerabilities in Microsoft Products (July 2016)

Microsoft has released 11 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-5-8 to

2016-7-9

Cyber Security Competition 2016

Organised by Hong Kong Police Force (HKPF) / University of Hong Kong

2016-7-8

Cyber Smart Advice: Credentials of Hacked Servers Traded in Underground Marketplace (Chinese only)

Please refer to Chinese version

2016-7-5

Fraudulent website related to The Bank of East Asia, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited on fraudulent website, which has been reported to the HKMA.

2016-6-30

GovCERT.HK - Security Alert (A16-06-04): Multiple Vulnerabilities in Symantec Products

Symantec has published security advisories to address multiple vulnerabilities which affect several Symantec products.

2016-6-28

The 17th Info-Security Conference 2016

Organised by e21Eventnna Company Limited

2016-6-28

Security Seminar on Security Operation Center (SOC) 3.0 and Cyber Threats

Organised by Professional Information Security Association

2016-6-22

LCQ15: Leakage of personal data

Following is a question by the Hon Chan Kin-por and a written reply by the Acting Secretary for Constitutional and Mainland Affairs, Mr Ronald Chan, in the Legislative Council on 22-Jun-2016

2016-6-20

Cyber Smart Advice: New ransomware spread through compromised Websites (Chinese only)

Please refer to Chinese version

2016-6-17

GovCERT.HK - Security Alert (A16-06-03): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities. It is reported that the vulnerability CVE-2016-4171 is being actively exploited in targeted attacks.

2016-6-15

Cyber Smart Advice: Software developer should protect their code signing certificates (Chinese only)

Please refer to Chinese version

2016-6-15

GovCERT.HK - Security Alert (A16-06-02): Multiple Vulnerabilities in Microsoft Products (June 2016)

Microsoft has released 16 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-6-13

Phishing Attack - Fraudulent website related to Dah Sing Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Dah Sing Bank, Limited on fraudulent website, which has been reported to the HKMA.

2016-6-11

Subject Talks on "New Era of IT" 2016 - Trends in E-payments

Organised by Hong Kong Public Libraries of LCSD

2016-6-10

Smart-Talk & Happy Hour: Cyber Security for Startups and Fintech Businesses

Organised by Hong Kong Cyberport Management Company Limited

2016-6-8

GovCERT.HK - Security Alert (A16-06-01): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, memory corruption, buffer overflow, use-after-free error and Mozilla Windows updater could be used to overwrite arbitrary files.

2016-6-3

Cyber Smart Advice: Security Risks of Exploit Kit Attacks (Chinese only)

Please refer to Chinese version

2016-6-3

CryptXXX Ransomware Encrypts Victim Data

A new variant of ransomware known as CryptXXX has been spreading quickly through compromised websites. HKCERT has received several CryptXXX infection reports from victims since mid-May 2016.

2016-5-31

"Protecting Data from Ransomware Attacks" Seminar

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2016-5-30

Cyber Security Conference 2016 cum Formation of Cyber Security Alliance

Organised by Hong Kong Information Technology Federation

2016-5-27

Cyber Smart Advice: Defend Against Malware Hosting (Chinese only)

Please refer to Chinese version

2016-5-25

GovCERT.HK - Security Alert (A16-05-05): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 39 vulnerabilities in iOS versions prior to iOS 9.3.2. These vulnerabilities are caused by problems in various iOS components.

2016-5-24

ISACA HK CPD Seminar - Smart City Security: Building for the future

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-5-23

Phishing Attack - Phishing email related to Standard Chartered Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Standard Chartered Bank (Hong Kong) Limited on phishing email, which has been reported to the HKMA.

2016-5-23

Fraudulent website related to Dah Sing Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Dah Sing Bank, Limited on fraudulent website, which has been reported to the HKMA.

