InfoSec: Search by News & Events

Cisco has released the security advisory to address a vulnerability in Cisco Adaptive Security Appliance (ASA) software with web management interface enabled.

2018-12-20

GovCERT.HK - High Threat Security Alert (A18-12-08): Vulnerability in Microsoft Products

Microsoft has released a security advisory addressing the scripting engine memory corruption vulnerability in Microsoft Internet Explorer.

2018-12-18

Phishing Attack - Fraudulent website related to Shanghai Commercial Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Shanghai Commercial Bank Limited on fraudulent website, which has been reported to the HKMA.

2018-12-17

GovCERT.HK - Security Alert (A18-12-07): Vulnerability in IBM Notes and Domino

A vulnerability is found in the Notes System Diagnostic (NSD) service of the IBM Notes and Domino Windows versions.

2018-12-17

Phishing Attack - Fraudulent website related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website, which has been reported to the HKMA.

2018-12-17

GovCERT.HK - Weekly IT Security News Bulletin (10 December 2018 - 16 December 2018)

- A new Wi-Fi hack against WPA/WPA2
- Moving data to cloud can magnify security risks

2018-12-14

Cyber Smart Advice: Identity surveillance service does not solve leakage of personal data

Please refer to the Chinese version.

2018-12-14

Phishing Attack - Fraudulent websites and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing email, which has been reported to the HKMA.

2018-12-13

Cloud Security Alliance Hong Kong & Macau Chapter

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2018-12-13

Phishing Attack - Fraudulent website related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website, which has been reported to the HKMA.

2018-12-12

GovCERT.HK - Security Alert (A18-12-06): Multiple Vulnerabilities in phpMyAdmin

phpMyAdmin is a PHP application designed to handle administration of MySQL or MariaDB through a web interface.

2018-12-12

GovCERT.HK - Security Alert (A18-12-05): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2018-12-12

GovCERT.HK - Security Alert (A18-12-04): Multiple Vulnerabilities in Adobe Reader/Acrobat

Security updates are released for Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-12-12

GovCERT.HK - High Threat Security Alert (A18-12-03): Multiple Vulnerabilities in Microsoft Products (December 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate active exploitation against vulnerability in Windows kernel has been observed.

2018-12-10

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-12-10

GovCERT.HK - Weekly IT Security News Bulletin (3 December 2018 - 9 December 2018)

- What vulnerabilities can a penetration test find?
- Lessons learnt from the SingHealth cyber attack

2018-12-7

Cyber Smart Advice: Seven habits of cyber security for SMEs

Please refer to the Chinese version.

2018-12-6

Practical Workshop on Blockchain for Audit & Risk Professionals

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-12-6

Phishing Attack - Suspicious mobile application related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on suspicious mobile application (App), which has been reported to the HKMA.

2018-12-6

GovCERT.HK - Security Alert (A18-12-02): Multiple Vulnerabilities in Apple iOS

Apple has released a security update in its latest iOS version 12.1.1 to fix 20 vulnerabilities identified in various iOS devices.

2018-12-6

GovCERT.HK - High Threat Security Alert (A18-12-01): Multiple Vulnerabilities in Adobe Flash Player

Adobe released a security update to address some vulnerabilities found in the Adobe Flash Player. Reports indicate that one of the vulnerabilities is being exploited in the wild.

2018-12-5

Modern Endpoint Security

Organised by Professional Information Security Association

2018-12-5

HKCERT - Security Blog: Best Practice Guide of Remote Desktop (for corporate administrator)

Remote Desktop is a useful tool for remote control a computer, but misconfigured Remote Desktop is risky.

2018-12-4

Phishing Attack - Suspicious mobile application related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious application (App), which has been reported to the HKMA.

2018-12-3

GovCERT.HK - Weekly IT Security News Bulletin (26 November 2018 - 2 December 2018)

- The four pillars of cyber hygiene
- UPnProxy and EternalSilence expose 1.7 million devices behind routers

2018-11-30

Cyber Smart Advice: Beware of leakage of personal data

Please refer to the Chinese version.

2018-11-29

HKCERT - Security Blog: The die was cast: Always handle customer information with caution

Again, another data leakage incident was found from a famous credit scoring company in Hong Kong.

2018-11-29

Phishing Attack - Suspicious mobile application related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile application (App), which has been reported to the HKMA.

2018-11-28

PCPD - Privacy Commissioner Receives Credit Data Breach Notification

The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner), Mr Stephen Kai-yi WONG received a data breach notification from TransUnion Limited (TransUnion) in respect of suspected security loopholes in the application procedures for credit reports.

2018-11-27

Phishing Attack - Suspicious mobile application related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious application (App), which has been reported to the HKMA.

2018-11-26

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-11-26

GovCERT.HK - Weekly IT Security News Bulletin (19 November 2018 - 25 November 2018)

- Unpatched Apple users are vulnerable to IDN homograph attacks
- Web authentication without passwords

2018-11-23

Cyber Smart Advice: 4 tips on remote desktop security

Please refer to the Chinese version.

2018-11-23

GovCERT.HK - Security Alert (A18-11-08): Vulnerability in VMware Products

VMware has published a security advisory to address an integer overflow vulnerability in the virtual network devices.

2018-11-23

Phishing Attack - Suspicious mobile applications related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile applications (Apps), which has been reported to the HKMA.

2018-11-21

Phishing Attack - Fraudulent website related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website, which has been reported to the HKMA.

2018-11-21

GovCERT.HK - Security Alert (A18-11-07): Vulnerability in Adobe Flash Player

Adobe released a security update to address a vulnerability found in the Adobe Flash Player.

2018-11-19

Phishing Attack - Phishing email related to Industrial and Commercial Bank of China (Asia) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited on phishing email, which has been reported to the HKMA.

2018-11-19

Phishing Attack - Fraudulent websites related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites, which has been reported to the HKMA.

2018-11-19

Phishing Attack - Phishing email related to Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by the Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-11-19

GovCERT.HK - Weekly IT Security News Bulletin (12 November 2018 - 18 November 2018)

- HTTP/3 comes for both performance and security
- Blockchain as a service to certify digital assets

2018-11-16

GovCERT.HK - Security Alert (A18-11-06): Multiple Vulnerabilities in IBM Notes and Domino

Multiple vulnerabilities are found in IBM Notes and Domino. The bundled Java virtual machine (JVM) is susceptible to different attacks which may allow remote attackers to exploit the vulnerable systems without authentication.

2018-11-16

Cyber Smart Advice: Tackling vulnerability starts from security by design

Please refer to the Chinese version.

2018-11-16

Phishing Attack - Phishing emails related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing emails, which has been reported to the HKMA.

2018-11-15

Phishing Attack - Fraudulent website related to The Bank of East Asia, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited on fraudulent website, which has been reported to the HKMA.

2018-11-14

GovCERT.HK - Security Alert (A18-11-05): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-11-14

GovCERT.HK - High Threat Security Alert (A18-11-04): Multiple Vulnerabilities in Microsoft Products (November 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2018-11-14

Phishing Attack - Fraudulent websites related to The Shanghai Commercial & Savings Bank, Ltd.

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Shanghai Commercial & Savings Bank, Ltd. on fraudulent websites, which has been reported to the HKMA.

2018-11-13

Phishing Attack - Suspicious mobile applications related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile applications (apps), which has been reported to the HKMA.

2018-11-13

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-11-12

GovCERT.HK - Security Alert (A18-11-03): Multiple Vulnerabilities in VMware Products

VMware has published a security advisory to address an uninitialised stack memory vulnerability in the vmxnet3 virtual network adapter.

2018-11-12

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-11-12

GovCERT.HK - Weekly IT Security News Bulletin (5 November 2018 - 11 November 2018)

- Artificial intelligence could be weaponised in future cyber attacks
- Guidelines for managing privileged accounts

2018-11-10

HKCERT - Security Blog: Security and Privacy by Design - Crucial to Web Application

HKCERT is aware that some sensitive information were public accessible from an online application system of a sport event.

2018-11-9

Cyber Smart Advice: Leaked information used by cyber attacks

Please refer to the Chinese version.

2018-11-9

HKCERT - Security Blog: Secure your Email - it is essential to the Overall Security of Mobile Payment Services

We are aware of recent security incidents related to mobile payment.

2018-11-9

Phishing Attack - Fraudulent website related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on fraudulent website, which has been reported to the HKMA.

