InfoSec: Search by News & Events

2017-12-31

GovCERT.HK - Weekly IT Security News Bulletin (25 December 2017 - 31 December 2017)

- Loapi Trojan
- a Swiss Army knife for Android attackers
- Browser login managers exploited by web trackers

2017-12-29

Cyber Smart Advice: Web sites record user information may lead to data leakage

Please refer to Chinese version.

2017-12-25

GovCERT.HK - Weekly IT Security News Bulletin (18 December 2017 - 24 December 2017)

- JScript exploitation in Windows via automatic proxy configuration
- Firewall bursting with cloud computing

2017-12-22

Cyber Smart Advice: Beware of holiday email scam

Please refer to Chinese version.

2017-12-21

Phishing Attack - Suspected fraudulent website

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public in Hong Kong to a suspected fraudulent website with two domain names ｈｔｔｐ：／／ｖｉｓａｂａｎｋ﹒ｏｒｇ and ｈｔｔｐ：／／ｖｉｓａｂａｎｋｉｎｇ﹒ｃｏｍ.

2017-12-20

Phishing Attack - Fraudulent website related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on fraudulent website, which has been reported to the HKMA.

2017-12-18

Phishing Attack - Fraudulent websites related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent websites, which have been reported to the HKMA.

2017-12-18

GovCERT.HK - Weekly IT Security News Bulletin (11 December 2017 - 17 December 2017)

- Rogue admin account created at unpatched WordPress websites
- MailSploit lets spoofed emails bypass DMARC
- Traffic to popular websites routed through Russian ISP

2017-12-13

Public Seminar on "Embracing the New Communications Era"

Organised by Communications Authority

2017-12-13

GovCERT.HK - Security Alert (A17-12-09): Vulnerability in TLS RSA Cipher Suites

A vulnerability is found in the implementation of TLS network security protocol affecting those TLS servers with RSA cipher suites enabled.

2017-12-13

GovCERT.HK - Security Alert (A17-12-08): Vulnerability in Adobe Flash Player

Adobe released a security update to address a vulnerability found in the Adobe Flash Player.

2017-12-13

GovCERT.HK - Security Alert (A17-12-07): Multiple Vulnerabilities in Microsoft Products (December 2017)

Microsoft has released 23 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2017-12-12

CPD Seminar - Data Loss Prevention (DLP) Strategy and Best Practices

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-12-12

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2017-12-11

GovCERT.HK - Security Alert (A17-12-06): Vulnerability in Hewlett-Packard (HP) Products

HP released a security update to fix a vulnerability identified in certain versions of Synaptics touchpad drivers used by some models of HP products.

2017-12-11

GovCERT.HK - Weekly IT Security News Bulletin (4 December 2017 - 10 December 2017)

- Satori botnet building up forces
- Emerging trends in vulnerability management

2017-12-9

Tackling System Security from the Perspective of Non-digital Components

Organised by Professional Information Security Association

2017-12-9

Subject Talks on "New Era of IT" - How to Minimise the Infection of Ransomware?

Organised by Hong Kong Public Libraries of LCSD

2017-12-8

GovCERT.HK - Security Alert (A17-12-05): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2017-12-8

Cyber Smart Advice – Domain Name System adopts additional encryption technology to safeguard websites

Please refer to Chinese version.

2017-12-7

GovCERT.HK - Security Alert (A17-12-04): Multiple Vulnerabilities in Apple iOS

On 2 December 2017, Apple released security updates in its latest iOS version 11.2 to fix 14 vulnerabilities identified in various iOS devices.

2017-12-7

GovCERT.HK - Security Alert (A17-12-03): Vulnerability in Microsoft Malware Protection Engine

Microsoft has released a security update addressing a vulnerability in the Microsoft Malware Protection Engine.

2017-12-6

CSA HKM Knowledge Sharing Event – December 2017: Live Cloud Forensics

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2017-12-5

GovCERT.HK - Security Alert (A17-12-02): Multiple Vulnerabilities in Firefox

Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox.

2017-12-4

GovCERT.HK - Security Alert (A17-12-01): Multiple Vulnerabilities in Apache Struts

Apache has released a new version of Apache Struts to address multiple vulnerabilities affecting systems that use the Struts REST plugin.

2017-12-4

GovCERT.HK - Weekly IT Security News Bulletin (27 November 2017 - 3 December 2017)

- 蘋果macOS作業系統帳戶驗證機制存在保安漏洞
- Misconfigured file sharing exposed personal information of 10,000 staff

2017-12-1

Cyber Smart Advice – Restrict the remote access to defend against ransomware attack

Please refer to Chinese version.

2017-12-1

HKPC: Cyber Security Critical to Smart Healthcare

With the wider use of Internet-connected medical devices, or known as the "Internet of Medical Things" (IoMT), the Hong Kong Productivity Council (HKPC) urges industry practitioners to adopt comprehensive cyber defense to mitigate information security threats, or risk compromising patients' welfare and safety.

2017-9-1 to

2017-11-30

Cyber Security Competition 2017

Organised by Hong Kong Police Force (HKPF) / Junior Police Call / University of Hong Kong

2017-11-29

LCQ15: Measures to enhance information security

Following is a question by the Hon Charles Mok and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (November 29)…

2017-11-28

Phishing Attack - Fraudulent website related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on fraudulent website, which has been reported to the HKMA.

2017-11-27

GovCERT.HK - Weekly IT Security News Bulletin (20 November 2017 - 26 November 2017)

- Web analytics tools keylogging website visitors
- Security challenges for hybrid cloud

2017-11-24

Cyber Smart Advice: Cyber security on medical system

Please refer to Chinese version.

2017-11-23

The Integration of "Human + Machine" - The biggest security challenges in businesses

Organised by Professional Information Security Association

2017-11-21 to

2017-11-22

Cyber Security for Industry 4.0 International Conference -- Connecting to Tomorrow's Global Supply Chain

Organised by Hong Kong Productivity Council / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2017-11-22

GovCERT.HK - Security Alert (A17-11-05): Multiple Vulnerabilities in Intel Products

Intel has published a security advisory to address multiple vulnerabilities in Intel manageability products with the objective of enhancing firmware resilience.

2017-11-21

HKPC Urges for Strengthened Supply Chain Cyber Security in Industry 4.0

With “Industry 4.0” an irreversible trend, Hong Kong manufacturers and businesses must make cyber security of the supply chain their top priority, Mr Willy Lin, Chairman of the Hong Kong Productivity Council (HKPC), told the “Cyber Security for Industry 4.0 International Conference” which opens today (21 November 2017).

2017-11-20

GovCERT.HK - Security Advisory (S17-01) – Secure Your Wi-Fi networks against WPA/WPA2 Vulnerabilities

The Wi-Fi Protected Access (WPA and WPA2) security protocols, developed by the Wi-Fi Alliance to enhance the security of Wi-Fi networks, have multiple vulnerabilities.

2017-11-20

GovCERT.HK - Weekly IT Security News Bulletin (13 November 2017 - 19 November 2017)

- #AVGater: Anti-malware flaw causing local privilege escalation
- One third of attacks on endpoints would be fileless in 2018

2017-11-17

Cyber Smart Advice: Enhance supply chain security

Please refer to Chinese version.

2017-11-16

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

2017-11-15

GovCERT.HK - Security Alert (A17-11-04): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2017-11-15

GovCERT.HK - Security Alert (A17-11-03): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.