2016-5-21

PISA Security Jam 2016

Organised by Professional Information Security Association

2016-5-20

Cyber Smart Advice: Advanced Security Settings for Instant Messaging Application (Chinese only)

Please refer to Chinese version

2016-5-18 to

2016-5-19

CSA Summit in Cloud Expo Asia 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2016-5-16 to

2016-5-18

Cyber Security Summit 2016

Organised by Hong Kong Police Force (HKPF) / Hong Kong Applied Science and Technology Research Institute Company Limited

2016-5-18

Launch of Cybersecurity Fortification Initiative by HKMA at Cyber Security Summit 2016

To further enhance the cyber resilience of the banking sector in Hong Kong, the Hong Kong Monetary Authority (HKMA) announced today (May 18) the launch of a "Cybersecurity Fortification Initiative" (CFI) at the Cyber Security Summit 2016 (the summit), in which the HKMA also serves as the programme advisor for this prestigious event.

2016-5-18

Suspicious Internet banking mobile application related to Public Bank (Hong Kong)

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Public Bank (Hong Kong) Limited on suspicious Internet banking mobile application (Apps), which has been reported to the HKMA.

2016-5-13

Cyber Smart Advice: Defend against Bedep Malware (Chinese only)

Please refer to Chinese version

2016-5-13

GovCERT.HK - Security Alert (A16-05-04): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Acrobat/Reader to address multiple vulnerabilities. It is reported that the vulnerability CVE-2016-4117 is being actively exploited.

2016-5-11

GovCERT.HK - Security Alert (A16-05-03): Multiple Vulnerabilities in Adobe Acrobat/Reader

Security updates are released for Adobe Acrobat/Reader to address multiple vulnerabilities.

2016-5-11

GovCERT.HK - Security Alert (A16-05-02): Multiple Vulnerabilities in Microsoft Products (May 2016)

Microsoft has released 16 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components

2016-5-6

Cyber Smart Advice: 5 security tips to safeguard your ebanking accounts (Chinese only)

Please refer to Chinese version

2016-5-5

CSA Knowledge Sharing Event – May 2016

Organised by Cloud Security Alliance

2016-5-4

GovCERT.HK - Security Alert (A16-05-01): Multiple Vulnerabilities in OpenSSL

Multiple vulnerabilities are found in the OpenSSL library. The vulnerabilities are caused by padding oracle weakness, and memory corruption when applications parse and re-encode X.509 certificates, or verify RSA signatures on X.509 certificates.

2016-5-3

Phishing Attack - Fraudulent website related to Corporate Finance (D.T.C.) Limited

2016-4-29

Cyber Smart Advice: Tips for setting up your websites with encryption technology (Chinese only)

Please refer to Chinese version

2016-4-28

Phishing Attack - Phishing email related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on phishing e-mail, which has been reported to the HKMA.

2016-4-28

GovCERT.HK - Security Alert (A16-04-06): Vulnerability in Apache Struts

A vulnerability is found in Apache Struts that could allow remote code execution. A remote attacker could exploit the vulnerability by passing a malicious expression to execute arbitrary code on the target server when Dynamic Method Invocation (DMI) is enabled.

2016-4-27

GovCERT.HK - Security Alert (A16-04-05): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2016-4-22

Cyber Smart Advice: "Check-Remedy-Verify" approach to patch SSL vulnerability (Chinese only)

Please refer to Chinese version

2016-4-21

Mobile App Development Forum on Privacy and Security

Organised by Office of the Privacy Commissioner for Personal Data

2016-4-20

GovCERT.HK - Security Alert (A16-04-04): Multiple Vulnerabilities in Oracle Java and Oracle Products (April 2016)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2016-4-18

IOT : Security & Privacy Challenges

Organised by Hong Kong Computer Society

2016-4-18

Cyber Smart Advice: Plug the security loophole of the encryption technology and disable SSL v2.0 (Chinese only)

Please refer to Chinese version.

2016-4-15

GovCERT.HK - Security Alert (A16-04-03): Multiple Vulnerabilities in Apple QuickTime

Multiple vulnerabilities are found in Apple QuickTime. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially crafted web page or movie file.