2018-11-9

GovCERT.HK - Security Alert (A18-11-02): Vulnerabilities in Solid State Drives (SSDs) with Hardware Encryption

A local attacker could disclose the encrypted information on the vulnerable Solid State Drives (SSD) by altering the firmware through the debugging interface.

2018-11-7

GovCERT.HK - Security Alert (A18-11-01): Vulnerability in Commons FileUpload Library for Apache Struts and Other Java-based systems

A vulnerability in the Apache Commons FileUpload library discovered in 2016 affects Apache Struts systems.

2018-11-7

Phishing Attack - Phishing email related to Standard Chartered Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Standard Chartered Bank (Hong Kong) Limited on phishing email, which has been reported to the HKMA.

2018-11-5

Phishing Attack - Phishing email related to the Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by the Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-11-5

GovCERT.HK - Weekly IT Security News Bulletin (29 October 2018 - 4 November 2018)

- Proper disposal of your electronic devices
- Cloud adoption and risk

2018-11-3

HKCERT - Security Blog: Malicious browser extension caused Facebook sensitive information disclosure

HKCERT is aware a report which stated that there were 257,256 Facebook user profiles compromised, of which 81,208 private messages were leaked.

2018-11-2

CPD Seminar - Trends of the Digital Communication: From Unified Messaging, Chatbot, Mobile Workspace, Digital Transformation

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-11-2

Cyber Smart Advice: Lessons learnt in airline data leakage incident

Please refer to the Chinese version.

2018-11-1

Phishing Attack - Suspicious mobile applications related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile application (Apps), which has been reported to the HKMA.

2018-10-31

GovCERT.HK - Security Alert (A18-10-09): Multiple Vulnerabilities in Apple iOS

Apple has released security updates in its latest iOS version 12.1 to fix 31 vulnerabilities identified in various iOS devices.

2018-10-30

HKCERT - Security Blog: Beware of WebApp Programming Vulnerability leads to personal information leakage

It was reported that website of Hong Kong Airline has a vulnerability, the passenger's personal information can be seen by modifying the end of the URL.

2018-10-30

Phishing Attack - Fraudulent website related to OCBC Wing Hang Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited on fraudulent website, which has been reported to the HKMA.

2018-10-29

Phishing Attack - Suspicious mobile applications related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile applications (apps), which has been reported to the HKMA.

2018-10-29

GovCERT.HK - Weekly IT Security News Bulletin (22 October 2018 - 28 October 2018)

- jQuery plugin vulnerability being exploited for years
- The latest state of software application security

2018-10-26

Cyber Smart Advice: What should you do when receiving blackmail email

Please refer to the Chinese version.

2018-10-26

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) today (October 26)wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-10-23 to

2018-10-25

Cyber Security Consortium 2018

Organised by Hong Kong Police Force (HKPF)

2018-10-25

Phishing Attack - Suspicious mobile applications related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile applications (Apps), which has been reported to the HKMA.

2018-10-25

Phishing Attack - Fraudulent website related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website, which has been reported to the HKMA.

2018-10-25

HKCERT - Security Blog: Beware of the unauthorised FPS transaction and SVF setup

Recently, there were reports about unauthorised money transfer between bank account and stored value facilities (SVF). On 30 Sep 2018, the Hong Kong Monetary Authority (HKMA) has launched Faster Payment System (FPS), which enables person-to-person interbank fund transfer using phone number or email address as recipient, and also top-up of some SVF.

2018-10-25

HKCERT - Security Advisory: Cathay Pacific and Cathay Dragon Passenger Data Breach

According to Cathay Pacific announcement on Hong Kong Stock Exchange, they have discovered unauthorised access to their 9.4 million passenger data including its subsidiary Cathay Dragon in early March 2018.

2018-10-25

PCPD - Privacy Commissioner Expresses Serious Concern on Cathay Pacific Airways Data Breach Incident

The Privacy Commissioner for Personal Data, Hong Kong, Mr Stephen Kai-yi WONG, expressed serious concern over the Cathay Pacific Airways data breach incident, noting that the incident might involve a vast amount of personal data of local and foreign citizens.

2018-10-24

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-10-24

GovCERT.HK - Security Alert (A18-10-08): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2018-10-22

GovCERT.HK - Weekly IT Security News Bulletin (15 October 2018 - 21 October 2018)

- Over 60 percent of Internet web sites risk running unsupported PHP in 2018
- End of browser support for TLS 1.0 and TLS 1.1 in 2020

2018-10-19

GovCERT.HK - Security Alert (A18-10-07): Multiple Vulnerabilities in Drupal

Drupal released security updates to fix several vulnerabilities resided in the Drupal Core.

2018-10-19

Cyber Smart Advice: Security measures for the data leakage incident of social media

Please refer to the Chinese version.

2018-10-18

GovCERT.HK - Security Alert (A18-10-06): Vulnerability in VMware Products

VMware has published a security advisory to address a vulnerability in VMware vSphere ESXi (ESXi), VMware Workstation and VMWare Fusion.

2018-10-18

GovCERT.HK - Security Alert (A18-10-05): Multiple Vulnerabilities in Oracle Java and Oracle Products (October 2018)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2018-10-16

Phishing Attack - Fraudulent website related to Dah Sing Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Dah Sing Bank, Limited on fraudulent website, which has been reported to the HKMA.

2018-10-15

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-10-15

Phishing Attack - Fraudulent website related to Dah Sing Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Dah Sing Bank, Limited on fraudulent website, which has been reported to the HKMA.

2018-10-15

GovCERT.HK - Weekly IT Security News Bulletin (8 October 2018 - 14 October 2018)

- Keep your cloud safe
- New phishing emails delivered as replies to conversations

2018-10-12

Cyber Smart Advice: Stay vigilant against different vectors of cyber attack

Please refer to the Chinese version.

2018-10-11

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA.

2018-10-10

GovCERT.HK - High Threat Security Alert (A18-10-04): Multiple Vulnerabilities in Microsoft Products (October 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that proof-of-concept and fully workable exploit codes targeting the vulnerabilities in Microsoft Jet Database Engine and Windows Kernel have been publicly disclosed. Active exploitation against another vulnerability in the Windows operation system has also been observed.

2018-10-8

GovCERT.HK - Weekly IT Security News Bulletin (1 October 2018 - 7 October 2018)

- Patch your Smart TV
- New Application developments produce more vulnerabilities

2018-10-5

Cyber Smart Advice: Staff training for securing company network

Please refer to the Chinese version.

2018-10-5

Phishing Attack - Fraudulent website and phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on fraudulent website and phishing email, which has been reported to the HKMA.

2018-10-4

HKCERT - Security Blog: DNSSEC : ICANN scheduled Root Zone KSK Rollover on 11 October 2018

Domain Name System (DNS) is one of the most critical and common network infrastructure, almost every network application need to use DNS to convert the hostname to IP address, for executing the subsequent network activities.

2018-10-4

GovCERT.HK - Security Alert (A18-10-03): Multiple Vulnerabilities in Cisco Products

Cisco released security advisories to address the vulnerabilities in Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software.

2018-10-4

Phishing Attack - Fraudulent website related to CTBC Bank Co., Ltd.

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by CTBC Bank Co., Ltd. on fraudulent website, which has been reported to the HKMA.

2018-10-3

GovCERT.HK - Security Alert (A18-10-02): Multiple Vulnerabilities in Firefox

Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox.

2018-10-3

Phishing Attack - Fraudulent websites and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing email, which has been reported to the HKMA.

2018-10-3

PCPD - Privacy Commissioner Contacted Facebook for Information on the Hacking Incident Compliance Check Continues

The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG has contacted Facebook to express concern over the Facebook hacking incident and to obtain further information and relevant facts on the case.

2018-10-2

GovCERT.HK - Security Alert (A18-10-01): Multiple Vulnerabilities in Adobe Reader/Acrobat

Security updates are released for Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-10-2

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-10-1

GovCERT.HK - Weekly IT Security News Bulletin (24 September 2018 - 30 September 2018)

- Millions of Facebook accounts breached
- 全港首個跨行業「網絡安全資訊共享夥伴試驗計劃」正式啟動
- Evolving State of Threat Detection

2018-9-29

PCPD - Privacy Commissioner Initiates Compliance Check on Facebook Security Breach (Chinese Version Only)

This media statement provides Chinese version only.

2018-9-29

HKCERT - Security Blog: Please act now to enhance the protection of your Facebook account

It was reported that a vulnerability in "View as" function of Facebook was exploited and affected 50 million users. The vulnerability not only affected Facebook account. If you use Facebook account as authentication for other third party online services, it is possible that an attacker getting control of your Facebook account can also gain access to those third party services.