2017-11-15

GovCERT.HK - Security Alert (A17-11-02): Multiple Vulnerabilities in Microsoft Products (November 2017)

Microsoft has released 50 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2017-11-15

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

2017-11-14

CPD Seminar - Achieving PCI Compliance – Best Practices Working with your Cloud Provider

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-11-13

GovCERT.HK - Weekly IT Security News Bulletin (6 November 2017 - 12 November 2017)

- Misconfigured cloud storages vulnerable to GhostWriter attack
- Banking Trojan targets search results

2017-11-10

One-Day Workshop - Blockchain and Smart Contract: A Hands-On Introduction

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-11-10

Cyber Smart Advice: IoT security starts from procurement and installation

Please refer to Chinese version.

2017-11-9

HKCERT – Security Blog: Secure the Remote Desktop Services (RDP) for Preventing Ransomware Attack!

While the recent intrusion of an enterprise may have stolen the limelight, let us not forget about the spread of CrySIS/Dharma ransomware. HKCERT is aware of news reports that a school fell victim to infection yesterday, resulting in data being encrypted and inaccessible.

2017-11-8

Public Seminar on "Embracing the New Communications Era"

Organised by Communications Authority

2017-11-8

HKCERT – Security Blog: Beware of cyber attack, protect personal information

HKCERT noticed there were reports that an enterprise was intruded by hackers and the customer data files were locked. The enterprise was ransomed by hackers via emails as well.

2017-11-6

GovCERT.HK - Weekly IT Security News Bulletin (30 October 2017 - 5 November 2017)

- Estonia freezes 760,000 vulnerable resident ID cards
- Abuse of RDP for Crysis ransomware implantations
- Combosquatting: a simple trick but a growing threat

2017-11-3

Cyber Smart Advice: 4 major security issues in IoT facilities

Please refer to Chinese version.

2017-11-3

Phishing Attack - Fraudulent email purportedly issued by Inland Revenue Department

The Inland Revenue Department today (November 3) alerted members of the public to fraudulent emails purportedly issued by the department from the email account "e_alert@ird.goy.hk" or "e_alert@ird.gov.hk" requesting the recipient to claim a tax refund. The emails provide a hyperlink to an unknown website, which may contain a computer virus.

2017-11-1 to

2017-11-2

Hong Kong International Computer Conference 2017

Organised by Hong Kong Computer Society

2017-11-1

GovCERT.HK - Security Alert (A17-11-01): Multiple Vulnerabilities in Apple iOS

On 31 October 2017, Apple released security updates in its latest iOS version 11.1 to fix 20 vulnerabilities identified in various iOS devices. Multiple attack vectors could be adopted to exploit the vulnerabilities.

2017-11-1

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) today (November 1) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA.

2017-10-30

GovCERT.HK - Weekly IT Security News Bulletin (23 October 2017 - 29 October 2017)

- Bad Rabbit ransomware hopping across Europe
- DDE as attack vector in malware campaigns

2017-10-27

Bogus SMS messages purportedly sent from HKMA

Please refer to Chinese version.

2017-10-25

Hong Kong SMEs Cloud Adoption, Security & Privacy Readiness Survey Results Announced

October 25, 2017 – HONG KONG – Internet Society Hong Kong and Cloud Security Alliance – Hong Kong and Macau Chapter jointly announced the third annual report on “Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey” today.

2017-10-25

Phishing Attack - Bogus SMS messages purportedly sent from HKMA

The Hong Kong Monetary Authority (HKMA) has received public enquiries about SMS messages purportedly sent from HKMA asking to obtain security clearance permit to release funds from their local bank accounts.

2017-10-25

HKCERT – Security Blog: New Ransomware "BadRabbit"

A new ransomware is widely spreading in Russia, Ukraine and several European regions. The name of the ransomware is BadRabbit, similar to NotPetya.

2017-10-24

HKCERT – Security Blog: Beware of IoT Botnet "Reaper"

HKCERT is aware that a security vendor has published a research on an IoT botnet, named "Reaper" or "IoTroop", which may have compromised million of IoT devices such as router.

2017-10-23

GovCERT.HK - Weekly IT Security News Bulletin (16 October 2017 - 22 October 2017)

- WPA/WPA2 vulnerabilities leave Wi-Fi networks open to KRACK attack
- Infineon TPM generates insecure RSA key pairs

2017-10-21

Public Seminar on "Embracing the New Communications Era"

Organised by Communications Authority

2017-10-20

Cyber Smart Advice: Points to note for online transaction.

Please refer to Chinese version.

2017-10-20

Phishing Attack - Fraudulent website related to The Bank of East Asia, Limited

The Hong Kong Monetary Authority (HKMA) today (October 20) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited on fraudulent website, which has been reported to the HKMA.

2017-10-18

GovCERT.HK - Security Alert (A17-10-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2017)

Multiple vulnerabilities are found in the Dnsmasq software package. Reports indicate that the proof-of-concept exploit code is available on the Internet.

2017-10-17

GovCERT.HK - Security Alert (A17-10-05): Vulnerability in Adobe Flash Player

Security update is released for Adobe Flash Player to address vulnerability caused by type confusion.

2017-10-17

GovCERT.HK - Security Alert (A17-10-04): Multiple Vulnerabilities in WPA2

Multiple vulnerabilities are found in WPA2 encryption protocol for Wi-Fi. An attacker within range of a Wi-Fi network access point and client may be exploited by hackers using the vulnerabilities.

2017-10-16

GovCERT.HK - Weekly IT Security News Bulletin (9 October 2017 - 15 October 2017)

- New smart speaker found eavesdropping everything
- Cryptojacking consumes your computer to make money

2017-10-15

The Second HK-Mainland Cyber Security Forum

Organised by Office of the Government Chief Information Officer (OGCIO) / Bureau of Cyber Security of Cyberspace Administration of China

2017-10-15

Second HK-Mainland Cyber Security Forum held in Xiamen

The second HK-Mainland Cyber Security Forum (the Forum), jointly organised by the Office of the Government Chief Information Officer (OGCIO) and the Bureau of Cyber Security of Cyberspace Administration of China, was held in Xiamen today (October 15). A delegation led by the Government Chief Information Officer, Mr Allen Yeung, attended the event.

2017-10-14

HKCERT – Security Blog: Beware of payment online using credit card

HKCERT noticed that there were reports from credit card users that unauthorised credit card transactions emerged after they used their credit card online on a particular website.

2017-10-13

Cyber Smart Advice: Prevent old and expired mobile device against data leakage

Please refer to Chinese version.

2017-10-13

Phishing Attack - Fraudulent website related to Chong Hing Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chong Hing Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-10-12

Phishing Attack - Fraudulent website related to OCBC Wing Hang Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-10-11

GovCERT.HK - Security Alert (A17-10-03): Multiple Vulnerabilities in Microsoft Products (October 2017)

Microsoft has released 50 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2017-10-9

GovCERT.HK - Weekly IT Security News Bulletin (2 October 2017 - 8 October 2017)

- Seven vulnerabilities found in Dnsmasq
- Top mobile apps blacklisted by enterprises

2017-10-6

Cyber Smart Advice: Hackers Made Use of Sound Waves to Control Mobile

Please refer to Chinese version.

2017-10-4

GovCERT.HK - Security Alert (A17-10-02): Multiple Vulnerabilities in Dnsmasq

Multiple vulnerabilities are found in the Dnsmasq software package. Reports indicate that the proof-of-concept exploit code is available on the Internet.

2017-10-4

GovCERT.HK - Security Alert (A17-10-01): Multiple Vulnerabilities in IBM Notes and Domino

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks.

