Hong Kong Computer Emergency Response Team Coordination Center

HKPC Urges Enterprises for Cyber Security Strategy for the New Normal and New Technologies

The Hong Kong Productivity Council (HKPC) today urged enterprises to quickly put in place cyber security strategy for the new normal and new technologies, in order to combat an anticipated surge in cyber attacks in 2021 arising from accelerated digital transformation amid the COVID-19 pandemic and the use of emerging technologies such as 5G communications, Internet of Things (IoT) and AI.

Learn more

Hack me if you can episode 2【Secure your cloud service to prevent information leakage】

Security professional Chi On will share the security tips of configuring a secure cloud and how to ensure cloud security

Transcript

Hack me if you can episode 1【Security of Remote work and Video Conferencing】

In this episode, you can learn how to protect yourself when working remotely. It includes the benefits of data encryption and the security tips for remote working as well as the video conferencing

Transcript

Hong Kong Computer Emergency Response Team Coordination Centre

Centre for coordination of computer security incident response for local enterprises and Internet Users

Facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness

Learn more

What Are You Looking for

Highlights

Apple Products Multiple Vulnerabilities

Published on 10 Feb 2021

Google Chrome Remote Code Execution Vulnerability

Published on 8 Feb 2021

Apple Products Multiple Vulnerabilities

Published on 27 Jan 2021

End-of-Support for Adobe Flash Player after 31 December 2020

Published on 16 Dec 2020

Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately

Published on 8 Dec 2020

Personal VPN Security Guideline

Published on 24 Nov 2020

Enterprise VPN Security Guideline

Published on 9 Nov 2020

HKCERT proposes 10 measures to secure Zoom Meetings

Published on 2 Apr 2020

Our Core Services

Security Alert Monitoring and Early Warning

Monitor security vulnerability and development of viruses & worms. When necessary, we issue alerts to warn the public to mitigate the impact of these threats.

Learn More

Incident Report and Response

Provide free 24-hour hotline services for incident reporting and give advice on incident response and recovery. All the reported incidents will be kept confidential. For cross-border incidents, we can seek assistance from overseas CERT teams.

Learn More

Publication of Security Guidelines and Information

Publish security alerts, security guidelines, infosec express and news on our web site. We also publish monthly security newsletter to subscribers. The information is provided in both English and Chinese

Learn More

Promotion of Information Security Awareness

Organize free seminars and briefings to promote information security awareness among the general public.

Learn More

Security Bulletins

25 Feb 2021

VMWare Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in VMware products, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and information disclosure. Notes: Proof Of Concept Exploit Code Is Publicly Available for CVE-2021-21972

RISK: High Risk

24 Feb 2021

Mozilla Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Mozilla products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

RISK: Medium Risk

23 Feb 2021

Python Multiple Vulnerabilities

Multiple vulnerabilities were identified in Python, a remote attacker could exploit some of these vulnerabilities to trigger spoofing and remote code execution on the targeted system.

RISK: Medium Risk

3 Feb 2021

SonicWall Zero-day Security Restriction Bypass Vulnerability

A vulnerability was identified in SonicWall, a remote attacker can exploit this vulnerability to trigger security restriction bypass on the targeted system. [Update 2021-02-04]: Updated Security Advisory link and CVE [Update 2021-02-23]: Additional SMA 100 10....

RISK: High Risk

23 Feb 2021

F5 BIG-IP Multiple Vulnerabilities

Multiple vulnerabilities were identified in F5 BIG-IP, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and cross-site scripting on the targeted system.

RISK: Medium Risk

19 Feb 2021

ISC BIND Denial of Service Vulnerability

A vulnerability was identified in ISC BIND, a remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system.

RISK: Medium Risk

9 Dec 2020

OpenSSL Denial of Service Vulnerability

A vulnerability was identified in OpenSSL, which could be exploited by attackers to trigger denial of service on the targeted system.

RISK: Medium Risk

19 Feb 2021

IBM WebSphere Application Server Sensitive Information Disclosure Vulnerability

A vulnerability was identified in IBM WebSphere Application Server, a remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.

RISK: Medium Risk

17 Feb 2021

Google Chrome Multiple Vulnerabilities

Multiple vulnerabilities were identified in Google Chrome, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.

RISK: Medium Risk

17 Feb 2021

Linux Kernel Multiple Vulnerabilities

Multiple vulnerabilities were identified in Linux Kernel, a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

RISK: Medium Risk

Featured Security Blog

End-of-Support for Adobe Flash Player after 31 December 202016 Dec 2020

Case Study on Bitcoin Scam Incident - A Combined Social Engineering and Privilege Escalation Attacks17 Nov 2020

Identity Theft Protection for Social Media and Instant Messaging Accounts28 Oct 2020

Ransomware: Double Extortion Attacks Continued - Intrusion via Exploiting VPN Gateway Vulnerability13 Oct 2020

HKCERT Releases New Study to Raise Security Awareness of ZigBee Devices

HKCERT Releases New Study to Raise Security Awareness of Wi-Fi Devices

Enterprise VPN Security Guideline

Events / Trainings

FEATURED

Information Security Summit 2021

9 Mar 2021 - 10 Mar 2021

Time: 09:00 – 18:00 Venue: Live Webinar, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon

Learn More

23 Dec 2020

Cyber Security Competition 2020/21

9 Mar 2021

Information Security Summit 2021

Time: 09:00 – 18:00 Venue: Live Webinar, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon

15 Mar 2021

Cyber Threat Intelligence Workshop Series - Foundation

Time: 09:00 - 18:00 Venue: Online Broadcast (HKPC Live)

18 Mar 2021

Securing Your E Commerce Web Application Against Cyber Threats Training

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

Statistics

The figure for each type of cyber attack is aggregated by the security incident reported to us. This dataset starts from Jan 2018 to current month. To learn more, please click here.

13110

Botnet

8511

Phishing

4588

Malware

144

Web Defacement/Intrusion

107

Distributed Denial-of-service

2043

Others