2018-9-28

Cyber Smart Advice: Planning of incident handling to keep the corporate image

Please refer to the Chinese version.

2018-9-28

HKCERT - Security Blog: Ransomware Variants in the Wild, Stay Alert and Prevent Infection

In the past six months, HKCERT has received a number of cases of ransomware infections, which is on the rise.

2018-9-28

GovCERT.HK - Security Alert (A18-09-08): Vulnerability in Linux Kernel

An Integer overflow vulnerability was found in several Linux distributions.

2018-9-28

GovCERT.HK - Security Alert (A18-09-07): Multiple Vulnerabilities in Cisco Products

Cisco has released 21 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software.

2018-9-28

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-9-26

CSA HKM Knowledge Sharing Event – September 2018

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2018-9-24

First local cross-sector pilot partnership programme for cyber security information sharing officially launched

The Office of the Government Chief Information Officer (OGCIO) officially launched a two-year Pilot Partnership Programme for Cyber Security Information Sharing named Cybersec Infohub and the first cross-sector cyber security information sharing and collaborative platform in Hong Kong today (September 24).

2018-9-24

GovCERT.HK - Weekly IT Security News Bulletin (17 September 2018 - 23 September 2018)

- Five cyber security questions to answer
- DNSSEC root zone Key Signing Key rollover

2018-9-21

Cyber Smart Advice: Effective security monitoring to prevent data leakage

Please refer to the Chinese version.

2018-9-20

Build a Secure Cyberspace 2018 – “Stay Smart, Keep Cyber Scam Away” Seminar cum Video Ad Contest Award Ceremony

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2018-9-20

"Build a Secure Cyberspace" seminar raises public awareness against cyber scams

The annual event "Build a Secure Cyberspace", co-organised by the Office of the Government Chief Information Officer, the Hong Kong Police Force (HKPF) and the Hong Kong Computer Emergency Response Team Co-ordination Centre, has set "Stay Smart, Keep Cyber Scams Away" as the theme this year.

2018-9-20

Phishing Attack - Fraudulent websites related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent websites, which has been reported to the HKMA.

2018-9-20

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-9-20

GovCERT.HK - Security Alert (A18-09-06): Multiple Vulnerabilities in Adobe Reader/Acrobat

Security updates are released for Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-9-18

GovCERT.HK - Security Alert (A18-09-05): Multiple Vulnerabilities in PHP

Multiple vulnerabilities have been found in PHP. A remote attacker could exploit the vulnerabilities via specially crafted requests.

2018-9-18

GovCERT.HK - Security Alert (A18-09-04): Multiple Vulnerabilities in Apple iOS

Apple has released security updates in its latest iOS version 12 to fix 15 vulnerabilities identified in various iOS devices.

2018-9-17

GovCERT.HK - Weekly IT Security News Bulletin (10 September 2018 - 16 September 2018)

- Data breaches continue to be costly
- IoT botnets shift target to organisation

2018-9-14

Cyber Smart Advice: Using strong and effective passwords to protect corporate computers

Please refer to the Chinese version.

2018-9-12

GovCERT.HK - Security Alert (A18-09-03): Vulnerability in Adobe Flash Player

Adobe released a security update to address a vulnerability found in the Adobe Flash Player.

2018-9-12

GovCERT.HK - High Threat Security Alert (A18-09-02): Multiple Vulnerabilities in Microsoft Products (September 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that exploitation of a zero-day vulnerability was detected against Windows systems

2018-9-11

GovCERT.HK - Security Advisory (S18-01) - Protect your routers from VPNFilter malware attack

VPNFilter is a malware designed to infect small office and home office (SOHO) network equipment including routers and network-attached storage (NAS) devices which would allow hackers to perform man-in-the-middle attacks on traffic going through vulnerable routers, gather credentials, and obtain supervisory control.

2018-9-10

GovCERT.HK - Weekly IT Security News Bulletin (3 September 2018 - 9 September 2018)

- Windows Task Scheduler zero day vulnerability being exploited
- Security Knowledge Framework for application developers

2018-9-7

Cyber Smart Advice: 4 tips on cyber security for SMEs

Please refer to the Chinese version.

2018-9-7

Phishing Attack - Phishing emails related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing emails, which has been reported to the HKMA.

2018-9-6

GovCERT.HK - Security Alert (A18-09-01): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2018-9-4 to

2018-9-5

Information Security Summit 2018

Organised by Cloud Security Alliance Hong Kong & Macau Chapter / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) / Hong Kong Computer Society / Hong Kong Information Technology Federation / Hong Kong Productivity Council / High Technology Crime Investigation Association / Information Systems Audit and Control Association, China Hong Kong Chapter / ISC2 / Information Security and Forensics Society / ISOC Hong Kong / Professional Information Security Association

2018-9-5

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-9-5

Phishing Attack - Fraudulent website related to Shanghai Commercial Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Shanghai Commercial Bank Limited on fraudulent website, which has been reported to the HKMA.

2018-9-4

HKPC Urges for Enhanced Cyber Security Awareness and More Sharing of Intelligence in Smart Cities

With the development of smart cities in full swing both locally and overseas, the Hong Kong Productivity Council (HKPC) urges smart system and device users to strengthen cyber security awareness and be more collaborative in intelligence sharing in order to combat new cyber threats.

2018-9-3

Phishing Attack - Fraudulent website related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website, which has been reported to the HKMA.

2018-9-3

GovCERT.HK - Weekly IT Security News Bulletin (27 August 2018 - 2 September 2018)

- Emerging consensus on ICS security
- Globelmposter ransomware on the rise

2018-8-31

Cyber Smart Advice: 6 ways to strengthen the corporate end-point security

Please refer to the Chinese version.

2018-8-31

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-8-30

Phishing Attack - Fraudulent websites related to The Bank of East Asia, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited on fraudulent websites, which has been reported to the HKMA.

2018-8-27

GovCERT.HK - Weekly IT Security News Bulletin (20 August 2018 - 26 August 2018)

- Spam and phishing in Q2 2018
- Common attacks against cloud-based web applications

2018-8-25

PISA AGM cum Feature Talk: Road to Defcon

Organised by Professional Information Security Association

2018-8-24

GovCERT.HK - High Threat Security Alert (A18-08-08): Vulnerability in Apache Struts

Apache has released a new version of Apache Struts to address a vulnerability caused by misconfiguration in namespace. Since proof-of-concept and fully workable exploit codes targeting the vulnerability have been publicly available, attacks against any of the vulnerable systems are highly likely from now on.

2018-8-24

Cyber Smart Advice: Concerted effort for implementation of corporate information security policy

Please refer to the Chinese version.

2018-8-24

Phishing Attack - Fraudulent website related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website, which has been reported to the HKMA.

2018-8-23

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-8-22

PCPD - Privacy Commissioner Completed Compliance Check on Facebook and Cambridge Analytica Incident

Subsequent to earlier media reports on the suspected misuse of Facebook account holders’ personal data, the Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) has completed a compliance check.

2018-8-20

GovCERT.HK - Security Alert (A18-08-07): Multiple Vulnerabilities in Apache Tomcat

Apache Software Foundation has released new versions of Apache Tomcat Native to address multiple vulnerabilities.

2018-8-20

GovCERT.HK - Weekly IT Security News Bulletin (13 August 2018 - 19 August 2018)

- New SharePoint Phishing Attack
- Fax machine could be the weakest link of your network for exploitation
- IoT security needs more effective solutions

2018-8-17

Cyber Smart Advice: 7 self-help initiatives on cyber security for SMEs

Please refer to the Chinese version.

2018-8-17

Phishing Attack - Fraudulent websites and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing email, which has been reported to the HKMA.

2018-8-17

Phishing Attack - Fraudulent website and phishing emails related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website and phishing emails, which has been reported to the HKMA.

2018-8-17

Phishing Attack - Fraudulent website related to OCBC Wing Hang Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by OCBC Wing Hang Bank Limited on fraudulent website, which has been reported to the HKMA.

2018-8-16

CPD Seminar - Smart City and Security Risk

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-8-16

Phishing Attack - Fraudulent website related to Wing Lung Bank Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Wing Lung Bank Limited on fraudulent website, which has been reported to the HKMA.

2018-8-16

Phishing Attack - Fraudulent websites related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on fraudulent websites, which has been reported to the HKMA.