2017-10-4

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-10-4

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on a fraudulent website, which has been reported to the HKMA.

2017-10-2

GovCERT.HK - Weekly IT Security News Bulletin (25 September 2017 - 1 October 2017)

- Security flaw in Wi-Fi chipset threatening iOS and Android devices
- 手機流動支付金有被盜用風險

2017-9-30

Public Seminar on "Embracing the New Communications Era"

Organised by Communications Authority

2017-9-25 to

2017-9-29

39th International Conference of Data Protection and Privacy Commissioners

Organised by Office of the Privacy Commissioner for Personal Data

2017-9-29

Cyber Smart Advice: Protecting IoT devices against botnet attack

Please refer to Chinese version.

2017-9-29

GovCERT.HK - Security Alert (A17-09-10): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2017-9-28

GovCERT.HK - Security Alert (A17-09-09): Vulnerability in Linux Kernel

A vulnerability was found in the memory management of the affected Linux operating systems.

2017-9-28

GovCERT.HK - Security Alert (A17-09-08): Multiple Vulnerabilities in Cisco Products

Cisco has released the security advisories to address the vulnerabilities in Cisco IOS and IOS XE software.

2017-9-27

GovCERT.HK - Security Alert (A17-09-07): Multiple Vulnerabilities in Broadcom Wireless Chipset

Multiple vulnerabilities are found in Apple and Android devices built upon Broadcom BCM4355C0 model of wireless chipset.

2017-9-27

GovCERT.HK - Security Alert (A17-09-06): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 62 vulnerabilities in iOS versions prior to iOS 11.0.1.

2017-9-25

Phishing Attack - Phishing Attack –Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2017-9-25

GovCERT.HK - Weekly IT Security News Bulletin (18 September 2017 - 24 September 2017)

- CCleaner supply chain malware targeted on technology giants
- SafeBrowse Chrome extension was found mining cryptocurrency secretly on users’ computer

2017-9-21 to

2017-9-22

Two-Day Workshop - Data Analytics for Compliance, Investigation, Audit and Security Professionals

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-9-22

Cyber Smart Advice: Cyber Security for Enterprise in Industry 4.0

Please refer to Chinese version.

2017-9-21

CSA HKM Knowledge Sharing Event – September 2017: Achieving PCI Compliance - Best Practices Working with your Cloud Provider

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2017-9-21

False sense of security - "How easy to hack the physical security nowadays"

Organised by Professional Information Security Association

2017-9-20

Build a Secure Cyberspace 2017 – "Smart Home, Safe Living" Seminar

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2017-9-18 to

2017-9-20

DNSSEC Workshop

Organised by Hong Kong Internet Registration Corporation Limited

2017-9-20

Public reminded to keep a watchful eye on security of Internet-connected devices

At the Build a Secure Cyberspace 2017 seminar today (September 20), the Deputy Government Chief Information Officer (Infrastructure and Operations), Mr Victor Lam, reminded the public to keep a watchful eye on cyber security, especially on Internet-connected smart home devices, to avoid falling prey to hackers in view of numerous cyber security attacks in recent years.

2017-9-18

HKCERT - Security Blog: Buying and installing tips for Smart Device

In recent years, Internet and things (IoT) device usage grows rapidly, There are reports that expect the related devices will grow to about 21 billion in 2020, and will exceed the number of personal computers very soon.

2017-9-18

GovCERT.HK - Weekly IT Security News Bulletin (11 September 2017 - 17 September 2017)

- BlueBorne: a new attack vector comes to Bluetooth devices
- Upgrade Apache Struts immediately to fix another actively exploiting flaw

2017-9-15

Cyber Smart Advice: Information Security for Connected Medical Facilities

Please refer to Chinese version.

2017-9-13

GovCERT.HK - Security Alert (A17-09-05): Multiple Vulnerabilities in Bluetooth Implementation

8 vulnerabilities, collectively named as “BlueBorne”, are found in the implementation of the Bluetooth protocol in different platforms.

2017-9-13

GovCERT.HK - Security Alert (A17-09-04): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption.

2017-9-13

GovCERT.HK - Security Alert (A17-09-03): Multiple Vulnerabilities in Microsoft Products (September 2017)

Microsoft has released 80 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and one of them enhancing the security as a defense in depth measure. Exploitation has been reported in the wild.

2017-9-11

GovCERT.HK - Weekly IT Security News Bulletin (4 September 2017 - 10 September 2017)

- New wave of ransom attacks on MongoDB servers
- Over 28 million users’ data exposed in a massive data breach

2017-9-8

Cyber Smart Advice: Two computer security centres joint hands in fighting against ransomware

Please refer to Chinese version.

2017-9-6

GovCERT.HK - Security Alert (A17-09-02): Vulnerabilities in Apache Struts

Apache has released a new version of Apache Struts with fixes for multiple vulnerabilities affecting Struts REST plugin and URLValidator.

2017-9-5

HKCERT and GovCERT.HK Take to Social Media in Fight Against Ransomware

To combat worsening ransomware cyber attacks, HKCERT and GovCERT.HK today (5 September 2017) jointly launched the “Fight Ransomware Campaign” to strengthen the readiness of Hong Kong businesses and general public against such attacks.

2017-9-4

GovCERT.HK - Weekly IT Security News Bulletin (28 August 2017 - 3 September 2017)

- Over thousands internet-connected devices left wide open to hackers
- 瀏覽器防護機制存漏洞擴充程式可被黑客利用

2017-9-3

HKCERT – Security Blog: Change your recruitment website cpjobs.com account password immediately

Yesterday (2/9), a recruitment website cpjobs.com made a statement to the users, said on August 28 and 30, their site was attacked twice and hackers stole the user information and account password. HKCERT advises affected users to change passwords immediately in order to protect their data.

2017-9-1

GovCERT.HK - Security Alert (A17-09-01): Multiple Vulnerabilities in IBM Notes

Multiple vulnerabilities are found in IBM Lotus Notes related to open source libraries and program flaws.

2017-9-1

Cyber Smart Advice: Avoid sending privacy via instant messaging software

Please refer to Chinese version.

2017-8-31

HKCERT – Security Blog: Using mobile app to read HKCERT security alerts

The iOS mobile app of HKCERT has reached its end in service and will be removed from Apple's App Store in early September. iOS users are suggested to use GovHK Notification App to read security alerts of HKCERT.

2017-8-28

GovCERT.HK - Weekly IT Security News Bulletin (21 August 2017 - 27 August 2017)

- Android mobile apps turned into spyware by advertising kit
- DDoS attacks rose again markedly in Q2 2017

2017-8-25

Cyber Smart Advice: Protecting your privacy and disable the online tracking feature

Please refer to Chinese version.

2017-8-25

HKCERT – Security Blog: Be careful new suspected malicious program spreading via Facebook Messenger

A suspected malicious program is widely spreading via Facebook Messenger, when you receive the message contains "David Video" and a short URL you have to be careful, it may be a malicious program Web site.