2016-4-15

News: PCPD Joins a Global Sweep Exercise to Examine the Privacy Transparency of Fitness Bands

The Office of the Privacy Commissioner for Personal Data, Hong Kong has joined the Global Privacy Enforcement Network ("GPEN") to conduct a "Privacy Sweep" ("Sweep") from 11 April 2016, examining how the fitness bands collect and use personal data and how the device users are kept informed.

2016-4-14

Phishing Attack - Phishing email related to Hang Seng Bank, Limited (14 Apr 2016)

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on phishing email, which has been reported to the HKMA.

2016-4-13

GovCERT.HK - Security Alert (A16-04-02): Multiple Vulnerabilities in Microsoft Products (April 2016)

Microsoft has released 13 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-4-12

HK-Mainland Cyber Security Forum 2016

Organised by Office of the Government Chief Information Officer (OGCIO) / Bureau of Cyber Security of Cyberspace Administration of China

2016-4-12

News: HK-Mainland Cyber Security Forum fosters development of cyber security in both places

The Office of the Government Chief Information Officer (OGCIO) and the Bureau of Cyber Security of Cyberspace Administration of China (CAC) jointly held the first Hong Kong-Mainland Cyber Security Forum today (April 12) to promote the development of cyber security technology and industry in both Hong Kong and the Mainland.

2016-4-12

Cyber Smart Advice: 7 security tips to safeguard your accounts

Please refer to Chinese version.

2016-4-8

GovCERT.HK - Security Alert (A16-04-01): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory layout randomisation problem, type confusion, security bypass, use-after-free, stack overflow and memory corruption errors.

2016-4-7

CSA HKM Knowledge Sharing Event - APR 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2016-4-4

Cyber Smart Advice: Beware of pop-up login screen, leads to password leakage.

Please refer to Chinese version.

2016-3-31

GovCERT.HK - Security Alert (A16-03-10): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 39 vulnerabilities in iOS versions prior to iOS 9.3.

2016-3-24

SME Management Workshop on "Cyber Security & Safety Measures for Businesses"

Organised by Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) / Hong Kong Trade Development Council

2016-3-24

GovCERT.HK - Security Alert (A16-03-09): Vulnerability in Oracle Java

Oracle has published a security advisory to address a security vulnerability found in Java SE sub-component Hotspot that could be exploited without authentication. An attacker could entice a user to open a specially crafted web page to exploit the vulnerability.

2016-3-24

GovCERT.HK - Security Alert (A16-03-08): Multiple Vulnerabilities in Cisco Products (March 2016)

Cisco has released six security advisories fixing a number of vulnerabilities in Cisco IOS, IOS XE, NX-OS and Cisco Unified Communications Manager software. An unauthenticated remote attacker could exploit the vulnerabilities in relation to several functions or protocols including Session Initiation Protocol (SIP), DHCPv6 relay feature, handling of Internet Key Exchange version 2 (IKEv2) fragmentation code, smart install client feature, Locator/ID Separation Protocol (LISP), and Wide Area Application Services (WAAS) Express feature.

2016-3-21

GovCERT.HK - Security Alert (A16-03-07): Multiple Vulnerabilities in Symantec Endpoint Protection

Symantec has published a security advisory to address multiple vulnerabilities found in Symantec Endpoint Protection (SEP). These vulnerabilities are caused by insufficient security checks in SEP Manager (SEPM) and a problem in Application and Device Control component on a SEP client in validating external input. A remote attacker could entice a user to access a malicious link or open a malicious document to exploit the vulnerabilities.

2016-3-19

Subject Talks on "New Era of IT" 2016 - Common online scam

Organised by Hong Kong Public Libraries of LCSD

2016-3-16 to

2016-3-18

2016 Annual Conference - Effective Governance to deal with Cybersecurity, Emerging Technology Risks, and Privacy.

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2016-3-18

HKCERT Security Alert: Locky Ransomware in the Wild

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council today (18 March 2016) alerted the public to be vigilant to the Locky ransomware attacks that hold data hostage and demand ransom from the victim.

2016-3-11

Four ways to reinforce the web servers against cyberattacks (Chinese only)

Please refer to chinese version.