2018-8-16

Phishing Attack - Fraudulent websites and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing email, which has been reported to the HKMA.

2018-8-15

GovCERT.HK - Security Alert (A18-08-06): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-8-15

GovCERT.HK - High Threat Security Alert (A18-08-05): Multiple Vulnerabilities in Microsoft Products (August 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that exploitation of two zero-day vulnerabilities were detected against Internet Explorer and Windows systems./td>

2018-8-14

GovCERT.HK - Security Alert (A18-08-04): Vulnerability in Oracle Database

Oracle has released an advisory to address a vulnerability in Java VM component of Oracle Databases Server.

2018-8-14

Phishing Attack - Fraudulent website and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-8-14

Phishing Attack - Fraudulent website and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website and phishing email, which has been reported to the HKMA.

2018-8-14

Phishing Attack - Phishing email related to Chiyu Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Chiyu Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-8-13

GovCERT.HK - Weekly IT Security News Bulletin (6 August 2018 - 12 August 2018)

- Virtual browsers on trial by Singapore to reduce attack surface
- A new breed of malware powered by AI

2018-8-10

Cyber Smart Advice: Website sets up https for secure data transmission

Please refer to the Chinese version.

2018-8-10

Phishing Attack - Fraudulent websites related to Shanghai Pudong Development Bank Co., Ltd.

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Shanghai Pudong Development Bank Co., Ltd. on fraudulent websites, which has been reported to the HKMA.

2018-8-9

GovCERT.HK - Security Alert (A18-08-03): Vulnerability in ISC BIND

A vulnerability was found in feature of the ISC BIND software.

2018-8-8

GovCERT.HK - Security Alert (A18-08-02): Vulnerability in Drupal

Drupal released a security update to fix a vulnerability in Drupal.

2018-8-8

GovCERT.HK - Security Alert (A18-08-01): Vulnerability in Linux Kernel

A vulnerability was found in the Linux kernel of the affected operating systems.

2018-8-6

GovCERT.HK - Weekly IT Security News Bulletin (30 July 2018 - 5 August 2018)

- Spam tops the menu for online criminals
- Magniber Ransomware targeting Asian countries

2018-8-3

Cyber Smart Advice: Database protection starts from security-by-design

Please refer to the Chinese version.

2018-8-2

CSA HKM Knowledge Sharing Event – August 2018

Organised by

2018-8-2

HKCERT - Security Blog: Password Stolen? Ramsom Email is befalling to Hong Kong?

HKCERT received many incident reports recently, which involved a new form of email scam asking for ransom. No matter what's the email look like, they might get some common characteristics.

2018-7-31

HKCERT - Security Guideline: Guideline of Web Application Security

Web application developer should take the below preventive measures to protect their web application.

2018-7-30

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) today (July 30) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-7-30

GovCERT.HK - Weekly IT Security News Bulletin (23 July 2018 - 29 July 2018)

- Bluetooth implementation flaw risks data leakage
- Five ways that Office documents can attack

2018-4-30 to

2018-7-27

“Stay Smart, Keep Cyber Scam Away” Video Ad Contest

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2018-7-27

Cyber Smart Advice: Four preventive measures against ransomware blackmail

Please refer to the Chinese version.

2018-7-27

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-7-25

GovCERT.HK - Security Alert (A18-07-07): Multiple Vulnerabilities in Apache Tomcat

Apache Software Foundation has released new versions of Apache Tomcat to address multiple vulnerabilities which are caused by UTF-8 decoder flaw and tracking of connection closures.

2018-7-25

HKCERT - Security Blog: Hong Kong Security Watch Report (Q2 2018)

HKCERT is pleased to bring to you the "Hong Kong Security Watch Report" for the second quarter of 2018.

2018-7-25

Phishing Attack - Fraudulent websites and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing email, which has been reported to the HKMA.

2018-7-24

CPD Seminar - Insights Drawn from Recently Suspended Hong Kong Listed Companies

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-7-23

HKCERT - Security Blog: Sensitive database breached. Everyone should check your system security.

Last week, a database of Singapore medical groups was being hacked, and about 1.5 million of patients record was leaked.

2018-7-23

Phishing Attack - Fraudulent websites related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites, which has been reported to the HKMA.

2018-7-23

GovCERT.HK - Weekly IT Security News Bulletin (16 July 2018 - 22 July 2018)

- Cyber attack on SingHealth’s IT System affecting 1.5 million patients
- HTTP網站將會被標示為「不安全」
- Four primary services of Cloud Access Security Broker

2018-7-20

Cyber Smart Advice: Beware of the malicious website even with “https”

Please refer to the Chinese version.

2018-7-18

GovCERT.HK - Security Alert (A18-07-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (July 2018)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.

2018-7-18

Phishing Attack - Phishing emails related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing emails, which has been reported to the HKMA.

2018-7-16

Phishing Attack - Fraudulent email purportedly issued by Inland Revenue Department

The Inland Revenue Department (IRD) today (July 16) alerted members of the public to a fraudulent email purportedly issued by the department from the email account "revenue@inland.department.hk", inviting the recipient to claim tax refund.

2018-7-16

Phishing Attack - Fraudulent website and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website and phishing email, which has been reported to the HKMA.

2018-7-16

Phishing Attack - Phishing email related to Industrial and Commercial Bank of China (Asia) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China (Asia) Limited on phishing email, which has been reported to the HKMA.

2018-7-16

GovCERT.HK - Weekly IT Security News Bulletin (9 July 2018 - 15 July 2018)

- Businesses May collect more data than they can handle
- Basic security flaws leave companies wide open for attacks

2018-7-13

Cyber Smart Advice: Protect your website against supply chain attacks

Please refer to the Chinese version.

2018-7-13

Phishing Attack - Fraudulent website related to China CITIC Bank International Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China CITIC Bank International Limited on fraudulent website, which has been reported to the HKMA.

2018-7-13

Phishing Attack - Fraudulent website related to Dah Sing Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Dah Sing Bank, Limited on fraudulent website, which has been reported to the HKMA.

2018-7-11

GovCERT.HK - Security Alert (A18-07-05): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-7-11

GovCERT.HK - Security Alert (A18-07-04): Multiple Vulnerabilities in Microsoft Products (July 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2018-7-11

HKCERT - Security Blog: How to configure your Windows PC to use the secure DNS service? (For home users only)

This guideline enables you to use the secure DNS service in your Windows PC.

2018-7-9 to

2018-7-10

(ISC)² Security Congress APAC 2018

Organised by ISC2

2018-7-10

GovCERT.HK - Security Alert (A18-07-03): Multiple Vulnerabilities in Apple iOS

Apple has released security updates in its latest iOS version 11.4.1 to fix 22 vulnerabilities identified in various iOS devices.

2018-7-10

Phishing Attack - Fraudulent websites and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing email, which has been reported to the HKMA.

2018-7-9

GovCERT.HK - Weekly IT Security News Bulletin (2 July 2018 - 8 July 2018)

- Preventing common API vulnerabilities
- Evolving state of DDoS

2018-7-6

HKCS Seminar: FinTech Security for Banking and Financial Services Industry

Organised by Hong Kong Computer Society / The Hong Kong Institute of Bankers

2018-7-6

Cyber Smart Advice: Be a smart Internet user and protect your data privacy

Please refer to the Chinese version.

2018-7-5

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-7-5

Phishing Attack - Fraudulent website related to The Bank of East Asia, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited on fraudulent website, which has been reported to the HKMA.

2018-7-5

GovCERT.HK - Security Alert (A18-07-02): Multiple Vulnerabilities in Android

Google has released security patch levels of 2018-07-01 and 2018-07-05 to fix 44 vulnerabilities identified in various Android devices.

2018-7-3

1st Hong Kong Internet Governance Forum (HKIGF) Roundtable

Organised by ISOC Hong Kong / Office of the Hon Charles Mok, Legislative Councillor (IT)

2018-7-3

GovCERT.HK - Security Alert (A18-07-01): Multiple Vulnerabilities in VMware Products

VMware has published a security advisory to address vulnerabilities found in VMware vSphere ESXi, VMware Workstation and VMWare Fusion.

2018-7-3

Phishing Attack - Fraudulent websites and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to press releases issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing email, which has been reported to the HKMA.

2018-7-2

GovCERT.HK - Weekly IT Security News Bulletin (25 June 2018 - 1 July 2018)

- Wi-Fi CERTIFIED WPA3 released
- "STARTTLS Everywhere" to secure email delivery

2018-6-29

Cyber Smart Advice: Strengthen computer protection in 30 seconds

Please refer to the Chinese version.

