Hong Kong Computer Emergency Response Team Coordination Center

Suspicious Email Detection System (V@nguard) is now available!

Suspicious Email Detection System ([email protected]) is now available!

The Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force joined hands with the University of the Hong Kong (HKU), and the associations representing small and medium-sized enterprises (SMEs), to promote an anti-email scam project named e-GUARD to the business sector through a multi-agency approach. Under Project e-GUARD, a Suspicious Email Detection System named [email protected], is co-developed by the CSTCB and the HKU to facilitate local SMEs in detecting suspicious emails from daily business communications automatically and protecting them from email scams. Currently, [email protected] only operates on email server running on Linux operating system.

Learn more

Introducing the New “Fight Ransomware” Webpage

To keep pace with the changes in ransomware attacks, HKCERT recently consolidated the ransomware attack techniques, prevention and handling procedures to create a new dedicated “Fight Ransomware ” webpage.

Learn more

Introducing "Check your Cyber Security Readiness" Online Assessment Tool

• Improved user experience
• Enhanced usability
• Better reporting

Learn more

All 4 episodes of the 【Hack me if you can】animation series are now available

Focusing on hacker Ah Keung’s repeated attempts to hack into SME owner Ah Chun’s systems, and how Chun’s friend, Chi On, helps repel the attacks, the stories are light-hearted and down-to-earth.

Learn more

HKPC Urges Enterprises for Cyber Security Strategy for the New Normal and New Technologies

The Hong Kong Productivity Council (HKPC) today urged enterprises to quickly put in place cyber security strategy for the new normal and new technologies, in order to combat an anticipated surge in cyber attacks in 2021 arising from accelerated digital transformation amid the COVID-19 pandemic and the use of emerging technologies such as 5G communications, Internet of Things (IoT) and AI.

Learn more

Hong Kong Computer Emergency Response Team Coordination Centre

Centre for coordination of computer security incident response for local enterprises and Internet Users

Facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness

Learn more

What Are You Looking for

Highlights

Adobe Monthly Security Update (January 2022)

Published on 12 Jan 2022

Microsoft Monthly Security Update (January 2022)

Published on 12 Jan 2022

Business as Usual under COVID-19 with Sound “Work from Home” Cyber Security

Published on 10 Jan 2022

Secure Use of QR Code

Published on 7 Jan 2022

Beware of Cyber Security Risks from Online Shopping and Long Holiday

Published on 21 Dec 2021

OWASP Top 10-2021 is Now Released

Published on 4 Oct 2021

“HKT Hong Kong Enterprise Cyber Security Readiness Index 2021” Up 2.7 Points to 49.6 Both Enterprises and Employees Are Urged to Strengthen Cyber Security Awareness to Defend Against Cyber Attacks Amid Rampant Phishing Emails

Published on 29 Sep 2021

HKCERT Urges Microsoft Windows Users to be Vigilant Against Malicious Exploit of Critical Vulnerability

Published on 15 Sep 2021

Introducing “Check Your Cyber Security Readiness” Online Self-Assessment Tools

Published on 7 Sep 2021

Our Core Services

Security Alert Monitoring and Early Warning

Monitor security vulnerability and development of viruses & worms. When necessary, we issue alerts to warn the public to mitigate the impact of these threats.

Learn More

Incident Report and Response

Provide free 24-hour hotline services for incident reporting and give advice on incident response and recovery. All the reported incidents will be kept confidential. For cross-border incidents, we can seek assistance from overseas CERT teams.

Learn More

Publication of Security Guidelines and Information

Publish security alerts, security guidelines, infosec express and news on our web site. We also publish monthly security newsletter to subscribers. The information is provided in both English and Chinese

Learn More

Promotion of Information Security Awareness

Organize free seminars and briefings to promote information security awareness among the general public.

Learn More

Security Bulletins

19 Jan 2022

Oracle Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Oracle Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass, sensitive information disclosure and data manipulation and on the targeted system.

RISK: Medium Risk

12 Jan 2022

Microsoft Monthly Security Update (January 2022)

Microsoft has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Windows High Risk Elevation of Privilege Remote Code Execution Denial of Service Information Disclosure Spoofing Security Restriction Bypass Proof of concept exploit...

RISK: High Risk

18 Jan 2022

NetApp Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in NetApp Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and data manipulation on the targeted system.

RISK: Medium Risk

18 Jan 2022

Linux Kernel Multiple Vulnerabilities

Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, sensitive information disclosure and data manipulation on the targeted system.

RISK: Medium Risk

17 Jan 2022

Juniper Junos OS Elevation of Privilege Vulnerability

A vulnerability was identified in Juniper Junos OS. A remote attacker could exploit the vulnerability to trigger elevation of privilege on the targeted system.

RISK: Medium Risk

14 Jan 2022

Apple Products Denial of Service Vulnerability

A vulnerability was identified in Apple Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

RISK: Medium Risk

14 Jan 2022

Citrix XenServer Denial of Service Vulnerability

A vulnerability has been identified in Citrix XenServer. A attacker can exploit the vulnerability to trigger denial of service condition on the targeted system.

RISK: Medium Risk

14 Jan 2022

GitLab Multiple Vulnerabilities

Multiple vulnerabilities were identified in GitLab, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, security restriction bypass and spoofing and cross-site scripting on the targeted system.

RISK: Medium Risk

14 Jan 2022

Juniper Junos OS Multiple Vulnerabilities

Multiple vulnerabilities were identified in Juniper Junos OS, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, security restriction bypass, elevation of privilege and sensitive information disclosure on the targeted system.

RISK: Medium Risk

13 Jan 2022

F5 Products Information Disclosure Vulnerabilities

Multiple vulnerabilities were identified in F5 products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure on the targeted system.

RISK: High Risk

Featured Security Blog

Business as Usual under COVID-19 with Sound “Work from Home” Cyber Security 10 Jan 2022

Secure Use of QR Code7 Jan 2022

Beware of Cyber Security Risks from Online Shopping and Long Holiday21 Dec 2021

HKCERT Urges Local IT Users to Patch Apache “Log4j” Vulnerability ASAP16 Dec 2021

HKCERT Releases New Study to Raise Security Awareness of ZigBee Devices

HKCERT Releases New Study to Raise Security Awareness of Wi-Fi Devices

Enterprise VPN Security Guideline

Events / Trainings

Cyber Security Certification | CISSP® – Certified Information Systems Security Professional Official Training (2021 New Version)

11 Jan 2022 - 19 Jan 2022

Time: 09:00 - 18:00 Venue: Zoom, 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

Learn More

17 Feb 2022

Pentest "Kungfu" - Advanced Cyber Security Exploit Workshop

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

17 Mar 2022

Python "Kungfu" for Cyber Security Testing, Threat Intelligence and Automation

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

24 Mar 2022

Securing Your E-Commerce Web Application Against Cyber Threats Training

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

7 Apr 2022

Elementary Coding and Application Security for Newcomers Training

Time: 09:30 - 17:00 Venue: 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

Statistics

The figure for each type of cyber attack is aggregated by the security incident reported to us. This dataset starts from Jan 2018 to current month. To learn more, please click here.

16338

Botnet

11908

Phishing

4693

Malware

162

Web Defacement/Intrusion

117

Distributed Denial-of-service

2392

Others