2016-3-11

GovCERT.HK - Security Alert (A16-03-06): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by integer overflow, use-after-free, heap overflow and memory corruption errors. A remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content to exploit the vulnerabilities.

2016-3-10

GovCERT.HK - Security Alert (A16-03-05): Multiple Vulnerabilities in ISC BIND

Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure if DNS cookie support is enabled, remote commands on the control channel are accepted or when parsing signature records for DNAME records, causing the BIND to crash.

2016-3-9

GovCERT.HK - Security Alert (A16-03-04): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, out-of-bounds read in ServiceWorkerManager, multiple use-after-free issues, heap-based buffer overflow and a number of problems in the Graphite 2 library.

2016-3-9

GovCERT.HK - Security Alert (A16-03-03): Multiple Vulnerabilities in Adobe Acrobat and Reader

Security updates are released for Adobe Acrobat and Reader to address multiple vulnerabilities caused by memory corruption and a directory search path issue. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file.

2016-3-9

GovCERT.HK - Security Alert (A16-03-02): Multiple Vulnerabilities in Microsoft Products (March 2016)

Microsoft has released 13 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-3-4

Each quarter has more than ten thousand cases about hackers invaded Hong Kong's servers (Chinese only)

Please refer to chinese version.

2016-3-3

CSA HKM Knowledge Sharing Event - March 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2016-3-2

GovCERT.HK - Security Alert (A16-03-01): Multiple vulnerabilities in IBM Notes

IBM has published a security bulletin to address multiple vulnerabilities related to libpng used in Notes. An attacker could send specially crafted PNG image files to an affected system to obtain sensitive information and execute arbitrary code.

2016-2-26

Outdated mobile and computing devices may have security risks and should be replaced as soon as possible (Chinese only)

Please refer to chinese version.

2016-2-25

Phishing Attack - Fraudulent website related to OCBC Wing Hang Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website(www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.

2016-2-19

Do not yield to blackmail from hackers (Chinese only)

Please refer to chinese version

2016-2-18

GovCERT.HK - Security Alert (A16-02-06): Vulnerability in GNU C Library (glibc)

A vulnerability was identified in GNU C Library (glibc) which is used in many Linux or Unix-based OS. Due to a stack-based buffer overflow vulnerability in the function "getaddrinfo()", applications using the glibc DNS client side resolver to resolve hostnames are vulnerable to attacks when resolving attacker-controlled domain names, DNS servers, or through a man-in-the-middle attack. Proof-of-concept codes were tested to successfully exploit the vulnerability.

2016-2-16

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website (www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.

2016-2-12

How to address the new cyber threats? (Chinese only)

Please refer to chinese version

2016-2-12

GovCERT.HK - Security Alert (A16-02-05): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by circumventing the validation of internal instruction parameters in the Graphite 2 and violating the same-origin-policy using Service Workers with plugins. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.

2016-2-12

GovCERT.HK - Security Alert (A16-02-04): Vulnerability in Cisco Products

Cisco has released a security advisory fixing a vulnerability in Cisco security appliances, virtual appliances and services modules: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability.

2016-2-11

GovCERT.HK - Security Alert (A16-02-03): Vulnerability in Oracle Java

Oracle has published a security advisory to address a security vulnerability found in Java SE. To exploit the vulnerability.

2016-2-11

GovCERT.HK - Security Alert (A16-02-02): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, heap buffer overflow, type confusion and use-after-free error.

2016-2-11

GovCERT.HK - Security Alert (A16-02-01): Multiple Vulnerabilities in Microsoft Products (February 2016)

Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-2-5

Cyber security trends in 2016 (Chinese only)

Please refer to chinese version

2016-2-4

CSA HKM Knowledge Sharing Event - February 2016

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2016-1-29

GovCERT.HK - Security Alert (A16-01-09): Multiple Vulnerabilities in OpenSSL

Multiple vulnerabilities are found in the OpenSSL library which may generate unsafe primes for use in the Diffie-Hellman protocol that may lead to disclosure of enough information for an attacker to recover the private encryption key. Moreover, a malicious client could negotiate SSLv2 ciphers that have been disabled on the server.