2018-6-29

GovCERT.HK - High Threat Security Alert (A18-06-10): Vulnerability in Cisco Products

Cisco released a security advisory to address the vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA). Researchers report that exploitations of the vulnerability are observed.

2018-6-28

ISACA HK CPD Seminar - 10 Essential Cyber Security Facts that You Need to Know

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-6-27

GovCERT.HK - Security Alert (A18-06-09): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2018-6-27

Phishing Attack - Fraudulent website and phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website and phishing email, which has been reported to the HKMA.

2018-6-26

GDPR Hands-On Workshop 2018

Organised by ISOC Hong Kong

2018-6-25

CSA HKM Knowledge Sharing Event – June 2018

Organised by

2018-6-25

Phishing Attack - Phishing e-mail related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on phishing e-mail, which has been reported to the HKMA.

2018-6-25

GovCERT.HK - Weekly IT Security News Bulletin (18 June 2018 - 24 June 2018)

- On the way to shelving TLSv1.0 and TLSv1.1
- The world’s most abused Top Level Domains

2018-6-22

Cyber Smart Advice: Points to note on patching the vulnerabilities of router

Please refer to the Chinese version.

2018-6-21

GovCERT.HK - Security Alert (A18-06-08): Multiple Vulnerabilities in Cisco Products (June 2018)

Cisco has released 24 security advisories fixing a number of vulnerabilities in Cisco FXOS and NX-OS software.

2018-6-21

Phishing Attack - Fraudulent websites and phishing emails related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website and phishing email, which has been reported to the HKMA.

2018-6-20

Phishing Attack - Fraudulent websites and phishing emails related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing emails, which has been reported to the HKMA.

2018-6-20

Phishing Attack - Fraudulent websites and phishing emails related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent websites and phishing emails, which has been reported to the HKMA.

2018-6-19

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

he Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-6-18

GovCERT.HK - Weekly IT Security News Bulletin (11 June 2018 - 17 June 2018)

- New cryptomining malware searches for vulnerable IoT devices
- Security concerns raised for Wi-Fi hot-spots in World Cup host cities

2018-6-15

HKCERT - Security Guideline - OWASP Top 10 - 2017

Here is a summary of the new OWASP Top 10 made by HKCERT. Developers and website administrators can refer it as a general guideline for securing web applications.

2018-6-15

Cyber Smart Advice: Rapid recovery from security incidents helps protecting reputation

Please refer to the Chinese version.

2018-6-14

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-6-13

GovCERT.HK - Security Alert (A18-06-07): Multiple Vulnerabilities in Microsoft Products (June 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components and enhancing the security as a defense in depth measure.

2018-6-11

Phishing Attack - Phishing e-mail related to Industrial and Commercial Bank of China Limited, Hong Kong Branch

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Industrial and Commercial Bank of China Limited, Hong Kong Branch on phishing e-mail, which has been reported to the HKMA.

2018-6-11

Phishing Attack - Fraudulent website related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-6-11

GovCERT.HK - Weekly IT Security News Bulletin (4 June 2018 - 10 June 2018)

- How blockchain technology could improve data security
- Survey reveals business Decision makers’ cyber security stance

2018-6-8

Cyber Smart Advice: Formulate response plan to minimise the impact of incident

Please refer to the Chinese version.

2018-6-8

HKCERT - Security Blog: Secure your website to prevent information leakage

HKCERT is aware that some sensitive information were public accessible from an elderly service website.

2018-6-8

GovCERT.HK - Security Alert (A18-06-06): Multiple Vulnerabilities in Synology Drive

Multiple vulnerabilities were found in the Synology Drive.

2018-6-8

GovCERT.HK - High Threat Security Alert (A18-06-05): Multiple Vulnerabilities in Adobe Flash Player

Adobe and Microsoft have published security advisories about vulnerabilities found in the Adobe Flash Player. Reports indicate that one of the vulnerabilities is being exploited in the wild against Windows users.

2018-6-7

GovCERT.HK - Security Alert (A18-06-04): Multiple Vulnerabilities in Android

Google has released security patch levels of 2018-06-01 and 2018-06-05 to fix 56 vulnerabilities identified in various Android devices.

2018-6-7

GovCERT.HK - Security Alert (A18-06-03): Vulnerability in Firefox

Mozilla has published a security advisory to address a vulnerability found in Firefox.

2018-6-7

GovCERT.HK - Security Alert (A18-06-02): Multiple Vulnerabilities in Cisco IOS

Cisco has released a security advisory fixing a vulnerability in several Cisco products.

2018-6-7

Phishing Attack - Suspicious mobile applications related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile application (Apps), which has been reported to the HKMA.

2018-6-7

Phishing Attack - Fraudulent website related to Fubon Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Fubon Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-6-7

Phishing Attack - Phishing email related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on phishing email, which has been reported to the HKMA.

2018-6-6

Phishing Attack - Suspicious mobile application related to Bank of Singapore Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of Singapore Limited on suspicious mobile application (Apps), which has been reported to the HKMA.

2018-6-6

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA.

2018-6-4

GovCERT.HK - Security Alert (A18-06-01): Multiple Vulnerabilities in Apple iOS

Apple has released security updates in its latest iOS version 11.4 to fix 35 vulnerabilities identified in various iOS devices.

2018-6-4

GovCERT.HK - Weekly IT Security News Bulletin (28 May 2018 - 3 June 2018)

- Critical elements of an incident response plan
- Dealing with insider threats

2018-6-1

Cyber Smart Advice: Actively detect the network anomalies to reduce false alarms

Please refer to the Chinese version.

2018-5-30

HKCERT - Security Blog: The "SSH Hong Kong Enterprise Cyber Security Readiness Index" Survey

HKPC and the HKCERT developed the Hong Kong Enterprise Cyber Security Readiness Index to assess the readiness of Hong Kong companies in tackling today’s cyber threats.

2018-5-30

Phishing Attack - Fraudulent website related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA.

2018-5-30

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-5-29

ISACA HK CPD Seminar - Blockchain: Key Risks and Considerations

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-5-28

GovCERT.HK - Weekly IT Security News Bulletin (21 May 2018 - 27 May 2018)

- Quiet growth of VPNFilter malware
- Cyber security training is key to mitigating risks

2018-5-26

PISA Security JAM 2018

Organised by Professional Information Security Association

2018-5-25

ISACA HK One-Day Workshop - How to Stay Secure in Blockchain and Cryptocurrency Trading

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-5-25

Build a Secure Cyberspace 2018 – “Stay Smart, Keep Cyber Scam Away” Seminar

Organised by Office of the Government Chief Information Officer (OGCIO) / Hong Kong Police Force (HKPF) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2018-5-25

HKCS Cyber Security and FinTech Specialist Group Seminar

Organised by Hong Kong Computer Society

2018-5-25

Cyber Smart Advice: Work together to protect the corporate network

Please refer to the Chinese version.

2018-5-24

HKCERT - Security Blog: Malware "VPNFilter" Affecting Networking Devices Worldwide

Security research group Talos has released a report on a potentially destructive malware called “VPNFilter”, which has infected at least 500,000 home routers and network-attached storage (NAS) devices in at least 54 countries.

2018-5-24

Phishing Attack - Fraudulent email purportedly issued by Inland Revenue Department

The Inland Revenue Department (IRD) today (May 24) alerted members of the public to fraudulent emails purportedly issued by the department from the email account "taxnfo@ird.gov.hk", inviting the recipient to update certain information.

2018-5-23

GovCERT.HK - Security Alert (A18-05-06): New Variants of Meltdown and Spectre Vulnerabilities in Processors

Google Project Zero and Microsoft have recently disclosed the Rogue System Register Read (RSRE, Variant 3a) and Speculative Store Bypass (SSB, Variant 4) which are related to the previous Meltdown and Spectre vulnerabilities announced in January 2018.

2018-5-23

Phishing Attack - Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-5-21

GovCERT.HK - Security Alert (A18-05-05): Multiple Vulnerabilities in ISC BIND

Multiple vulnerabilities were found in the ISC BIND software.

2018-5-21

GovCERT.HK - Weekly IT Security News Bulletin (14 May 2018 - 20 May 2018)

- Vulnerabilities in OpenPGP and S/MIME May break email encryption
- Turn on two-factor authentication

2018-5-18

Cyber Smart Advice: Information security strategy based on “identification” (Chinese version only)

Please refer to the Chinese version.