2017-8-21

GovCERT.HK - Weekly IT Security News Bulletin (14 August 2017 - 20 August 2017)

- New PowerPoint attack with old flaw
- Millions open ports for publicly accessible remote desktops

2017-8-19

PISA AGM cum Feature Talk: DevOps Security Journey

Organised by Professional Information Security Association

2017-8-18

Cyber Smart Advice: Make Use of Cyber Threat Intelligence to Defend against Hackers (Chinese only)

Please refer to Chinese version

2017-8-18

Phishing Attack - Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited

2017-8-17

Smart-Space Lunch Gathering: China's New Cybersecurity Law

Organised by Hong Kong Cyberport Management Company Limited

2017-8-15 to

2017-8-16

Information Security Summit 2017

Organised by Cloud Security Alliance Hong Kong & Macau Chapter / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) / Hong Kong Computer Society / Hong Kong Information Technology Federation / Hong Kong Productivity Council / Information Security and Forensics Society / Information Systems Audit and Control Association / ISC2 / ISOC Hong Kong / Professional Information Security Association

2017-8-15

CPD Seminar - The Competition Ordinance - Enforcement, Compliance and Relevance to IT Companies and Professionals

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-8-15

HKPC: Cyber Threat Intelligence Critical to Local Enterprises

In addition to business intelligence, local enterprises and organisations should pay attention to cyber threat intelligence in order to protect themselves from worsening cyber attacks, said Mr Willy Lin, Chairman of the Hong Kong Productivity Council, at the opening of the “Information Security Summit 2017” today (15 August 2017).

2017-8-14

GovCERT.HK - Weekly IT Security News Bulletin (7 August 2017 - 13 August 2017)

- A research found iOS users the biggest mobile phishing target
- Adobe is planning to end-of-life Flash in 2020

2017-8-11

Cyber Smart Advice: Compromised Mobile Device in Non-Official Repairing Centre (Chinese Only)

Please refer to Chinese version

2017-8-10

CSA HKM Knowledge Sharing Event – August 2017

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2017-8-9

GovCERT.HK - Security Alert (A17-08-04): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by XUL injection, use-after-free error, memory safety bugs, buffer overflow, out-of-bounds read, domain hijacking, same-origin policy bypass, and memory protections bypass, etc.

2017-8-9

GovCERT.HK - Security Alert (A17-08-03): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by security bypass, type confusion, memory corruption, use-after-free error, insufficient verification of data authenticity and heap overflow.

2017-8-9

GovCERT.HK - Security Alert (A17-08-02): Multiple Vulnerabilities in IBM Notes and Domino

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks which could be remotely exploited without authentication.

2017-8-9

GovCERT.HK - Security Alert (A17-08-01): Multiple Vulnerabilities in Microsoft Products (August 2017)

Microsoft has released 31 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2017-8-7

HKCERT – Security Blog: Mirai Malware Cleanup and Prevention

HKCERT has released the Mirai Malware Cleanup and Prevention guideline to help the public to handle the infected devices and prevent from being victimised.

2017-8-7

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2017-8-7

GovCERT.HK - Weekly IT Security News Bulletin (31 July 2017 - 6 August 2017)

- Trickbot banking Trojan resembles WannaCry way to spread
- Typo-squatting attack on npm went undetected for two weeks
- Application denial-of-service in microservice architectures

2017-8-4

ISACA One-Day Workshop – Wi-Fi Penetration Testing and Defences

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-8-4

Technical Sharing Session: Malware Command and Control using Social Media Platform

Organised by Professional Information Security Association

2017-8-4

Cyber Smart Advice: Potential Threats of Ransomware Attacks to macOS Users

Please refer to Chinese version

2017-7-31

HKCERT – Security Blog: Hong Kong Security Watch Report (Q2 2017)

The report provides data about the activities of compromised computers in Hong Kong which suffer from, or participate in various forms of cyber attacks, including web defacement, phishing, malware hosting, botnet command and control centres (C&C) and bots.

2017-7-31

Cyber Smart Advice: Employ Advanced Encryption Technology to Secure Your Email Attachment (Chinese only)

Please refer to Chinese version

2017-7-31

GovCERT.HK - Weekly IT Security News Bulletin (24 July 2017 - 30 July 2017)

- "Careless with secret information" risks country-wide data leak
- SMBloris – denial of service attack targeting Windows servers

2017-7-29

Public Awareness Seminar on WiFi Security 2017

Organised by Hong Kong Wireless Technology Industry Association / Professional Information Security Association

2017-7-28

Phishing Attack - Phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on phishing email, which has been reported to the HKMA.

2017-7-26

Phishing Attack - Fraudulent email purportedly issued by Inland Revenue Department

The Inland Revenue Department today (July 26) alerted members of the public to a fraudulent email purportedly issued by the department from the email account "taxctr1@ird.gov.hk".

2017-7-24

GovCERT.HK - Security Alert (A17-07-06): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 47 vulnerabilities in iOS versions prior to iOS 10.3.3. These vulnerabilities are caused by the problems in various iOS components.

2017-7-24

GovCERT.HK - Weekly IT Security News Bulletin (17 July 2017 - 23 July 2017)

- A "key" milestone in protecting the DNS
- 消委會：通訊App欠點對點加密　訊息易外泄

2017-7-21

Cyber Smart Advice: Beware of Cyber Attacks to Virtual Currency Mining (Chinese only)

Please refer to Chinese version

2017-7-20

CSA HKM Knowledge Sharing Event – July 2017

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2017-7-19

GovCERT.HK - Security Alert (A17-07-05): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2017)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2017-7-18

Phishing Attack - Fraudulent website and email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on a fraudulent website and a fraudulent email with suspected links to malicious files, which have been reported to the HKMA.

2017-7-17

GovCERT.HK - Weekly IT Security News Bulletin (10 July 2017 - 16 July 2017)

- Hundreds of domains hijacked
- Defend your website with ZIP bombs

2017-7-14

Cyber Smart Advice: Minimise the number of administrative accounts to defend the new ransomware

Please refer to Chinese version

2017-7-12

GovCERT.HK - Security Alert (A17-07-04): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption and security bypass.

2017-7-12

GovCERT.HK - Security Alert (A17-07-03): Multiple Vulnerabilities in Microsoft Products (July 2017)

Microsoft has released 59 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and one of them referring to previous security bulletins which have undergone a major revision increment.

2017-7-11

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2017-7-10

GovCERT.HK - Security Alert (A17-07-02): Vulnerability in Apache Struts

A vulnerability is relevant if the Apache Struts system adopts the "Struts 2 Struts 1 plugin".

2017-7-10

GovCERT.HK - Weekly IT Security News Bulletin (3 July 2017 - 9 July 2017)

- Researchers crack GnuPG crypto library to steal 1024-bit RSA encryption private key
- CopyCat malware infected 14 million Android devices around the world
- Dumping credentials from Windows Local Security Authority Subsystem (LSASS) for malware spreading

2017-4-3 to

2017-7-7

"Smart Home, Safe Living" 1-Page Comic Drawing Contest

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2017-7-7

Cyber Smart Advice: Botnet-related virus changes rapidly and hard to detect (Chinese only)

Cisco has released a security advisory to address the vulnerabilities of Simple Network Management Protocol (SNMP) in Cisco IOS and IOS XE software.

2017-7-7

Cyber Smart Advice: Botnet-related virus changes rapidly and hard to detect (Chinese only)

Please refer to Chinese version

2017-7-4 to

2017-7-5

Cybersecurity Fundamentals Workshop

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-7-3 to

2017-7-4

Security Congress APAC 2017

Organised by ISC2

2017-7-4

Phishing Attack - Suspicious mobile application related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile application (Apps), which has been reported to the HKMA.

2017-7-3

Phishing Attack - Phishing Attack

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on fraudulent website, which has been reported to the HKMA.