2016-1-29

News: Fraudulent Mainland bank websites pose threats to local users (Chinese only)

Please refer to chinese version

2016-1-27

GovCERT.HK - Security Alert (A16-01-08): Multiple Vulnerabilities in Firefox

2016-1-26

News: Upward Trend in Privacy Complaints Sees Need for Personal Data Protection and Respect amongst Individuals and Organisations

The Office of the Privacy Commissioner for Personal Data ("PCPD") received a record number of complaints in 2015. There was a rising trend in the number of enquiries and complaints in relation to the use of information and communications technology (“ICT”). A number of data leakage incidents occurred during the year amounting to a contravention of data security principle.

2016-1-25

News: Emerging cyber threats of pocket WiFi (Chinese only)

Please refer to chinese version

2016-1-22

Phishing Attack - Fraudulent website related to China Citic Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Citic Bank International Limited on fraudulent website, which has been reported to the HKMA. Hyperlink to the press release is available on the HKMA website(www.hkma.gov.hk/eng/other-information/fraudulent-bank-websites.shtml) for ease of reference by members of the public.

2016-1-21

GovCERT.HK - Security Alert (A16-01-07): Vulnerability in Linux Kernel

A local privilege escalation vulnerability is found in the Linux kernel 3.8 or later. A memory leak flaw exists in the Linux keyrings facility that manages key security data, authentication details and encryption keys could be exploited to expose cached sensitive information.

2016-1-20

News: HKPC Warns of Growing Cyber Attacks that Harvest Credentials for Profit

Enterprises and Internet users should strengthen their guard against an anticipated surge in cyber attacks targeting web servers, point of sale (POS) systems, and mobile devices; urged information security experts at the Hong Kong Productivity Council (HKPC) today.

2016-1-20

GovCERT.HK - Security Alert (A16-01-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2016)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2016-1-20

GovCERT.HK - Security Alert (A16-01-05): Multiple Vulnerabilities in ISC BIND

Multiple vulnerabilities are found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger a REQUIRE assertion failure which may cause the BIND to crash. In addition, a flaw in buffer size checking could cause the BIND to exit with an INSIST failure.

2016-1-19

Phishing Attack - Suspected fraudulent websites

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public in Hong Kong to two suspected fraudulent websites with the domain names http://www.uscapitalprivatebank.com and http://www.uscapitalfundingii.com. The websites are operated by "US Capital Private Bank" which claims that it is a Tier One Wealth Management and Private Financial Institution.

2016-1-16

Smart Use of Communications Services Seminar

Organised by Communications Authority

2016-1-15

Stay Safe using Free Wi-Fi during Your Trip (Chinese only)

Please refer to chinese version

2016-1-15

Protect Your Computing Devices Before Travel (Chinese only)

Please refer to chinese version

2016-1-15

GovCERT.HK - Security Alert (A16-01-04): Multiple Vulnerabilities in OpenSSH

Multiple vulnerabilities are found in OpenSSH. A remote authenticated server could obtain potentially sensitive information from OpenSSH client memory or potentially execute arbitrary code on the target client system. An OpenSSH client connecting to a malicious OpenSSH server may have its private client user keys compromised or arbitrary codes executed.

2016-1-13

GovCERT.HK - Security Alert (A16-01-03): Multiple Vulnerabilities in Adobe Acrobat and Reader

Security updates are released for Adobe Acrobat and Reader to address multiple vulnerabilities caused by use-after-free error, double-free error, memory corruption, problems in Javascript API and directory search path problem in Adobe Download Manager. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file, web page, Flash file, or document that supports embedded Flash content.

2016-1-13

GovCERT.HK - Security Alert (A16-01-02): Multiple Vulnerabilities in Microsoft Products (January 2016)

Microsoft has released 9 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components.

2016-1-8

GovCERT.HK - Security Alert (A16-01-01): Multiple Vulnerabilities in Apple QuickTime

Multiple vulnerabilities are found in Apple QuickTime. A remote attacker could exploit the vulnerabilities by enticing a user to open a specially crafted movie file.