2018-5-16

LCQ20: Protecting consumers' rights and interests of online shoppers

Following is a question by the Hon Paul Tse Wai-chun and a written reply by the Secretary for Commerce and Economic Development, Mr Edward Yau, in the Legislative Council today (May 16).

2018-5-15

GovCERT.HK - Security Alert (A18-05-04): Multiple Vulnerabilities in Adobe Reader/Acrobat

Security updates are released for Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-5-15

Phishing Attack - Fraudulent website related to Shanghai Pudong Development Bank Co., Ltd.

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Shanghai Pudong Development Bank Co., Ltd. on fraudulent website, which has been reported to the HKMA.

2018-5-14

Phishing Attack - Fraudulent website and phishing e-mail related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website and phishing e-mail, which has been reported to the HKMA.

2018-5-14

Phishing Attack - Fraudulent website and phishing e-mail related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website and phishing e-mail, which has been reported to the HKMA.

2018-5-14

GovCERT.HK - Weekly IT Security News Bulletin (7 May 2018 - 13 May 2018)

- The rise of security orchestration, automation and response
- "Safe Links" bypassed by split URLs

2018-5-11

Cyber Smart Advice: Make use of NIST CSF in the cyber security (Chinese version only)

Please refer to the Chinese version.

2018-5-10

Total Security Conference 2018

Organised by Questex Asia Ltd.

2018-5-10

Phishing Attack - Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-5-10

GovCERT.HK - Security Alert (A18-05-03): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2018-5-9

GovCERT.HK - Security Alert (A18-05-02): Vulnerability in Adobe Flash Player

Adobe released a security update to address a vulnerability found in the Adobe Flash Player.

2018-5-9

GovCERT.HK - High Threat Security Alert (A18-05-01): Multiple Vulnerabilities in Microsoft Products (May 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that exploitation of two zero-day vulnerabilities were detected against Windows systems.

2018-5-7

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation LimitedLimited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-5-7

GovCERT.HK - Weekly IT Security News Bulletin (30 April 2018 - 6 May 2018)

- Unpatched Drupal might have been compromised
- Account takeover attacks

2018-5-4

HKCERT - Security Blog: Change your Twitter account password immediately

On 3 May 2018, social media Twitter made a statement to their users, their system was found to store the users' passwords in an un-encrypted format (plain text) because of system bug.

2018-5-4

Cyber Smart Advice: Rampant phishing websites targeting mobile users

Please refer to the Chinese version

2018-5-4

Phishing Attack - Fraudulent website and phishing e-mail related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website and phishing e-mail, which has been reported to the HKMA.

2018-5-2

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-4-30

GovCERT.HK - High Threat Security Alert (A18-04-11): Multiple Vulnerabilities in PHP

Multiple vulnerabilities have been found in PHP. Reports indicate that there is elevated risk of cyber attacks on vulnerable systems.

2018-4-30

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-4-30

GovCERT.HK - Weekly IT Security News Bulletin (23 April 2018 - 29 April 2018)

- 香港企業網絡保安準備指數調查
- Tech support scams are rising

2018-4-27

Cyber Smart Advice: SMEs should take initiative to defend against cyber threats

Please refer to the Chinese version.

2018-4-26

The 10th InfoSecurity Summit 2018

Organised by Market Intelligence Group Limited

2018-4-26

Understanding What is New in China Cybersecurity Law and What We Cannot Do

Organised by

2018-4-26

GovCERT.HK - High Threat Security Alert (A18-04-10): Vulnerability in Drupal

Drupal released a security update to fix a critical vulnerability (CVE-2018-7602). Multiple attack vectors could be adopted to exploit the vulnerabilities.

2018-4-26

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-4-25

HKPC - Inaugural SSH Hong Kong Enterprise Cyber Security Readiness Index

The Hong Kong Productivity Council (HKPC) today (25 April 2018) released the results of the inaugural “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey”.

2018-4-25

GovCERT.HK - Security Alert (A18-04-09): Multiple Vulnerabilities in Apple iOS

On 24 April 2018, Apple released security updates in its latest iOS version 11.3.1 to fix 4 vulnerabilities identified in various iOS devices.

2018-4-24

Phishing Attack - Phishing Attack – Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-4-23

GovCERT.HK - Weekly IT Security News Bulletin (16 April 2018 - 22 April 2018)

- Beware of Trustjacking attack on iPhone and iPad
- A patch gap in the Android ecosystem
- Protecting the network infrastructure

2018-4-20

Cyber Smart Advice: High penalty of the new EU’s data protection regulation.

Please refer to the Chinese version

2018-4-19

CSA HKM Knowledge Sharing Event – April 2018

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2018-4-19

GovCERT.HK - Security Alert (A18-04-08): Multiple Vulnerabilities in Cisco Products

Cisco has released 7 security advisories fixing a number of vulnerabilities in several Cisco products

2018-4-19

Phishing Attack - Phishing Attack – Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-4-18

HKCERT - Security Blog: Hong Kong Security Watch Report (Q1 2018)

HKCERT is pleased to bring to you the "Hong Kong Security Watch Report" for the first quarter of 2018.

2018-4-18

HKCERT - Security Blog: Beware Personal Information Abuse

HKCERT is aware that an Internet service provider has disclosed a server breach incident, which caused personal information including name, email address, correspondence address, telephone number, HKID number and thousands of credit card information as of 2012 leakage.

2018-4-18

GovCERT.HK - Security Alert (A18-04-07): Multiple Vulnerabilities in Oracle Java and Oracle Products (April 2018)

Adobe released a security update to address vulnerabilities found in the Adobe Flash Player.

2018-4-18

GovCERT.HK - High Threat Security Alert (A18-04-06): Protecting the Network Infrastructure

Reports indicate that there is elevated risk of cyber attacks on vulnerable network devices. Users are advised to patch and harden all network devices immediately.

2018-4-18

PCPD - Privacy Commissioner's Response to the Suspected Intrusion into Hong Kong Broadband Network's Customer Database (Chinese version Only)

Please refer to the Chinese version.

2018-4-16

GovCERT.HK - Weekly IT Security News Bulletin (9 April 2018 - 15 April 2018)

- 2018 Data Breach Investigations Report
- New design of DNS ecosystem to tackle privacy challenges

2018-4-13

Phishing Attack - Phishing Attack – Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-4-13

Phishing Attack - Phishing Attack – Fraudulent websites related to Hang Seng Bank, Limited

The Hong Kong Monetary Authority (HKMA) today (April 13) wishes to alert members of the public to a press release issued by Hang Seng Bank, Limited on fraudulent website, which has been reported to the HKMA.

2018-4-12

HKCERT - Security Blog: HKCERT Report "Understanding and Tackling Supply Chain Attack"

One of the five Potential Cyber Security Trends in 2018 named by HKCERT is Supply Chain Attack (see Press Release). For better defend our information assets, we should know more about it.

2018-4-11

The Third HK-Mainland Cyber Security Forum

Organised by Office of the Government Chief Information Officer (OGCIO) / Bureau of Cyber Security of Cyberspace Administration of China

2018-4-11

HK-Mainland Cyber Security Forum explores challenges and opportunities for smart connectivity

The third HK-Mainland Cyber Security Forum, jointly organised by the Office of the Government Chief Information Officer (OGCIO) and the Bureau of Cyber Security of Cyberspace Administration of China, was successfully held today (April 11).

2018-4-11

GovCERT.HK - Security Alert (A18-04-05): Multiple Vulnerabilities in Adobe Flash Player

Adobe released a security update to address vulnerabilities found in the Adobe Flash Player.

2018-4-11

GovCERT.HK - Security Alert (A18-04-04): Multiple Vulnerabilities in Microsoft Products (April 2018)

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2018-4-10

HKCERT - Security Blog: GDPR will come into force in May 2018 Hong Kong Enterprises should get prepared

The EU General Data Protection Regulation (GDPR) will come into force on 25 May 2018. One of the new developments introduced under the GDPR to the data protection landscape outside the EU is the explicit requirement of compliance by organisations established in non-EU jurisdictions in specified circumstances.

2018-4-9

GovCERT.HK - Weekly IT Security News Bulletin (2 April 2018 - 8 April 2018)

- 加強網絡保安保護個人及敏感資料
- Launch of 1.1.1.1 DNS Resolver
- Red teams need to know the ATT&CK framework

2018-4-6

Cyber Smart Advice: Challenge of EU’s new data privacy regulation to local SME security.

Please refer to the Chinese version.