2017-7-3

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-7-3

GovCERT.HK - Weekly IT Security News Bulletin (26 June 2017 - 2 July 2017)

- Petrwrap ransomware outbreak goes global
- WordPress plugin used by 300,000+ sites found vulnerable to SQL injection attack

2017-6-30

GovCERT.HK - Security Alert (A17-06-07): Multiple Vulnerabilities in ISC BIND

Multiple vulnerabilities were found in the ISC BIND software. A remote attacker that can send and receive messages to an authoritative DNS server and with knowledge of a valid Transaction Signature (TSIG) key name could send specially crafted packets to read or manipulate zone contents.

2017-6-30

Cyber Smart Advice: Employing New and Updated System to Safeguard Your Computer

Please refer to Chinese version

2017-6-29

Public Awareness Seminar on WiFi Security 2017

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-6-29

HKCERT – Security Blog: New Ransomware "NotPetya"

Yesterday (June 28, 2017) a new ransomware was widely spread in Ukraine and several European and American regions.

2017-6-29

HKCERT – Security Blog: From WannaCry to the Roadmap of Industry 4.0

In May 2017, the "WannaCry" ransomware brought the world with a shock. The attack had alarmed for the emerging cyber attacks to the industrial systems.

2017-6-28

HKCERT: Watch out for New Ransomware

In light of the new ransomware attacks on computer users across the world, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council today (28 June 2017) urged the public to be vigilant.

2017-6-28

GovCERT.HK - Security Alert (A17-06-06): Defences against the “Petrwrap” Ransomware Attack

The recent worldwide ransomware attack named as "Petrwrap" is spreading wildly in Europe and has already affected many organisations including governments and public utilities.

2017-6-28

S for IT speaks on ransomware attacks (Chinese only)

Please refer to Chinese version

2017-6-28

HKCERT - Security Bulletin: Petrwrap / NotPetya Ransomware Encrypts Victim Data

A new variant of ransomware known as Petwrap / Petrwrap / Petya / NotPetya / Nyetya is spreading quickly. HKCERT was aware that it is widespread overseas. The different name indicate the industry is debating if the ransomware is directly related to another known ransomware Petya.

2017-6-26

GovCERT.HK - Weekly IT Security News Bulletin (19 June 2017 - 25 June 2017)

- The British Parliament has been hit by a cyberattack
- Few victims reporting ransomware attacks to FBI
- Personal details of nearly 200 million U.S. citizens exposed

2017-6-23

Cyber Security for Industry 4.0

Organised by Hong Kong Productivity Council / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2017-6-23

GovCERT.HK - Security Alert (A17-06-05): Multiple Vulnerabilities in Linux/Unix Operating Systems

Multiple vulnerabilities were found in the memory management of the affected operating systems. These vulnerabilities can lead to privilege escalation on these systems by corrupting memory and executing arbitrary code.

2017-6-23

HKPC Helps Hong Kong Industry Gear up Cyber Security for Industry 4.0

Hong Kong industries must strengthen their cyber security capabilities in order to reap the full benefits of “Industry 4.0” and to satisfy the market trend of mass customisation, Mrs Agnes Mak, Executive Director of the Hong Kong Productivity Council (HKPC), told a conference on “Cyber Security for Industry 4.0” which opens today (23 June 2017).

2017-6-23

Cyber Smart Advice: Enhance the IoT security and avoid being the tools of hackers

Please refer to Chinese version

2017-6-21

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-6-20

《中小企網絡保安自保錦囊》研討會

Organised by Hong Kong Productivity Council

2017-6-19

GovCERT.HK - Weekly IT Security News Bulletin (12 June 2017 - 18 June 2017)

- Patch NOW for critical Windows vulnerabilities facing destructive cyber-attacks
- HIDDEN COBRA denial-of-service botnet infrastructure
- Xavier: an information stealing ad library on Android

2017-6-16

GovCERT.HK - Security Alert (A17-06-04): Multiple Vulnerabilities in ISC BIND

Multiple vulnerabilities were found in the ISC BIND software.

2017-6-16

Experts share cyber security information at the Industry 4.0 Conference

Please refer to Chinese version

2017-6-14

GovCERT.HK - Security Alert (A17-06-03): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs, library flaw, out-of-bounds read and use-after-free error, etc.

2017-6-14

GovCERT.HK - Security Alert (A17-06-02): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption and use-after-free error.

2017-6-14

GovCERT.HK - Security Alert (A17-06-01): Multiple Vulnerabilities in Microsoft Products (June 2017)

Microsoft has released 79 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2017-6-12

GovCERT.HK - Weekly IT Security News Bulletin (5 June 2017 - 11 June 2017)

- Botnets overshadowed by ransomware
- Organisations failing to upgrade systems and enforce patches

2017-6-10

Inter-University Capture the Flag Contest 2017

Organised by Hong Kong Applied Science and Technology Research Institute Company Limited

2017-6-9

The 18th Info-Security Conference 2017

Organised by e21 Eventnna & Questex

2017-6-9

Cyber Smart Advice: New malware spreading faster than WannaCry (Chinese Only)

Please refer to Chinese version

2017-6-7

LCQ22: Capability of institutions in Hong Kong in coping with major computer security incidents

Following is a question by Dr Hon Elizabeth Quat and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (June 7)…

2017-6-6

Phishing Attack - Fraudulent website related to The Hongkong and Shanghai Banking Corporation Limited

2017-6-5

HKCERT – Security Blog: Beware of 'Fireball' marketing adware

HKCERT is aware that a security vendor has published a research on a Fireball marketing adware, claimed to has infected over 250 million computers worldwide.

2017-6-5

GovCERT.HK - Weekly IT Security News Bulletin (29 May 2017 - 4 June 2017)

- The Judy malware spreads through apps on Google Play
- Fireball ignites 250 million computers worldwide
- Random numbers: Hard times ahead for hackers

2017-6-2

Title: Cyber Smart Advice: Stay vigilant against ransomware and spam email (Chinese Only)

Please refer to Chinese version

2017-6-1

Phishing Attack - Fraudulent website related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) today (June 1) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on fraudulent website, which has been reported to the HKMA.

2017-5-31

LCQ9: Information security of government departments, public bodies and organisations involved in public works projects

Following is a question by the Hon Charles Peter Mok and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (May 31)…

2017-5-29

GovCERT.HK - Security Alert (A17-05-07): Vulnerability in Synology DiskStation Manager (DSM) for Network Attached Storage (NAS) servers

A vulnerability is found in the Synology DSM for NAS servers. A remote authenticated attacker could exploit the vulnerability by uploading a shared library to a writable shared folder for remote execution.

2017-5-29

HKCERT – Security Blog: Watch out for "WannaCry" on the Linux platform

While the impact of WannaCry worm to Windows users is still so fresh in memory, a similar vulnerability of the Samba service was discovered in Linux platform.

2017-5-29

GovCERT.HK - Weekly IT Security News Bulletin (22 May 2017 - 28 May 2017)

- EternalRocks spreads through additional Shadow Brokers exploits
- SambaCry? No panic and fix it
- Persirai 惡意程式肆虐 IP Cam 或會成為殭屍網絡一員

2017-5-27

PISA Security Jam 2017

Organised by Professional Information Security Association

2017-5-26

Cyber Smart Advice: Trace Hackers through Computer Logs

Please refer to Chinese version

2017-5-24

GovCERT.HK - Security Alert (A17-05-06): Multiple Vulnerabilities in IBM Notes and Domino

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks as listed in the Oracle Critical Patch Update Advisories (Jan 2017).

