Hong Kong Computer Emergency Response Team Coordination Center

Protect your Personal Digital Keys, Beware of Fraudulent Links!

Internet banking login ID and passwords are as important as the keys to your house. Don’t give them to others recklessly!

Learn more

Download "Incident Response Guideline for SMEs" for Cyber Security Incidents

Cyber attacks evolve rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to the development of automation and computing powers. This leads to increased cyber attacks targeting different organisations (including public or private, multinational or local organisations). As most small and medium enterprises (SMEs) lack the resources to build a wider scope of cyber defence to prevent or block cyber attacks, this makes them an easy target.
To address the above-mentioned issues, HKCERT has developed the “Incident Response Guideline for SMEs” to help SMEs and other organisations

Learn more

Cyber Attacks Become More Complex and Diversified Phishing Attacks Reach New High HKCERT Calls ...

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council today announced a review on the information security situation in Hong Kong in 2021 and the forecast for 2022. In the past year, the epidemic was still raging, which greatly changed how enterprises conduct their business and the living habits of individuals. Distance business, work from home, distance learning and online shopping have become the “new normal”. With the wider use of information technology, the threat of cyber attacks cannot be overlooked. Hence both enterprises and individual must raise their awareness of information security with preventative measures in place so that the community can effectively respond to the increasingly sophisticated and complex cyber attacks.

Learn more

Introducing the New “Fight Ransomware” Webpage

To keep pace with the changes in ransomware attacks, HKCERT recently consolidated the ransomware attack techniques, prevention and handling procedures to create a new dedicated “Fight Ransomware ” webpage.

Learn more

Introducing "Check your Cyber Security Readiness" Online Assessment Tool

• Improved user experience
• Enhanced usability
• Better reporting

Learn more

All 4 episodes of the 【Hack me if you can】animation series are now available

Focusing on hacker Ah Keung’s repeated attempts to hack into SME owner Ah Chun’s systems, and how Chun’s friend, Chi On, helps repel the attacks, the stories are light-hearted and down-to-earth.

Learn more

Hong Kong Computer Emergency Response Team Coordination Centre

Centre for coordination of computer security incident response for local enterprises and Internet Users

Facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness

Learn more

What Are You Looking for

Highlights

Microsoft Edge Multiple Vulnerabilities

Published on 19 Sep 2022

Browser’s Anti-phishing feature: What is it and how it helps to block phishing attack?

Published on 15 Sep 2022

Microsoft Edge Security Restriction Bypass Vulnerability

Published on 7 Sep 2022

Microsoft Edge Multiple Vulnerabilities

Published on 2 Sep 2022

Adopt Good Cyber Security Practices to Make AI Your Friends not Foes

Published on 30 Aug 2022

Microsoft Edge Multiple Vulnerabilities

Published on 9 Aug 2022

Email Account Theft to Bypass MFA Protection

Published on 2 Aug 2022

Incident Response Guideline for SMEs

Published on 29 Jul 2022

Incident Response Guideline for SMEs

Published on 29 Jul 2022

Our Core Services

Security Alert Monitoring and Early Warning

Monitor security vulnerability and development of viruses & worms. When necessary, we issue alerts to warn the public to mitigate the impact of these threats.

Learn More

Incident Report and Response

Provide free 24-hour hotline services for incident reporting and give advice on incident response and recovery. All the reported incidents will be kept confidential. For cross-border incidents, we can seek assistance from overseas CERT teams.

Learn More

Publication of Security Guidelines and Information

Publish security alerts, security guidelines, infosec express and news on our web site. We also publish monthly security newsletter to subscribers. The information is provided in both English and Chinese

Learn More

Promotion of Information Security Awareness

Organize free seminars and briefings to promote information security awareness among the general public.

Learn More

Security Bulletins

21 Sep 2022

Mozilla Firefox Multiple Vulnerabilities

Multiple vulnerabilities were identified in Mozilla Firefox. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

RISK: Medium Risk

2 Sep 2022

Mozilla Thunderbird Multiple Vulnerabilities

Multiple vulnerabilities were identified in Mozilla Thunderbird. A remote attacker could exploit some of these vulnerabilities to trigger denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system. [Updated on 2022-09-21] Updated System...

RISK: Medium Risk

20 Sep 2022

Linux Kernel Multiple Vulnerabilities

Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and data manipulation on the targeted system.

RISK: Medium Risk

19 Sep 2022

Microsoft Edge Multiple Vulnerabilities

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.

RISK: Medium Risk

15 Sep 2022

Google Chrome Multiple Vulnerabilities

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.

RISK: Medium Risk

15 Sep 2022

SUSE Linux Kernel Multiple Vulnerabilities

Multiple vulnerabilities were identified in SUSE Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.

RISK: Medium Risk

14 Sep 2022

Adobe Monthly Security Update (September 2022)

Adobe has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Details (including CVE) Adobe Experience Manager Medium Risk Cross-site Scripting Remote Code Execution Security Restriction Bypass APSB22-40 Adobe...

RISK: Medium Risk

14 Sep 2022

Microsoft Monthly Security Update (September 2022)

Microsoft has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Windows High Risk Elevation of Privilege Denial of Service Remote Code Execution Information Disclosure Security Restriction Bypass CVE-CVE-2022-...

RISK: High Risk

14 Sep 2022

Trend Micro Apex One Multiple Vulnerabilities

Multiple vulnerabilities were identified in Trend Micro Apex One. An attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, information disclosure, security restriction bypass and Denial of Service on the targeted system. Note: CVE-2022-40139...

RISK: High Risk

14 Sep 2022

Zoom Products Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Zoom products. A remote attacker can exploit this vulnerability to trigger security restriction bypass on the targeted system.

RISK: Medium Risk

Featured Security Blog

Browser’s Anti-phishing feature: What is it and how it helps to block phishing attack?15 Sep 2022

Adopt Good Cyber Security Practices to Make AI Your Friends not Foes30 Aug 2022

HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence 8 Aug 2022

Email Account Theft to Bypass MFA Protection 2 Aug 2022

Incident Response Guideline for SMEs

Adopt Good Cyber Security Practices to Make AI Your Friends not Foes

Enterprise VPN Security Guideline

Events / Trainings

FEATURED

Hong Kong Cyber Security New Generation Capture the Flag Challenge 2022

11 Nov 2022 - 13 Nov 2022

Learn More

26 Sep 2022

Webinar on “Data Security Management in the Cyber World – Practical Tips on Personal Data Security and Incident Response”

Time: 15:00 - 16:15 Venue: Webinar – Participant shall prepare his/her own electronic device (e.g. Desktop, Notebook or Mobile, etc.) with Internet access., Zoom

6 Oct 2022

Certified in Cyber Security (CC) Official Training

Time: 09:00 - 18:00 Venue: Zoom, 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

11 Oct 2022

Securing Public Cloud Deployment

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

13 Oct 2022

Cloud Security Certification | CCSP® – Certified Cloud Security Professional Official Training

Time: 09:00 – 18:00 (40 hours in total) Venue: Zoom, 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

Statistics

The figure for each type of cyber attack is aggregated by the security incident reported to us. This dataset starts from Jan 2018 to current month. To learn more, please click here.

19662

Botnet

13842

Phishing

4777

Malware

186

Web Defacement/Intrusion

118

Distributed Denial-of-service

2712

Others