2018-4-4

GovCERT.HK - Security Alert (A18-04-03): Vulnerability in Microsoft Malware Protection Engine

Microsoft has released a security update addressing a vulnerability in the Microsoft Malware Protection Engine.

2018-4-4

Phishing Attack - Phishing Attack – Fraudulent website related to Bank of China (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-4-3

PCPD - How Hong Kong Businesses Should Prepare for the EU General Data Protection

The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG issued the “European Union General Data Protection Regulation (GDPR) 2016” booklet, which aims at raising awareness amongst organisations / businesses in Hong Kong of the possible impact of the new regulatory framework for data protection in the European Union, as well as comparing some of the major requirements with those set out in the Personal Data (Privacy) Ordinance, Laws of Hong Kong (Cap 486) (PDPO).

2018-4-3

GovCERT.HK - Security Alert (A18-04-02): Multiple Vulnerabilities in Apple iOS

On 29 March 2018, Apple released security updates in its latest iOS version 11.3 to fix 44 vulnerabilities identified in various iOS devices.

2018-4-3

GovCERT.HK - Security Alert (A18-04-01): Vulnerability in Microsoft Products

Microsoft has released a security advisory addressing the kernel-level privilege escalation vulnerability, affecting Microsoft Windows 7(x64) and Server 2008 R2(x64).

2018-4-3

Phishing Attack - Phishing Attack – Fraudulent website related to Bank of China (Hong Kong) Limited>

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Bank of China (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-4-2

GovCERT.HK - Weekly IT Security News Bulletin (26 March 2018 - 1 April 2018)

- A wakeup call from a city paralysed by ransomware
- Birth of TLS 1.3 standard
- Carbanak and Cobalt malware attacks for worldwide bank robbery

2018-3-30

Cyber Smart Advice: Beware of Facebook application handling personal data without user consents

Please refer to the Chinese version.

2018-3-29

GovCERT.HK - Security Alert (A18-03-08): Vulnerability in Drupal

Drupal has published a security advisory to address a vulnerability found in Drupal core.

2018-3-29

GovCERT.HK - Security Alert (A18-03-07): Multiple Vulnerabilities in Cisco Products (March 2018)

Cisco has released 20 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software, of which 3 advisories are rated as critical and 17 advisories are rated as high.

2018-3-28

Phishing Attack - Phishing Attack – Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-1-25 to

2018-3-26

ISACA China HK Chapter Two-Day Workshop “CSX Cybersecurity Fundamental Workshop”

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-3-26

Phishing Attack - Phishing Attack – Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-3-26

GovCERT.HK - Weekly IT Security News Bulletin (19 March 2018 - 25 March 2018)

- Understanding email fraud
- 國際網上旅遊預訂系統客戶資料外洩

2018-3-23

Cyber Smart Advice: Cyber security should not solely reply on AI

Please refer to the Chinese version.

2018-3-22

ISACA China HK Chapter Annual Conference 2018 - Managing Risk and Security for the Technology Transformation

Organised by Information Systems Audit and Control Association, China Hong Kong Chapter

2018-3-19

GovCERT.HK - Security Alert (A18-03-06): Multiple Vulnerabilities in Firefox

Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox.

2018-3-19

GovCERT.HK - Security Alert (A18-03-05): Vulnerability in VMware Products

VMware has published a security advisory to address a vulnerability found in VMware Workstation version 12.x and 14.x, as well as VMWare Fusion version 8.x and 10.x.

2018-3-19

GovCERT.HK - Weekly IT Security News Bulletin (12 March 2018 - 18 March 2018)

- How to make SIEM work
- Survey on cyber resilience

2018-3-15

Phishing Attack - Phishing Attack – Phishing email related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-3-14

GovCERT.HK - Security Alert (A18-03-04): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2018-3-14

GovCERT.HK - Security Alert (A18-03-03): Multiple Vulnerabilities in Adobe Flash Player

Adobe released a security update to address vulnerabilities found in the Adobe Flash Player.

2018-3-14

GovCERT.HK - Security Alert (A18-03-02): Multiple Vulnerabilities in Microsoft Products (March 2018)

Microsoft has released 47 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2018-3-14

Phishing Attack - Phishing Attack – Phishing email related to Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing email, which has been reported to the HKMA.

2018-1-16 to

2018-3-13

Smart Use of Communications Services Community Talk

Organised by Communications Authority

2018-3-13

Phishing Attack - Phishing Attack – Phishing e-mail related to Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by the Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-3-12

GovCERT.HK - Weekly IT Security News Bulletin (5 March 2018 - 11 March 2018)

- Cloud computing is booming but losing IT control
- Disparity between IoT adoption and cyber security readiness
- Punycode makes a difference to look-alike internationalised domain names

2018-3-9

GovCERT.HK - Security Alert (A18-03-01): Multiple Vulnerabilities in IBM Notes

Multiple vulnerabilities are found in IBM Notes and its System Diagnostics service.

2018-3-9

Cyber Smart Advice: Strengthen security audit to defend supply chain attack

Please refer to the Chinese version.

2018-3-8

HKCERT - Security Blog: APCERT Cyber Drill 2018 "Data Breach via Malware on IoT"

The Asia Pacific Computer Emergency Response Team (APCERT) today (7 Mar 2018) has successfully completed its annual drill to test the response capabilities of leading Computer Security Incident Response Teams (CSIRT) within the Asia Pacific economies.

2018-3-6

Phishing Attack - Phishing Attack – Fraudulent website related to Standard Chartered Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by Standard Chartered Bank (Hong Kong) Limited on fraudulent website, which has been reported to the HKMA.

2018-3-5

GovCERT.HK - Weekly IT Security News Bulletin (26 February 2018 - 4 March 2018)

- Memcached servers exploited for massive DDoS attacks
- Ad network bypasses ad blocking on browsers for cryptomining

2018-3-2

Online Service Providers Symposium 2018

Organised by Hong Kong Police Force (HKPF) / Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police (HKP) / The Government Computer Emergency Response Team Hong Kong (GovCERT.HK) / Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

2018-3-2

Cyber Smart Advice: Adopt two-factor authentication to protect your email service

Please refer to the Chinese version.

2018-2-28

Phishing Attack - Phishing Attack – Suspected fraudulent websites

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public in Hong Kong to two suspected fraudulent websites with the domain names of https://luxosb.com/ and https://www.luxembourgoffshorebankingreview.com/about/.

2018-2-28

Phishing Attack - Phishing Attack – Fraudulent email purportedly issued by Inland Revenue Department

The Inland Revenue Department today (February 28) alerted members of the public to fraudulent emails purportedly issued by the department from the email account egis_notification@ogcio.gov.hk, inviting the recipient to claim a tax refund. The emails provide a hyperlink to an unknown website which seeks to obtain the recipient's personal particulars.

2018-2-26

GovCERT.HK - Weekly IT Security News Bulletin (19 February 2018 - 25 February 2018)

- Images and videos for malware delivery
- Locking down PowerShell to combat fileless malware

2018-2-19

GovCERT.HK - Weekly IT Security News Bulletin (12 February 2018 - 18 February 2018)

- No AppCache for safer browsers
- Beware of cryptomining supply chain attack

2018-2-14

GovCERT.HK - Security Alert (A18-02-04): Multiple Vulnerabilities in Adobe Reader/Acrobat

Security updates are released for Adobe Reader/Acrobat to address multiple vulnerabilities.

2018-2-14

GovCERT.HK - Security Alert (A18-02-03): Multiple Vulnerabilities in Microsoft Products (February 2018)

Microsoft has released 32 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

2018-2-12

GovCERT.HK - Weekly IT Security News Bulletin (5 February 2018 - 11 February 2018)

- Two-factor authentication broken by real-time phishing
- SSL abused in favour of malware and phishing

2018-2-9

Cyber Smart Advice: Three areas to strengthen the corporate information security

Please refer to the Chinese version.

2018-2-9

Phishing Attack - Phishing Attack – Phishing e-mail related to BNP Paribas

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by BNP Paribas on phishing e-mail, which has been reported to the HKMA.

2018-2-8

GovCERT.HK - Security Alert (A18-02-02): Multiple Vulnerabilities in IBM Notes

Multiple vulnerabilities are found in IBM Lotus Notes System Debugger (NSD).

2018-2-7

GovCERT.HK - High Threat Security Alert (A18-02-01): Multiple Vulnerabilities in Adobe Flash Player

Adobe has released a security update to address vulnerabilities found in the Adobe Flash Player. Reports indicate that one of the vulnerabilities is being exploited in the wild against Windows users.