2017-5-22

GovCERT.HK - Weekly IT Security News Bulletin (15 May 2017 - 21 May 2017)

- Behind WannaCry, Jaff, UIWIX and Adylkuzz line up
- WannaCry 勒索軟件香港最新狀況
- Fake WhatsApp.com URL gets users to install adware

2017-5-19

Cyber Smart Advice: Take Security Precautions Against WannaCry Ransomware

Please refer to Chinese version

2017-5-18

GovCERT.HK - Security Alert (A17-05-05): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 41 vulnerabilities in iOS versions prior to iOS 10.3.2.

2017-5-17

HKCERT – Security Blog: Be Aware of Spam Emails spreading Jaff Ransomware

While the world's attention is focusing on the WannaCry ransomware, another ransomware, called Jaff, is spreading through massive spam emails.

2017-5-17

Government guards against ransomware attacks

The Office of the Government Chief Information Officer (OGCIO) said today (May 15) that reminders had been sent in the past few days to urge all government departments to enhance their resilience capabilities through backup of data and updating of Windows software to guard against the ransomware WannaCry.

2017-5-17

LCQ16: Protecting government documents taken out

Following is a question by the Hon Lam Cheuk-ting and a written reply by the Secretary for Development, Mr Eric Ma, in the Legislative Council today (May 17).

2017-5-17

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

2017-5-15

Government stays vigilant to ransomware attacks

With the ransomware WannaCry spreading quickly around the world, the Government will continue to stay vigilant and guard against the ransomware, the Secretary for Innovation and Technology, Mr Nicholas W Yang, said today (May 15). So far, the Office of the Government Chief Information Officer (OGCIO) has not yet received from government departments any security incident report on the ransomware threat, and all government information systems are operating normally.

2017-5-15

GovCERT.HK - Weekly IT Security News Bulletin (8 May 2017 - 14 May 2017)

- Massive ransomware infections hit computers around the world
- Deprecation of SHA-1 for SSL/TLS certificates in Microsoft Edge and Internet Explorer 11
- 台灣 1.7 億項個人資料外泄犯罪集團涉販賣個人資料牟利

2017-5-14

GovCERT.HK - Security Alert (A17-05-04) : Defences against the "WannaCry" Ransomware Attack

An urgent step-up actions are called for to ward off the “WannaCry” ransomware attacks and ensure that your computer would not be affected by the attacks.

2017-5-14

HKCERT – Security Blog: Beware of WannaCry Ransomware Spreading

An new ransomware variant called WannaCry (also known as WannaCrypt, Wanna Decryptor) was spreading and impacted many important public services overseas by encrypting the important files for ransom.

2017-5-13

HKCERT – Security Bulletin: WannaCry Ransomware Encrypts Victim Data

A new variant of ransomware known as WannaCry (WannaCrypt) is spreading quickly, through a Windows SMB vulnerability (EternalBlue and DoublePulsar). HKCERT was aware that there is a widespread overseas.

2017-5-12

Cyber Smart Advice: Download Apps from Official Stores to Avoid DNS Hijacking (Chinese Only)

Please refer to Chinese version

2017-5-10

GovCERT.HK - Security Alert (A17-05-03) : Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption and use-after-free error.

2017-5-10

GovCERT.HK - Security Alert (A17-05-02) : Multiple Vulnerabilities in Microsoft Products (May 2017)

Microsoft has released 57 security updates addressing multiple vulnerabilities which affect several Microsoft products or components listed in Affected Systems section.

2017-5-8

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-5-8

GovCERT.HK - Weekly IT Security News Bulletin (1 May 2017 - 7 May 2017)

- Intrusion affecting multiple victims across multiple sectors
- Intel patches a critical CPU vulnerability

2017-5-5

Cyber Smart Advice: Security Tips for Customers of Online Stores Targeted by Malware

Please refer to Chinese version

2017-5-4

GovCERT.HK - Security Alert (A17-05-01): Vulnerability in Intel Products

Intel has issued a security advisory to address a privilege escalation vulnerability in Intel manageability products including Intel Active Management Technology (AMT), Intel Small Business Technology (SBT), and Intel Standard Manageability (ISM).

2017-5-1

GovCERT.HK - Weekly IT Security News Bulletin (24 April 2017 - 30 April 2017)

- INTERPOL operation uncovers nearly 9,000 C2 servers in ASEAN
- 微軟花 9 個月修復漏洞黑客趁機盜百萬帳戶
- 流動電話如何變成企業威脅？

2017-4-28

Cyber Smart Advice: Defend against Network Blackmail by Reinforcement of Information Security

Please refer to Chinese version

2017-4-26

The 9th InfoSecurity Summit 2017

Organised by Market Intelligence Group Limited

2017-4-25

HKCERT - Security Blog: Hong Kong Google Play Store's Apps Security Risk Report (April 2017)

HKCERT cooperates with the CNCERT for detecting malicious and suspicious behaviors of Apps from the Google Play Store, in order to study the security risk of apps in the Google Play Store in Hong Kong area.

2017-4-24

GovCERT.HK - Weekly IT Security News Bulletin (17 April 2017 - 23 April 2017)

- BrickerBot permanent denial-of-service attack
- When flashlights attack, Android passwords get stolen

2017-4-21

Build a Secure Cyberspace 2017 – "Smart Home, Safe Living" Seminar

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2017-4-21

GovCERT.HK - Security Alert (A17-04-08): Vulnerability in IBM Domino

IBM has issued a security bulletin to address a stack-based buffer overflow vulnerability in IMAP service.

2017-4-21

Cyber Smart Advice: Protect your Website by Performing Vulnerability Scanning (Chinese only)

Please refer to Chinese version

2017-4-20

CSA HKM Knowledge Sharing Event - April 2017

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2017-4-20

GovCERT.HK - Security Alert (A17-04-07): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2017-4-19

GovCERT.HK - Security Alert (A17-04-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (April 2017)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2017-4-18

International IT Fest - Mobile Payment Security Seminar

Organised by Hong Kong Computer Society

2017-4-17

GovCERT.HK - Weekly IT Security News Bulletin (10 April 2017 - 16 April 2017)

- Stealing PINs via mobile sensors: actual risk versus user perception
- Shadow Brokers release more NSA exploits
- 何郭佩珍中學電郵泄學生及家長資料

2017-4-14

Cyber Smart Advice: SME Website without Protection is Vulnerable to Hackers (Chinese only)

Please refer to Chinese version

2017-4-13

HKCERT - Security Blog: Windows Vista End of Support

Microsoft has announced the end of support (EOS) date of Windows Vista on 11 April 2017 and will no longer provide support and security patch for Windows Vista.

2017-4-13

GovCERT.HK - Security Alert (A17-04-05): Multiple Vulnerabilities in ISC BIND

Multiple vulnerabilities were found in the ISC BIND software.

2017-4-12

GovCERT.HK - Security Alert (A17-04-04): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.

2017-4-12

GovCERT.HK - Security Alert (A17-04-03): Multiple Vulnerabilities in Microsoft Products (April 2017)

Microsoft has released 46 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2017-4-11

GovCERT.HK - Security Alert (A17-04-02): Vulnerability in Microsoft Office

A vulnerability is caused by the OLE2Link object issue. An attacker could entice a user to open a malicious document to exploit the vulnerability.

2017-4-10

GovCERT.HK - Weekly IT Security News Bulletin (3 April 2017 - 9 April 2017)

- iCloud mail phishing scam wants to steal Apple accounts, banking data, identity
- Smartphones using Broadcom Wi-Fi chip can be hacked over-the-air
- Microsoft Office zero-day attacks through OLE

2017-4-7

Cyber Smart Advice: Protect NoSQL Database with Proper Security Settings (Chinese only)

Please refer to Chinese version

2017-4-7

GovCERT.HK - Security Alert (A17-04-01): Vulnerability in Apple iOS

Apple has released software update fixing one vulnerability in iOS versions prior to iOS 10.3.1.

2017-4-5

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2017-4-5

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) today (April 5) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-4-3

GovCERT.HK - Weekly IT Security News Bulletin (27 March 2017 - 2 April 2017)

- Suspected theft of Registration and Electoral Office computers
- Exploit code released for zero-day in Microsoft's IIS 6.0

2017-3-31

GovCERT.HK - Security Alert (A17-03-10): Multiple Vulnerabilities in Apple iOS

Apple has released software update fixing 88 vulnerabilities in iOS versions prior to iOS 10.3.

2017-3-31

Cyber Smart Advice: Bringing Access Privilege Control into Information Security Strategy (Chinese only)

Please refer to Chinese version

2017-3-31

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) today (March 31) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2017-3-28

GovCERT.HK - Security Alert (A17-03-09): Multiple Vulnerabilities in IBM Notes

Multiple vulnerabilities are found in IBM Lotus Notes related to Expat XML Parser.

2017-3-27

HKCERT – Security Blog: Hong Kong Google Play Store's Apps Security Risk Report (March 2017)

HKCERT cooperates with CNCERT for detecting malicious and suspicious behaviors of Apps from the Google Play Store, in order to study the security risk of apps in the Google Play Store in Hong Kong area.

2017-3-27

GovCERT.HK - Weekly IT Security News Bulletin (20 March 2017 - 26 March 2017)

- Hackers: we will remotely wipe iPhones unless Apple pays ransom
- DoubleAgent: taking full control over your antivirus

2017-3-25

Subject Talks on “New Era of IT”: Mobile Payment is Safer than You Think

Organised by Hong Kong Public Libraries of LCSD

2017-3-24

Fraudulent website related to The Bank of East Asia, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited on fraudulent website, which has been reported to the HKMA.

2017-3-24

Fraudulent website related to Industrial and Commercial Bank of China Limited

The Hong Kong Monetary Authority (HKMA) today (March 24) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited on fraudulent website, which has been reported to the HKMA.

2017-3-24

Cyber Smart Advice: Systems Lacking of Access Privilege Control is More Vulnerable to Cyber Threats (Chinese only)

Please refer to Chinese version

2017-3-23

GovCERT.HK - Security Alert (A17-03-06): Multiple Vulnerabilities in Cisco Products (March 2017)

Cisco has released 5 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software.

2017-3-22

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) today (March 22) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2017-3-20

GovCERT.HK - Security Alert (A17-03-07): Vulnerability in Cisco Products

Cisco has released a security advisory about a vulnerability in Cisco devices. A remote attacker could exploit the vulnerability by sending malformed CMP-specific Telnet options to the affected system.

2017-3-20

GovCERT.HK - Security Alert (A17-03-06): Vulnerability in Firefox

Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused by integer overflow.

2017-3-20

GovCERT.HK - Weekly IT Security News Bulletin (13 March 2017 - 19 March 2017)

- Check Point discloses vulnerability that allowed hackers to take over hundreds of millions of WhatsApp & Telegram accounts
- U.S. charges Russian hackers for hacking millions of Yahoo email accounts

2017-3-17

Cyber Smart Advice: Missing Renewal of Domain Name could lead to Criminal Exploitation (Chinese only)

Please refer to Chinese version

2017-3-17

GovCERT.HK - Security Alert (A17-03-05): Vulnerability in Linux Kernel

A local privilege escalation vulnerability is found in the Linux kernel 4.10.1 and earlier versions.

2017-3-16

ISACA Annual Conference: Inspiration and Challenges of IT Governance vs Cybersecurity - 2017 and Beyond

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-3-15

GovCERT.HK - Security Alert (A17-03-04): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by buffer overflow, memory corruption, random number generator flaw and use-after-free error.

2017-3-15

GovCERT.HK - Security Alert (A17-03-03): Multiple Vulnerabilities in Microsoft Products (March 2017)

Microsoft has released 18 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components

2017-3-13

GovCERT.HK - Weekly IT Security News Bulletin (6 March 2017 - 12 March 2017)

- WikiLeaks releases files on CIA cyber spying tools which can compromise desktop operating systems, iOS systems, Android devices, internet routers, smart TVs, and more
- Researchers from Northeastern University say tens of thousands of sites are using JavaScript libraries that are years old and contain publicly known vulnerabilities

2017-3-8

GovCERT.HK - Security Alert (A17-03-01): Vulnerability in Apache Struts

A vulnerability is found at the jakarta based file upload Multipart parser of Apache Struts2 that could allow remote code execution at the affected application server.

2017-3-6

GovCERT.HK - Weekly IT Security News Bulletin (27 February 2017 - 5 March 2017)

- RATANKBA: Delving into large-scale watering holes against enterprises
- Three years after Heartbleed, how vulnerable are you?

2017-3-3

Cyber Smart Advice: Open Source Android System Causes Inevitable Security Risks (Chinese only)

Please refer to Chinese version

2017-2-27

GovCERT.HK - Weekly IT Security News Bulletin (20 February 2017 - 26 February 2017)

- 94% of critical Microsoft vulnerabilities mitigated by removing admin rights
- Researchers uncover new leads behind Shamoon2

2017-10-20 to

2017-2-26

Cyber Security Professionals Awards 2017

Organised by Hong Kong Police Force (HKPF) / Office of the Government Chief Information Officer (OGCIO) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2017-2-24

Phishing Attack - Phishing Attacks - Fraudulent website related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) today (February 24) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on fraudulent website, which has been reported to the HKMA.

2017-2-23

CPD Seminar - Artificial Intelligence for Anti-Fraud

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-2-23

Phishing Attack - Phishing Attacks - Fraudulent website related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) today (February 23) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on fraudulent website, which has been reported to the HKMA.

2017-2-21

Security Blog - Hong Kong Google Play Store's Apps Security Risk Report (February 2017)

2017-2-20

GovCERT.HK - Weekly IT Security News Bulletin (13 February 2017 - 19 February 2017)

- Analysis of Internet-connected devices reveals millions are vulnerable to attack
- Yahoo warns users of account breaches related to recent attacks

2017-2-17

Cyber Smart Advice: Protect the Websites with Updated Digital Certificates

Please refer to Chinese version

2017-2-16

Phishing Attack - Phishing Attacks - Fraudulent website related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on fraudulent website, which has been reported to the HKMA.

2017-2-15

Phishing Attack - Phishing Attacks - Fraudulent website related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) today (February 15) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on fraudulent website, which has been reported to the HKMA.

2017-2-15

GovCERT.HK - Security Alert (A17-02-02): Multiple Vulnerabilities in Adobe Flash Player

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by integer overflow, heap buffer overflow, use-after-free error, memory corruption, and type confusion.

2017-2-13

Phishing Attack - Phishing Attacks - Suspicious Internet banking mobile application related to OCBC Wing Hang Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited on suspicious Internet banking mobile application (Apps), which has been reported to the HKMA.