2018-2-5

GovCERT.HK - Weekly IT Security News Bulletin (29 January 2018 - 4 February 2018)

- Crypto miner malware spreads like WannaCry
- Cyber incidents doubled in 2017 but 93% were avoidable

2018-2-2

Cyber Smart Advice: Four predictions on cyber attacks

Please refer to the Chinese version.

2018-2-2

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-2-1

CSA HKM Knowledge Sharing Event – February 2018 - Security Challenge in the Era of Multi-Cloud and API economy

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2018-2-1

Phishing Attack - Phishing email related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on phishing email, which has been reported to the HKMA.

2018-1-30

GovCERT.HK - Security Alert (A18-01-15): Vulnerability in Firefox

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on phishing email, which has been reported to the HKMA.

2018-1-30

GovCERT.HK - Security Alert (A18-01-14): Vulnerability in Cisco Products

Cisco has released the security advisory to address a vulnerability in Cisco Adaptive Security Appliance (ASA) software with the webvpn feature enabled.

2018-1-29

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-1-29

GovCERT.HK - Weekly IT Security News Bulletin (22 January 2018 - 28 January 2018)

- 攻擊者入侵伺服器　植入虛擬貨幣挖礦程式
- Latest advice on Meltdown-Spectre patches

2018-1-26

Cyber Smart Advice: Enterprise should aware of the rising malware attacks

Please refer to the Chinese version.

2018-1-26

Phishing Attack - Fraudulent website and phishing e-mail related to DBS Bank (Hong Kong) Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by DBS Bank (Hong Kong) Limited on fraudulent website and phishing e-mail, which has been reported to the HKMA.

2018-1-24

GovCERT.HK - Security Alert (A18-01-13): Multiple Vulnerabilities in Firefox

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox.

2018-1-24

GovCERT.HK - Security Alert (A18-01-12): Multiple Vulnerabilities in Apple iOS

On 23 January 2018, Apple released security updates in its latest iOS version 11.2.5 to fix 13 vulnerabilities identified in various iOS devices.

2018-1-23

Phishing Attack - Phishing e-mail related to Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) today (January 23) wishes to alert members of the public to a press release issued by the Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-1-22

GovCERT.HK - Weekly IT Security News Bulletin (15 January 2018 - 21 January 2018)

- Beware of browser extensions
- Search engines in penetration testing tool arsenal
- Keeping update with Meltdown-Spectre patching issues

2018-1-20

(ISC)2 HK Chapter AGM cum Feature Talk: The Era of BlockChain and Smart Contract Development

Organised by

2018-1-19

Cyber Smart Advice: Timely patch the CPU security issues

Please refer to Chinese version.

2018-1-19

Phishing Attack - Hongkong Post alerts public to fraudulent online survey

Hongkong Post has noticed that there is an online survey alleging to be conducted by the department. Respondents are requested to provide personal data and offered a chance to enter a lucky draw.

2018-1-18

CSA HKM Knowledge Sharing Event – January 2018 (Special)

Organised by Cloud Security Alliance Hong Kong & Macau Chapter

2018-1-18

HKPC Warns of More Financially-Motivated Cyber Attacks in 2018

With the growing trend of financially-motivated cyber crimes, information security experts at the Hong Kong Productivity Council today (18 January 2018) urged enterprises and the public to strengthen their defence against ransom-based cyber attacks.

2018-1-17

GovCERT.HK - Security Alert (A18-01-11): Vulnerability in ISC BIND

A vulnerability was found in the ISC BIND software.

2018-1-17

GovCERT.HK - Security Alert (A18-01-10): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2018)

Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products. Patches are also available for some products to address the Meltdown and Spectre issues.

2018-1-16

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Hongkong and Shanghai Banking Corporation Limited on phishing e-mail, which has been reported to the HKMA.

2018-1-15

GovCERT.HK - Weekly IT Security News Bulletin (8 January 2018 - 14 January 2018)

- Phishing campaigns in Google Apps Scripts
- Backdoor open to network storage

2018-1-12

Cyber Smart Advice: Enterprise security management starts from organisation structural design

Please refer to Chinese version.

2018-1-12

GovCERT.HK - Security Alert (A18-01-09): Multiple Vulnerabilities in Hypervisors

The recent disclosed security issues, known as Meltdown and Spectre, affects most hypervisors in a virtualised environment.

2018-1-10

GovCERT.HK - High Threat Security Alert (A18-01-03): Multiple Vulnerabilities in Microsoft Products (Updated)

Microsoft has provided further information for the compatibility issues relating to AMD CPU Microprocessors and Anti-malware Software.

2018-1-10

GovCERT.HK - Security Alert (A18-01-08): Vulnerability in Adobe Flash Player

Adobe released a security update to address a vulnerability found in the Adobe Flash Player.

2018-1-10

GovCERT.HK - High Threat Security Alert (A18-01-07): Multiple Vulnerabilities in Microsoft Products (January 2018)

Users are advised to take immediate action to patch the affected systems, especially for those installed with Microsoft Office, since exploitation has been reported in the wild.

2018-1-10

Phishing Attack - Phishing e-mail related to The Hongkong and Shanghai Banking Corporation Limited

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Minsheng Banking Corp., Ltd. on phishing email, which has been reported to the HKMA.

2018-1-9

GovCERT.HK - High Threat Security Alert (A18-01-06): Multiple Vulnerabilities in Apple iOS

Users are advised to take immediate action to patch the affected iOS devices to address the well-known Spectre CPU issues with elevated risks.

2018-1-9

GovCERT.HK - High Threat Security Alert (A18-01-05): Multiple Vulnerabilities in Linux/Unix Operating Systems

Users are advised to take immediate action to patch the affected Linux/Unix systems to address the well-known Meltdown and Spectre CPU issues with elevated risks.

2018-1-8

GovCERT.HK - High Threat Security Alert (A18-01-04): Multiple Vulnerabilities in Browsers

Major browser vendors have published security advisories to address vulnerabilities. Users are advised to take immediate action to patch the affected browsers to address the well-known Meltdown and Spectre CPU issues with elevated risks.

2018-1-8

GovCERT.HK - Weekly IT Security News Bulletin (1 January 2018 - 7 January 2018)

- Global CPUs vulnerable to Meltdown and Spectre
- Track me down via GPS location services
- The state of web application vulnerabilities in 2017

2018-1-5

Cyber Smart Advice: Enterprise should pay attention to the challenges of Industry 4.0

Please refer to Chinese version.

2018-1-4

Privacy Commissioner Raised Concern Over the Frequent Occurrence of Data Security Incidents at Travel Agents Measures on Enhancing Data Security Reiterated

(4 January 2018) The Privacy Commissioner for Personal Data, Hong Kong was concerned about the recent numerous data security incidents resulted from hacking of computer systems of travel agents, and reminded the industry to stay vigilant and comply with the requirements of the Personal Data (Privacy) Ordinance by taking practicable steps to safeguard personal data from unauthorised or accidental access, processing, erasure, loss or use.

2018-1-4

Phishing Attack - Phishing e-mail related to China Minsheng Banking Corp., Ltd.

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by China Minsheng Banking Corp., Ltd. on phishing email, which has been reported to the HKMA.

2018-1-4

HKCERT - Security Blog: Protect Personal Information, Stay Away from Hackers

HKCERT reminds enterprises that, besides financial data, personal data is also a target of attackers. Enterprises need to ensure the security and proper protection of such data should be in place.

2018-1-4

GovCERT.HK - High Threat Security Alert (A18-01-03): Multiple Vulnerabilities in Microsoft Products

Microsoft has released 18 security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerabilities.

2018-1-4

HKCERT - Security Bulletin: CPU Multiple Vulnerabilities (aka Meltdown and Spectre)

Multiple Vulnerabilities were identified in CPUs, a remote attacker can exploit these vulnerabilities to bypass security restriction and get sensitive information from the targeted system.

2018-1-3

GovCERT.HK - Security Alert (A18-01-02): Vulnerability in phpMyAdmin

A Cross Site Request Forgery (CSRF) vulnerability has been found in phpMyAdmin version prior to 4.7.7.

2018-1-3

GovCERT.HK - Security Alert (A18-01-01): Multiple Vulnerabilities in VMware vSphere Data Protection

VMware has published a security advisory to address multiple vulnerabilities found in VMware vSphere Data Protection (VDP) version 5.x, 6.0.x, 6.1.x.