2017-2-13

GovCERT.HK - Weekly IT Security News Bulletin (6 February 2017 - 12 February 2017)

- How e-mail filtering helps defend against malware and ransomware
- Newly discovered flaw undermines HTTPS connections for almost 1 000 sites

2017-2-10

Smart-Space Lunch Gathering: Film showing - In a Flash! A lesson in Cybersecurity

Organised by Hong Kong Cyberport Management Company Limited

2017-2-10

GovCERT.HK - Security Alert (A17-02-01): Vulnerability in ISC BIND

A vulnerability was found in the ISC BIND software. A remote attacker could send a specially crafted query to trigger an assertion failure or read a NULL pointer which could cause the BIND to exit.

2017-2-10

Cyber Smart Advice: The 3 Steps of Information Security against New Threats

Please refer to Chinese version

2017-2-9

HKCERT – Security Blog - Advices on the security concerns of the PopVote System

HKCERT is aware of the recent security issues found in the PopVote polling system deployed in early February 2017. Advices have been made to ensure the public’s personal information safety.

2017-2-8

HKCERT – Security Blog - Vulnerable ownCloud/Nextcloud based private cloud servers found in HK

HKCERT has received reports from CERT-Bund, the federal CERT of Germany, about vulnerable installations of ownCloud and Nextcloud found in Hong Kong.

2017-2-6

Tech talk "Safe Browsing & Evolving Security Threats"

Organised by Cloud Security Alliance Hong Kong & Macau Chapter / Hong Kong Polytechnic University / Information Systems Audit and Control Association, China Hong Kong Chapter / Professional Information Security Association

2017-2-6

GovCERT.HK - Weekly IT Security News Bulletin (30 January 2017 - 5 February 2017)

- Cisco 2017 Annual Cybersecurity Report: chief security officers reveal true cost of breaches and the actions organisations are taking
- Microsoft Windows SMB Tree Connect Response denial of service vulnerability

2017-2-3

Cyber Smart Advice: Forecast of Cyber Threats in 2017 (Chinese only)

Please refer to Chinese version

2017-2-1

Phishing Attack - Phishing Attacks - Suspicious Internet banking mobile application related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on suspicious mobile application (Apps), which has been reported to the HKMA.

2017-1-30

GovCERT.HK - Weekly IT Security News Bulletin (23 January 2017 - 29 January 2017)

- Gmail will block .js file attachments starting February 2017 13, 2017
- Evolving Office 365 Advanced Threat Protection with URL Detonation and Dynamic Delivery

2017-1-27

Cyber Smart Advice: Mobile Malicious Software Targeting Google Users (Chinese only)

Please refer to Chinese version

2017-1-26

HKCERT – Security Blog - Be aware of DDoS extortion

HKCERT was aware that the DD4BC (Distributed Denial of Service for Bitcoin) attacks targeting SME were back to Hong Kong in Jan 2017. To minimise the potential security risk, user should take proactive actions to protect their IT systems.

2017-1-26

GovCERT.HK - Security Alert (A17-01-06): Multiple Vulnerabilities in Apple iOS (26-Jan-2017)

Apple has released software update fixing 18 vulnerabilities in iOS versions prior to iOS 10.2.1.

2017-1-25

Cyber Smart Advice: Hong Kong was affected by the “Avalanche” cyber attack (Chinese only)

Please refer to Chinese version

2017-1-25

GovCERT.HK - Security Alert (A17-01-05): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2017-1-24

Phishing Attack - Fraudulent website related to China Citic Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Citic Bank International Limited on fraudulent website, which has been reported to the HKMA.

2017-1-23

GovCERT.HK - Weekly IT Security News Bulletin (16 January 2017 - 22 January 2017)

- Locky ransomware is on the March again
- WhatsApp vulnerability allows snooping on encrypted messages

2017-1-20

HKCERT – Security Blog: Be aware of ransomware targeting NoSQL Databases

HKCERT was aware that a rising trend of ransomware attack targeting publicly accessible NoSQL Databases in Jan 2017.

2017-1-18

CPD Seminar – Managing SaaS-specific risks for cloud customers

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2017-1-18

GovCERT.HK - Security Alert (A17-01-04): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2017)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2017-1-16

HKPC Warns of Rising Trend of Cybercrime-as-a-Service

With the growing trend of “cybercrime-as-a-service”, information security experts at the Hong Kong Productivity Council (HKPC) today (16 January 2017) urged enterprises and the public to strengthen their guard against a surge in attacks from ransomware, and incidents targeting web servers, mobile and Internet of Things (IoT) devices.

2017-1-16

HKCERT – Security Blog: Visbot infected HK websites notified risk of credit card data leakage, and release of Magento security guide

In Dec 2016, a Dutch information security researcher (gwillem.gitlab.io) has released a research report on websites installed with Magento, a popular eCommerce application for online transaction, infected with ‘Visbot’ malware.

2017-1-16

GovCERT.HK - Weekly IT Security News Bulletin (9 January 2017 - 15 January 2017)

- Keynote Speech by Mr. Victor Lam, JP, Deputy Government Chief Information Officer, at the “Gazing Through the Crystal Ball: CyberSecurity 2017 - Predicting the Good, the Bad and the Ugly” Seminar
- MongoDB ransomware attack

2017-1-14

(ISC)2 Hong Kong Chapter Feature Talk - Remote Attacks on Vehicles by Exploiting Vulnerable Telematics

Organised by ISC2 Hong Kong Chapter

2017-1-13

HKNGIS Technical Seminar - Gazing through the Crystal Ball: Cyber Security 2017 - Predicting the Good, the Bad and the Ugly

Organised by Hong Kong Next Generation Internet Society

2017-1-13

Cyber Smart Advice: Know more on “Call-Blocking” app to avoid leakage of personal data (Chinese only)

Please refer to Chinese version

2017-1-12

GovCERT.HK - Security Alert (A17-01-03): Multiple Vulnerabilities in ISC BIND

Multiple vulnerabilities were found in the ISC BIND software. Both authoritative and recursive name servers are affected.

2017-1-11

Stay Informed in Mobile Era – Public Seminar

Organised by Communications Authority

2017-1-11

LCQ8: CyberSecurity Information Sharing Platform and Cyber Intelligence Sharing Platform

Following is a question by Dr Hon Cheng Chung-tai and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (January 11)

2017-1-11

GovCERT.HK - Security Alert (A17-01-02): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by heap buffer overflow, use-after-free error, security bypass, memory corruption, and type confusion.

2017-1-11

GovCERT.HK - Security Alert (A17-01-01): Multiple Vulnerabilities in Microsoft Products (January 2017)

Microsoft has released 4 security bulletins addressing multiple vulnerabilities which affect several Microsoft products or components.

2017-1-11

Phishing Attack - Fraudulent website related to The Hongkong and Shanghai Banking Corporation Limited

2017-1-9

Phishing Attack - Fraudulent website related to Industrial and Commercial Bank of China Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited on fraudulent website, which has been reported to the HKMA.

2017-1-9

GovCERT.HK - Weekly IT Security News Bulletin (2 January 2017 - 8 January 2017)

- An APAC perspective: Cyber security predictions for 2017
- Blockchain: An answer to governmental hacking concerns

2017-1-6

Cyber Smart Advice: Ransomware Spread via Infected Advertisements (Chinese only)

Please refer to Chinese version

2017-1-5

CSA HKM Knowledge Sharing Event – January 2017

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2017-1-5

Phishing Attack - Fraudulent website related to OCBC Wing Hang Bank Limited

The Hong Kong Monetary Authority (HKMA) today (January 5) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-1-4

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2017-1-3

HKCERT – Security Bulletin: Apple iOS Messages App VCF Processing Vulnerability

A vulnerability was identified in Apple IOS, exploit of this vulnerability could cause the target application to crash.